SSH Is For Dummies Too!

If you’ve been hanging around the Linux ecosystem for any length of time, you’ve most likely heard about SSH. For those who may not already know, SSH is a secure shell that allows you to log into any computer, anywhere in the world, that is running an SSH server. You might think that it’s just for system administrators and serious Linux nerds, though. Wrong! SSH is actually super easy to get setup and it can be a very powerful tool, even if you only have two computers running on a small home network. Once you get the hang of using it, you may find yourself wondering how you ever got along without it.

I’m going to show you how easy it is to get started with SSH in this article and I demonstrate most of what I’m going to write about here in the corresponding video. Barring any unforeseen weirdness with your network, you should be able to get useful work done with SSH in just a few minutes.

SSH SERVERS AND CLIENTS

Before we get down to the nitty-gritty about the hows, whys and wherefores of setting up SSH, let’s take a moment to talk about how it works. Pretty much every Linux distribution includes the SSH Client software by default. Therefore, you don’t need to install anything to start connecting to computers running the OpenSSH server. All you need is a terminal and a connection to the network you’re accessing. That could be your local network or the entire Internet. So, just, for example, you’d issue a command that looks something like this to get into a remote machine:

ssh joe@remote-host.com

Your SSH client would then “shake hands” with the SSH server on the remote machine and exchange security keys that would be used to set up an encrypted connection. Once the hand shake is complete and your credentials are cleared, your prompt will change to your user name and the name of the remote machine. Effectively, it is just exactly the same as if you were sitting in front of a terminal hooked to that machine but the machine just might be half way around the world! Note that the above example assumes that the remote machine has a domain name and is publicly available.

There are several ways of reaching out to remote machines. You could use the IP address of the machine connecting to over the Internet:

ssh joe@72.218.203.xxx

If you were logging into a machine on your own network, you could enter the following:

ssh joe@192.168.0.xx

You can drop the user name if you have an account already setup on the host machine with the same user name as the one you’re logging in from. You can also just enter the host name of the machine, if your local network is setup to do so, foregoing the need to type in the local IP address that is assigned to the machine by your router.

ssh HP-Laptop

You’re in! Now what? Anything you want to! SSH won’t just let you issue commands in a terminal, though. You can easily transfer files from the remote computer to your local machine and vice-versa. You can also run applications that usually need a graphic environment to work properly without having to set up more complicated screen sharing applications.

LET”S GET STARTED!

The first thing you will need to do is get the OpenSSH server installed and up and running on your local machine. This is quite easily done. Just install a package called ‘openssh-server’ from your distro’s repositories. It’s like this for Ubuntu based Linux:

sudo apt install openssh-server

The server will install itself, generate secure keys and then start itself with no input from you at all. If it does not start automatically, you can take the easy way out and reboot the machine to get it going.

You can check to see that all is working properly by logging in to the machine your currently working on. If your machine’s host name is MyBox, for instance, you’d issue:

ssh MyBox

SSH will ask you if you really want to do this, you then will answer ‘yes’ and it will exchange keys. You then will be logged in a second time through SSH to the same machine you’re already logged into. Yeah, I know, that sounds strange to me too. Logout of the SSH session by typing ‘exit

Now, you can go to another machine on the network and try logging in from there. The first thing you’ll need to do is determine the IP address of the machine you want to log into. You can run the ‘ifconfig’ command on that machine first and it will tell you what the local IP address is. Look for the name of the wired or wireless device and the look for something that looks like this:

inet addr:192.168.0.xx

Most of us run network routers that use DHCP to issue each device on the network a local IP address. That address will stay the same as long as other devices aren’t added to the network but they are prone to change. You could setup static IP{ dresses for your local network on each machine you run or you can also setup your router to use a static IP lease for devices. Telling you how to do those things is beyond the scope of this article but you really don’t need to if you plan on using them casually from time to time. You just need to know how to find the drives on your network.

You can install a little tool called arp-scan that will list all the local IP addresses that are currently assigned by DHCP. The command is:

sudo arp-scan –localnet

Note that that will be two -’s before ‘localnet.’ How much useful information you get will depend on how your network is setup but the main thing you’re looking for is other machine’s IP addresses. If you only have a few then you can just try logging into each one to find out the host name if your network isn’t configured to allow host names to be logged into directly. It goes without saying that you can certainly configure your own network to do whatever you please but it does require time and effort, so how deeply you want to go into it is up to you.

CONFIGURING SSH

If all goes well, you may not need to configure anything in SSH to get it going. The default configuration works great for small networks. However, you may have to change a few things. SSH uses port 22 to listen on the network and some small home network routers block port 22 for extra security. If you have a firewall on your computers than you’ll most likely need to make an exception for port 22. You can also configure SSH to use a different port or issue commands in with SSH to temporarily switch ports. I’m not going to get into all of that here but you can search the Internet for lots of great SSH related documentation that explains how to do those things a lot better than I can.

It is also worth noting that SSH can be configured to ignore password based logins and rely on manually exchanged security keys alone. This means that you won’t have to type your password in and it also enhances security because no one else will be able to brute-force their way into your SSH enabled computer unless they already have the right keys. Once again, whether you want to take the time to do this is up to you.

SSH MEETS X

We’ve all seen Remote Desktop Programs that let you login to a remote machine and access a running desktop. VNC, TeamViewer and Window’s embedded RDP application are just a few examples. These apps are cool but can be a bit complex and may involve your data going through a third-party server somewhere. SSH allows you to go beyond the confines of the command line by allowing you to remotely run programs that require the Xorg Display Manger. No, it’s not the whole desktop but you’d be surprised at how useful being able to run a GUI app through SSH can be. Xorg, also known as X11 or just plain X, is a server/client style display server. The X server issues commands to the client and the client actually draws them on your screen. The division between the two functions might not seem like such a good idea for one local machine but, when you combine remote access with the ability to split these two display functions up, it becomes readily apparent that there are a lot of cool possibilities.

