SSH

Introduction

These are quick notes about SSH. SSH is useful for me as a way to connect to virtual machines.

Installation (on a Debian GNU/Linux system)

A SSH client (i.e. a program that you can use to connect to a SSH server) is probably installed by default (package openssh-client).

The SSH server (i.e. the program that must be running on a computer (or a virtual machine) to make SSH connections to this computer possible) may not be installed. You can install is as root with:

apt-get install openssh-server # As root.

Usage

Logging into the remote machine and executing commands

Just issue a command like the following to log in to the remote:

ssh username@192.168.122.250 # Use server IP address.

Then you can execute commands.

Copying files to and from the remote machine

Use the scp command. Examples:

scp file_on_local_machine username@192.168.122.250:/path/on/remote
scp username@192.168.122.250:/path/on/remote/my_file path/on/local

If scp doesn’t work as expected or hangs, It could be because shell initialization produces output for non-interactive sessions. See the OpenSSH FAQ (2.9).

Synchronizing directories over SSH with rsync

I use a command like the following to synchronize my ~/data directory on a remote machine with my ~/data directory on the local machine:

rsync -aAXv --delete ~/data/ 192.168.122.250:data

For a dry run, use option -n:

rsync -n -aAXv --delete ~/data/ 192.168.122.250:data

Check the rsync documentation. Rsync has a lot of options. You may, for example, prefer to use --update rather than --delete.

Server configuration

You may not need to tweak anything in the server configuration.

If you want to allow root password login, make sure you have the following lines in /etc/ssh/sshd_config.

PasswordAuthentication yes
PermitRootLogin yes

Note however that enabling root password login is not recommended in the general case as it leaves the server root account as a possible target for a brute force attack.

Let’s mention also X11 forwarding. If you have the following line in /etc/ssh/sshd_config, then X11 forwarding is enabled:

X11Forwarding yes

This makes it possible to run graphical applications on the remote machine but “see” them on the local display. But you have to use the -X option when launching the client:

ssh -X username@192.168.122.250 # Use server IP address.

After modifying file /etc/ssh/sshd_config, make sure you restart the server:

systemctl restart ssh # As root, on the remote machine.

Using public key authentication

Instead of password authentication, you may use public key authentication. For that you have to first generate your public/private key pair on your local machine with for example:

ssh-keygen -t rsa -b 2048

ssh-keygen requires a passphrase. It is possible to leave it empty but in this case the key is not encrypted and anyone obtaining your private key can use it.

The generated key pair is stored in ~/.ssh.

The next step is to copy the public key to the server with a command like:

ssh-copy-id username@192.168.122.250 # Use server IP address.