Friday, November 28, 2014

Setting up SSH in your Linux box

I start here a series on methods to connect remotely to your Linux machine. To start with, regardless of what method you are going to use, you will have to watch out with any firewall setup between the client and the server. Linux uses iptables to decide what to do with a packet. Mint has a firewall software based on them, that allows to setup the rules easier, called ufw (or gufw for the graphical version). To begin, if you are disconnected/isolated from the Internet and want to start playing with the below, you may want to simply turn it off. This is just to get things running... of course, turn it on later. For a guide on gufw please see this.

So, back to the different methods, let's start here by SSH (Secure Shell) which allows for probably the lowest mode of interaction but it is encrypted. A quick way to describe it is that it looks like telnet... Nevertheless, we will see later that it does allow you to export a graphic terminal into the machine. Basically SSH would take care of the security of the data, regardless of what that data is.
  1. Note: ssh can be used to set up the server/daemon or to connect somewhere else, as a client. Here we are interested in the server as I want to do the connection from a Windows PC... 
  2. See link and scroll down for SSH instructions.
  3. The instructions above are not great, so, I'll try to recreate them here quickly... You can check in this directory /etc/init.d to see if ssh is there. If not, you got to install it: sudo apt-get install openssh-server. More instructions here
  4. Use sudo service ssh start (or stop, or restart, or status) to control ssh. Doing ssh in the init.d didn't work for me... One thing to notice is that once installed, the server will remember and at boot, it'll be there already...
  5. Use ps -A | grep ssh to see if the daemon is running.
  6. Use sudo nmap localhost to see if there is a port open for SSH. This is limited to the first 1000 ports. If you want to see beyond that use, for instance, sudo nmap -p 1-50000 localhost. nmap may not list it as ssh but as whatever it thinks it should be, though. Depends on how deep (check options) you want it to check. To check what it is, you better use something like sudo nmap -sV -p 22000-22010 localhost (in this case narrow it down to 22000 to 22010) and you may get what the port reported (you may see there OpenSSH...). Note: there is a graphical version called Zenmap.
  7. A link on the use of ssh, good one for more security (basically change the default port). Usually the port is 22 but you can change it on the config file (sudo subl /etc/ssh/sshd_config). Notice that we use sshd_config and not ssh_config (for the client). See here
  8. How to check if ssh is running on a remote machine.
  9. How to use ssh to tunnel your information (send in a way that the middle man can't see/touch it).
  10. How to generate keys so that one doesn't need the password to login.
  11. ssh options 
  12. ssh-keygen is a utility that creates a public key. ssh-keygen -lf filename shows the key. In our case, we just go to the /etc/ssh and type ssh-keygen -lf ./ That will show us the key. When we first login from Windows with PuTTY it will ask us if that server is trustworthy and show us the key, which should match the above.
  13. Finally download Windows PuTTY and connet to the Linux machine. It should look like a terminal window... If you try to get graphics (for instance, launching an app with graphical interface, like typing vino-preferences), you'll get an error back saying "Could not open X display".
  14. Note: as described above, if you got gufw ON, then remember to add a rule to let whatever port you opened for SSH pass. 
  15. If you want to have the capability of having several screens corresponding to the same terminal window, you can install Screen. Very quick to get a handle of. See tutorial here. Quick reference:
    1. Once you type screen in your ssh, you are inside screen (looks like normal terminal)
    2. ctrl+a sends a message to Screen saying that the next character is a command. Typical commands are ? (for list of commands), n (for next screen) and a number (to go to the right screen (when you do that you see below the list of screens).
    3. type exit to quit
So, there you go! On the next post, we will talk about how to get programs with graphical interfaces going...

Good luck!

No comments:

Post a Comment