EDUCBA

Home Software Development Software Development Tutorials Network Security Tutorial OpenSSH

OpenSSH

Updated April 18, 2023

OpenSSH

 

 

Introduction to OpenSSH

OpenSSH is a set of tools for controlling and transferring data between networked machines via the internet. In this article. we will see some OpenSSH server application configuration options and how to change them on Ubuntu systems. OpenSSH is a free version of the Secure Shell (SSH) protocol suite of tools for controlling or transferring files between computers over the internet. Traditional technologies for doing these tasks, such as telnet or rcp, are insecure, transmitting the user’s password in clear text.

Start Your Free Software Development Course

Web development, programming languages, Software testing & others

OpenSSH is a server software and client software that allows for secure, encrypted remote control and file transmission, effectively replacing traditional tools.

The sshd component of the OpenSSH server component is always listening for client connections from any of the client tools. When a connection request is received, sshd establishes the appropriate connection based on the type of client tool that is connected. Many authentication mechanisms are supported by OpenSSH, including simple passwords, public keys, and Kerberos tickets.

How to Install OpenSSH?

The OpenSSH client and server apps are easy to set up. Use the following command at a terminal prompt to install the OpenSSH client programs on your Ubuntu system:

sudo apt install openssh-client

Use the following command at a terminal prompt to install the OpenSSH server application and necessary support files:

sudo apt install openssh-server

How to Configure OpenSSH?

By changing the file /etc/ssh/sshd config, you can change the default behaviour of the OpenSSH server application, sshd. You can visit the corresponding manual page for details about the configuration directives used in this file by using the following command at a terminal prompt:

man sshd_config

The sshd configuration file contains a number of directives that regulate things like communication settings and authentication modes. Examples of configuration directives that can be altered by modifying the /etc/ssh/sshd config file are listed below.
Make a copy of the original configuration file and protect it from writing before altering it. This way, you’ll have the original settings to refer to and reuse as needed.

Copy the /etc/ssh/sshd config file to a terminal prompt and secure it from writing with the following commands:
Make a copy of the original configuration file and protect it from writing before altering it. This way, you’ll have the original settings to refer to and reuse as needed.

Copy the /etc/ssh/sshd config file to a terminal prompt and secure it from writing with the following commands:

sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original
sudo chmod a-w /etc/ssh/sshd_config.original

Additionally, because losing an ssh server could mean losing access to a server, double-check the settings after making changes and before restarting the server:

sudo sshd -t -f /etc/ssh/sshd_config

Here are some examples of configuration directives that you can modify:

Change the Port directive in OpenSSH so that it listens on TCP port 2222 instead of the default TCP port 22:
2222 is the port number.

Simply add or alter this line in the /etc/ssh/sshd config file to make your OpenSSH server display the contents of the /etc/issue.net file as a pre-login banner: Banner /etc/issue.net

sudo systemctl restart sshd.service

Many other sshd configuration directives are available to modify the server application’s functionality to your specific requirements. However, if ssh is your sole mode of access to a server, and you make a mistake configuring sshd via the /etc/ssh/sshd config file, you may find yourself locked out after restarting the server.

SSH Keys

SSH allows two hosts to communicate without the use of a password. A private key and a public key are used in SSH key authentication.

To generate the keys, type the following into a terminal prompt:

ssh-keygen -t rsa

The RSA Algorithm will be used to produce the keys. The generated keys will have 3072 bits at the time of writing. The -b option can be used to change the number of bits. To produce keys with 4096 bits, for example, perform the following:

ssh-keygen -t rsa -b 4096

You will be asked for a password at some point along with the procedure. When prompted to create the key, just press Enter.
The public key is saved in /.ssh/id rsa.pub by default, while the private key is saved in /.ssh/id rsa. Now, copy the id rsa.pub file to the remote host and append it to /.ssh/authorized keys with the following command:

ssh-copy-id username@remotehost

Furthermore, check the authorized keys file permissions; only the authenticated user should have read and write access. Change the permissions if they are invalid by:

chmod 600 .ssh/authorized_keys

You should be able to connect to the host without having to enter a password now.

How to Import keys from Public Keyservers?

Many users have already registered their ssh keys with services like launchpad or github. These are easy to import using this command:

ssh-import-id <username-on-remote-service>

The prefix lp: is inferred and signifies obtaining from launchpad; the equivalent gh: means obtaining from Github.

Conclusion

In this article, we have seen what is OpenSSH along with its installation, configuration, and SSH keys. I hope you will find this article helpful.

Recommended Articles

This is a guide to OpenSSH. Here we discuss Introduction, How to install OpenSSH, How to configure OpenSSH?, examples with code implementation respectively. You may also have a look at the following articles to learn more –

  1. OpenSSH version
  2. Kali Linux SSH
  3. Kali Linux Packages
  4. Cyber Security Tools
quiz