SSH (Secure Shell) is a protocol that allows secure remote login and other network services over an unsecured network. This tutorial will show you how to use SSH to connect to remote servers securely.

Prerequisites

• A remote server with SSH access.
• SSH client installed on your local machine (usually pre-installed on Linux and macOS).

Step 1: Install SSH Server on Remote Machine (if necessary)

On the remote server, ensure that OpenSSH Server is installed:

sudo apt update
sudo apt install openssh-server -y

Step 2: Find the Server’s IP Address

On the remote server, find its IP address:

ip addr show

Look for the inet address under the network interface (e.g., eth0).

Step 3: Connect to the Remote Server

From your local machine, open a terminal and connect using SSH:

ssh username@server_ip

Replace username with your remote server’s user and server_ip with the IP address.

Step 4: Accept the Host Key

On the first connection, you’ll be asked to confirm the server’s fingerprint:

The authenticity of host 'server_ip' can't be established.
Are you sure you want to continue connecting (yes/no)?

Type yes and press Enter.

Step 5: Enter Password

You’ll be prompted to enter the password for the user account.

Step 6: Using SSH Keys for Authentication (Recommended)

Generate an SSH key pair on your local machine:

ssh-keygen -t rsa -b 4096

Press Enter to accept the default file location and optionally set a passphrase.

Copy the public key to the remote server:

ssh-copy-id username@server_ip

Alternatively, manually copy the contents of ~/.ssh/id_rsa.pub to the remote server’s ~/.ssh/authorized_keys file.

Step 7: Disable Password Authentication (Optional)

For enhanced security, you can disable password authentication:

• Edit the SSH configuration file on the remote server:

sudo nano /etc/ssh/sshd_config

• Set the following parameters:

PasswordAuthentication no
ChallengeResponseAuthentication no

• Restart SSH service:

sudo systemctl restart sshd

Step 8: Secure SSH Configuration

Additional security measures:

• Change the default SSH port (e.g., to 2222):

Port 2222

Remember to update firewall rules accordingly.

• Allow specific users:

AllowUsers your_username

Conclusion

You have learned how to use SSH for secure remote access, including setting up key-based authentication and securing the SSH server configuration.