OpenSSH comes in two pieces, the client application and the server application. It's likely that the client application is installed by default in your distribution. The client allows you to connect to other nodes via SSH, but having the client alone doesn't allow others to connect to you. If you want to access a machine via SSH, that machine must also have the SSH server application installed. Your chosen distribution may have the server application installed by default, but most don't. This is due to security—unless you absolutely need to have an application running and listening for connections, it should be absent. The fewer applications, the smaller the attack surface someone could use against you.
In Debian, SSH server is an option during the installation process. If selected, the server application of SSH will be present and will start by default. To check whether the SSH server package is installed on a Debian system, execute the following command:
aptitude search openssh-server
In the output, if the first character is i, then the package is installed. You can check whether the sshd service is running with the following command:
ps ax | grep sshd
If the service isn't running, you can start it by executing the following command on Debian:
# systemctl start ssh.service
On Debian, you can check the status of the SSH service by executing the following command:
# systemctl status ssh.service
If it's running, the output should include active (running):
If your system doesn't have the SSH server package installed, you can install it with the following command:
# apt-get install openssh-server
After you've installed the package, check the status of the service with the following command to see if it's enabled:
systemctl status ssh.service
Otherwise, it won't start automatically the next time you boot the machine.
In CentOS, you also use the systemctl command in order to check the status of the SSH service, though the daemon is named a bit differently:
systemctl status sshd.service
In the previous command in Debian, the service was named ssh.service. In CentOS, it's named sshd.service. In CentOS, both the client and server packages for SSH are installed by default, so you should already have them as soon as your CentOS system finishes installation. If you don't have the package installed for some reason, you can install it via yum:
# yum install openssh-server
After installation, ensure that the service is enabled by checking the status:
systemctl status sshd.service
If the SSH service is not in an enabled state (start on boot), execute the following command:
# systemctl enable sshd.service
Now that SSH is installed on your machines, we're ready to start using it.
For this experiment, you'll need at least one Linux installation with the SSH server active, and another with at least the SSH client installed. For the client, you'll need to either install the openssh-clients package in CentOS, or the openssh-client package in Debian. The client package for SSH is installed by default on both, so you shouldn't need to install it unless the package was removed. For this activity, it doesn't matter which distribution is on the server or the client end of the connection. Feel free to mix it up.
Next, all we need is to record the IP addresses of the node we wish to connect to. Regardless of the distribution, you should be able to discover the IP address by executing the following command:
ip addr show
To connect to that machine via SSH, execute the ssh command against the IP address of the host. For example, if the host you want to connect to has an IP address 192.168.1.201, execute the following command:
ssh 192.168.1.201
As long as your username is the same on both sides, that command should ask for your password and then let you in. If your username is different on the host you're attempting to connect to, add the appropriate username to the command like this:
With SSH, you can connect to another Linux installation using any username that exists there, as long as you know the password for it. In fact, depending on how the distribution was configured by the vendor, you may even be able to log in directly as root. In CentOS, root login is enabled by default. In Debian, root login via SSH is not allowed unless you're using an RSA key (we'll discuss this in Chapter 9, Securing Your Network). Although we'll discuss more about security (including how to allow/disallow users) in that chapter, for now it's important to understand that allowing root access to a system via SSH is a very bad idea; I hope that you'll keep this disabled on production servers and workstations. If you wish to disable root access now, go to the relevant section of Chapter 9, Securing Your Network, and then come back here.
SSH also allows you to specify a host name rather than an IP address. In fact, host names are the preferred method since it's difficult to memorize IP addresses if you have a great number of machines in your network. SSH itself doesn't resolve host names; it relies on DNS for that. If the DNS server on your network has an A (address) record for the machine you wish to connect to, you should be able to use the host name instead of the IP address:
ssh jdoe@chupacabra
Note
If the machine doesn't have a DNS entry in your network, or if you have yet to set up a DNS server, don't worry. We'll discuss setting up our very own DNS (bind) server in Chapter 6, Configuring Network Services.
Another important aspect of connecting to a host is specifying a port. As mentioned earlier, the default port is 22. If you don't specify a port, then port 22 is assumed. If you need to specify a different port, you can do so with the -p flag, as follows:
ssh -p 6022 jdoe@chupacabra
After a successful connection, you should have a command prompt to a shell on the target machine. From here, you can install packages, manage users, configure the network, or do anything else that you'd be able to do if you were able to log in to the machine in person. Your only limit is whatever permissions your user has to the system. If it's a machine that belongs to you, or one that you set up yourself and you know the root password for, you can literally do anything you want. If the machine belongs to someone else, you might have permission to modify your local home folder only. Either way, you successfully connected to a machine using SSH. The remaining sections of this chapter, as well as Chapter 9, Securing Your Network, will expand on this basic knowledge.