X forwarding can be activated at login with SSH by adding -X or -Y to the command like this:

ssh -X 192.168.0.15

Once logged into the remote machine, you can now issue commands to start applications that need X. Go on, type in ‘firefox’ and you see the browser open on your local desktop BUT it’s not your local Firefox installation, it’s the one on the remote machine. You can do the same with file managers, system monitoring tools, email clients and pretty much any other graphically oriented program.

There are limitations, though. If the program needs advanced graphics capabilities like accelerated direct hardware access then it’s not going to work very well through SSH. That means things like games and video players aren’t going to work. Google Chrome relies heavily on hardware acceleration and doesn’t work well through SSH at all. Plus, sound is not forwarded through SSH as it is with some RPD apps. You can make things go a bit faster by turning off the encryption for X commands on a trusted network. Simply replace -X with -Y (yes, capitalized) and then the X info will go as fast as the network will allow.

I have noticed that sometimes when I use SSH with X forwarding that it hangs when I logout of the session. No worries. Just use Ctrl+C to stop the SSH client and you’ll be back to your regular prompt.

SSH can be combined with other programs to make full desktop forwarding possible, though. For this discussion, we are going to just focus on the basics. For most folks who would use SSH on a home network, terminal access and the ability to run light X apps is more than enough to get things done.

TRANSFERRING FILES WITH SSH

One the big reasons you might want to use SSH on a home network is to transfer files safely and securely between machines. Let’s face it, Samba can be a real pain in the ass to setup but you don’t need it with SSH up and running. The command that you’ll use in SSH to copy files is Secure Copy or scp. If I wanted to copy a file from my local machine’s desktop to a remote machine’s Documents folder, it would look something like this:

scp ~/Documents:~/Desktop/myfile.file joe@192.168.0.15

The scp command would ask for my password and then create a copy of myfile.file in the Documents folder of the remote machine.

If I wanted to do the same thing but it was a folder full of files I wanted to copy:

scp -r ~/Documents:~/Desktop/myfile.folder joe@192.168.0.15

Anyone who is familiar with all the ins and outs of using the cp command will know where to take it from here. The nice thing is that scp works both ways so you can retrieve files from the remote machine, too. Secure Copy is quite capable of moving large chunks of data through a network. You can confidently start it copying your entire music collection and leave it to its own devices. It will dutifully keep you informed as to its progress and warn you if there are any errors.

ONLY THE BEGINNING

What I have told you here is just the tip of the iceberg when it comes to SSH. SSH is a universally accepted protocol. It will run on any computer no matter what Operating System and it is the prime means of administrating servers. You can rent yourself a server in the cloud for a modest monthly fee and do with it what you will. You will use SSH to access that server and you can elect to install a desktop and more advanced RDP software to make it a fully functional remote machine, ready to do your bidding.

There are so many things you can do with SSH that I want to close this article with a few real world scenarios for those who are still saying to themselves, “Yeah, that’s cool but I have no use for it.”

1. You notice that a bunch of important security updates have been released and so you want to go around to all of your machines and make sure they get installed. People are using those machines and you can’t get to them unless you tell those folks to let you login for a minute which just may cause drama and discord. Plus, your Mom is running Linux and she lives on the other side of town. She knows how to run the update manager but you’d like to just do it yourself without calling her because she’ll then want to talk for an hour. No big deal. Use SSH to log into the machines on your network and install the updates without ever bothering anyone who is using the machines at all. Chances are, they will never know you did it. Log into Mom’s machine the same way. Update everything. She won’t know it ever happened.

2. You’re working on a project on your main machine and you remember that there’s a file on your laptop that you need. Your significant other is watching Netflix on your Laptop and you’d rather not bother them. More discord and drama possibilities. Same deal. SSH into that machine, snatch a copy of the files you need with scp and logout

3. You change your e-mail password and need to update each copy of your e-mail client. You want to get it done all at once. No problem. SSH into each machine, open the client, change the password. Done.

4. You find a nifty piece of software and you’d like to add it to all of the machines you have on your network plus your Mom’s machine. You got it. SSH into each one, install and configure the software and never leave your chair. You are the man.

5. You’ve told your kid to get off the computer and go to bed. You notice that you still hear the game music playing as you pass his/her bedroom door. Log into the machine with SSH and issue ‘sudo poweroff’ in the terminal. The machine will immediately shut down. When he/she whines to you about how the machine quit working in the middle of the game and they lost all of their points, you can tell them that you had already told them to log off so you shut the machine down and they should do what you say next time to avoid the same thing happening again. You are a good parent.

My work is done. You’re ready to go play with SSH.

Have fun! 🙂

Joe Collins

Joe Collins worked in radio and TV stations for over 20 years where he installed, maintained and programmed computer automation systems. Joe also worked for Gateway Computer for a short time as a Senior Technical Support Professional in the early 2000’s and has offered freelance home computer technical support and repair for over a decade.

Joe is a fan of Ubuntu Linux and Open Source software and recently started offering Ubuntu installation and support for those just starting out with Linux through EzeeLinux.com. The goal of EzeeLinux is to make Linux easy and start them on the right foot so they can have the best experience possible.

Joe lives in historic Portsmouth, VA in a hundred year old house with three cats, three kids and a network of computers built from scrounged parts, all happily running Linux.