SSH is one of the most important tools for a Linux network administrator. It allows you to connect to servers and other workstations remotely, and work on them from within your favorite terminal emulator—all from the comfort of your desk. While SSH might not be the perfect tool for every situation, it's one of those that you won't be able to imagine life without, once you start using it.
In this chapter, we explore SSH and cover the following topics:
- Using OpenSSH
- Installing and configuring OpenSSH
- Connecting to network hosts via openssh-client
- The OpenSSH config file
- Understanding and utilizing
scp - Transferring files to another node via
scp - Tunneling traffic via SSH
- Generating public keys
- Keeping SSH connections alive
- Exploring an alternative to SSH – utilizing Mosh (mobile shell)
SSH, or Secure Shell, is a very handy utility. SSH is not an absolute requirement for performing tasks in your server room, but it is one of those things that will make your life a lot easier. With SSH, you are able to execute commands on a different Linux machine as though you were sitting right there in front of it. Sure, you could always walk into your server room, grab the keyboard, and start working, but nowadays remote administration is the name of the game. This is especially true if it's your turn to be on call and an issue comes up at the office. Depending on the nature of the issue, SSH may allow you to fix the problem from home (or even on your smart phone) without having to make the trek all the way to your company's server room. That's not all; SSH also allows you to copy files from one machine to another and set up an actual storage mount to a directory on a server, which can be treated, on your workstation, like the directory were a local part of your filesystem.
The concept of connecting to a remote host and opening a command shell is not new, and SSH is not the first to do it. Other solutions, such as telnet or rlogin, have existed for quite a while. What makes SSH desirable is that it is more secure than earlier technologies, as communication is encrypted. There are two protocols for SSH, protocol 1 and protocol 2. Protocol 1 should not be used under any circumstances, as it is no longer secure. Traffic sent between two hosts utilizing protocol 1 could be intercepted by an attacker. We will discuss this aspect of SSH in Chapter 9, Securing Your Network, but for now I want to make sure that you understand that you shouldn't use an SSH connection with protocol 1. You should not offer protocol 1 to any of your hosts. Nowadays, protocol 2 is the default.
By default, SSH uses port 22 to communicate. If this port is blocked by a firewall, you will not be able to connect. This is extremely common in Windows-centric businesses, since SSH is more common in the Linux/UNIX world. By changing the configuration of the SSH server, you can configure it to listen on any port you like. While we won't get into how to configure this just yet (we'll discuss this in Chapter 9, Securing Your Network), it's mentioned here because it's important to note that you may run into a situation where you aren't able to connect to an SSH server, for example, when the port is either closed or has been changed to a different one.
Although I mentioned that learning SSH isn't actually required to perform tasks on a server or workstation, it is highly recommended that you spend time to learn it. Not only do companies that utilize Linux servers expect you to know it, you won't want to miss out on its advantages. Thankfully, as useful as SSH is, it's by no means difficult to learn. You could easily learn the most basic functionality in five minutes, or advanced usage within a week.