Back
SSH
3 min read

Using SSH for Secure Remote Access

  • Nexto
  • Author Nexto
  • Published 1 August 2024

Introduction

SSH (Secure Shell) is a protocol that allows secure remote login and other network services over an unsecured network. This tutorial will show you how to use SSH to connect to remote servers securely.

Prerequisites

  • A remote server with SSH access.
  • SSH client installed on your local machine (usually pre-installed on Linux and macOS).
Step 1: Install SSH Server on Remote Machine (if necessary)

On the remote server, ensure that OpenSSH Server is installed:

sudo apt update
sudo apt install openssh-server -y
Step 2: Find the Server’s IP Address

On the remote server, find its IP address:

ip addr show

Look for the inet address under the network interface (e.g., eth0).

Step 3: Connect to the Remote Server

From your local machine, open a terminal and connect using SSH:

ssh username@server_ip

Replace username with your remote server’s user and server_ip with the IP address.

Step 4: Accept the Host Key

On the first connection, you’ll be asked to confirm the server’s fingerprint:

The authenticity of host 'server_ip' can't be established.
Are you sure you want to continue connecting (yes/no)?

Type yes and press Enter.

Step 5: Enter Password

You’ll be prompted to enter the password for the user account.

Step 6: Using SSH Keys for Authentication (Recommended)

Generate an SSH key pair on your local machine:

ssh-keygen -t rsa -b 4096

Press Enter to accept the default file location and optionally set a passphrase.

Copy the public key to the remote server:

ssh-copy-id username@server_ip

Alternatively, manually copy the contents of ~/.ssh/id_rsa.pub to the remote server’s ~/.ssh/authorized_keys file.

Step 7: Disable Password Authentication (Optional)

For enhanced security, you can disable password authentication:

  • Edit the SSH configuration file on the remote server:
sudo nano /etc/ssh/sshd_config
  • Set the following parameters:
PasswordAuthentication no
ChallengeResponseAuthentication no
  • Restart SSH service:
sudo systemctl restart sshd
Step 8: Secure SSH Configuration

Additional security measures:

  • Change the default SSH port (e.g., to 2222):
Port 2222

Remember to update firewall rules accordingly.

  • Allow specific users:
AllowUsers your_username

Conclusion

You have learned how to use SSH for secure remote access, including setting up key-based authentication and securing the SSH server configuration.

Nexto
Nexto
Next Post
Guide to Using Git for Version Control