SSH is an awesome piece of software. What it does is it allows you to set up a secure login server on your computer, and have people safely and securely log in and use the computer remotely.
In this quick tutorial, we'll look at how to set up SSH so that you can securely log in to your system from another location. We won't look at advanced ways to configure SSH (like password-less authentication) for now, but we might cover that later.
Note, that this tutorial requires a bit of Linux knowledge, as we'll be jumping in and out of the command line frequently and you'll need to know certain things about your distribution of choice. For this and many future server tutorials, I'll be using CentOS 4.4 (but you can easily adapt this for any distribution).
Is it installed?
First of all, let's check to make sure the server and client OpenSSH packages are installed. You can use your distribution's software management tool, but for my CentOS system I'll run:
openssh-3.9p1-8.RHEL4.17.1
openssh-clients-3.9p1-8.RHEL4.17.1
openssh-server-3.9p1-8.RHEL4.17.1
openssh-askpass-3.9p1-8.RHEL4.17.1
As you can see there, I've got both the client and server packages installed, so we're ready to go! If you need to install them, refer to your software management app to get both openssh-client and -server installed.
Pick a port and run
Running SSH on the default port (22) is asking for trouble. In fact, it's the best way to get nasty people knocking at your door trying random username and passwords to try and get in to your box. They'll probably never get in, but it's always best just to avoid all that trouble and run SSH on a non-standard port.
Pick a number between 1024 and 20000 and use that as your port number instead. For this tutorial, I'll pick 7286.
Now, we need to edit (as root) the SSH configuration file with a few options. Use your favourite text editor. Here I'm on a text-based only system, and I'm a vim person, so:
Find the line which says 'Port'. If it's commented out (with a # symbol), uncomment it and change the line to read the port number you chose earlier. For example, I'll change it to
Port 7286
Uncomment and change if necessary the following lines just like you did with the Port line:
Protocol 2
...
PermitRootLogins no
...
PermitEmptyPasswords no
...
UsePrivilegeSeparation yes
All these options will secure your SSH installation from the most common attack attempts. Save the file and quit your editor.
Poking a hole in the firewall
Now, you must open up the port in your firewall so that login attempts will be let through. Since most systems have different firewall settings, I won't cover them all here, but I did this:
I then went to customise and added 7286:tcp to the list of allowed ports.
Router users beware!
If you're behind a NAT router, or another device that does NAT, you'll need to forward that same port you chose earlier router side to your machine. For example, if your computer is 192.168.0.3, you'll need these forwarding settings:
Target - 192.168.0.3
External Port - your port number
Internal Port - your port number
Unfortunately, since every router's interface is different, I can't cover that here either. And if your machine uses a dynamic IP address on your local network, you will need to change that to a static IP, but that's beyond the scope of this tutorial as well.
Start your SSH server
Now, let's start the SSH server.
Oh, and before we forget, we also need to set it to start when the computer boots. On CentOS, I do:
Test your new setup
It's time to test! Move to a different machine, and try to connect to your SSH'd box.
On a Unix-based system (including Mac OS X):
Open a terminal, and do:
On a Windows machine:
Download PuTTY and run it. Enter your machine's details and click Connect to connect and log in!
If you've run into trouble, check your firewall and router settings, as they're usually the culprit. Failing that, a nicely-worded comment on this post may get you some help if we're feeling generous!
I haven't covered graphical login here yet, as that's a touch more complex and requires some fiddling. Until then, enjoy!