Quick tutorial - secure remote login to your system with SSH

SSH is an awesome piece of software. What it does is it allows you to set up a secure login server on your computer, and have people safely and securely log in and use the computer remotely.

In this quick tutorial, we'll look at how to set up SSH so that you can securely log in to your system from another location. We won't look at advanced ways to configure SSH (like password-less authentication) for now, but we might cover that later.

Note, that this tutorial requires a bit of Linux knowledge, as we'll be jumping in and out of the command line frequently and you'll need to know certain things about your distribution of choice. For this and many future server tutorials, I'll be using CentOS 4.4 (but you can easily adapt this for any distribution).

Is it installed?

First of all, let's check to make sure the server and client OpenSSH packages are installed. You can use your distribution's software management tool, but for my CentOS system I'll run:

$ rpm -qa | grep ssh
openssh-3.9p1-8.RHEL4.17.1
openssh-clients-3.9p1-8.RHEL4.17.1
openssh-server-3.9p1-8.RHEL4.17.1
openssh-askpass-3.9p1-8.RHEL4.17.1

As you can see there, I've got both the client and server packages installed, so we're ready to go! If you need to install them, refer to your software management app to get both openssh-client and -server installed.

Pick a port and run

Running SSH on the default port (22) is asking for trouble. In fact, it's the best way to get nasty people knocking at your door trying random username and passwords to try and get in to your box. They'll probably never get in, but it's always best just to avoid all that trouble and run SSH on a non-standard port.

Pick a number between 1024 and 20000 and use that as your port number instead. For this tutorial, I'll pick 7286.

Now, we need to edit (as root) the SSH configuration file with a few options. Use your favourite text editor. Here I'm on a text-based only system, and I'm a vim person, so:

# vim /etc/ssh/sshd_config

Find the line which says 'Port'. If it's commented out (with a # symbol), uncomment it and change the line to read the port number you chose earlier. For example, I'll change it to

Port 7286

Uncomment and change if necessary the following lines just like you did with the Port line:

Protocol 2

...
PermitRootLogins no
...
PermitEmptyPasswords no
...
UsePrivilegeSeparation yes

All these options will secure your SSH installation from the most common attack attempts. Save the file and quit your editor.

Poking a hole in the firewall

Now, you must open up the port in your firewall so that login attempts will be let through. Since most systems have different firewall settings, I won't cover them all here, but I did this:

# system-config-securitylevel

I then went to customise and added 7286:tcp to the list of allowed ports.

Router users beware!

If you're behind a NAT router, or another device that does NAT, you'll need to forward that same port you chose earlier router side to your machine. For example, if your computer is 192.168.0.3, you'll need these forwarding settings:

Target - 192.168.0.3
External Port - your port number
Internal Port - your port number

Unfortunately, since every router's interface is different, I can't cover that here either. And if your machine uses a dynamic IP address on your local network, you will need to change that to a static IP, but that's beyond the scope of this tutorial as well.

Start your SSH server

Now, let's start the SSH server.

# /etc/init.d/sshd start

Oh, and before we forget, we also need to set it to start when the computer boots. On CentOS, I do:

# chkconfig sshd on

Test your new setup

It's time to test! Move to a different machine, and try to connect to your SSH'd box.

On a Unix-based system (including Mac OS X):

Open a terminal, and do:

$ ssh -p yourportnumber -l yourloginname youripaddress

On a Windows machine:

Download PuTTY and run it. Enter your machine's details and click Connect to connect and log in!

If you've run into trouble, check your firewall and router settings, as they're usually the culprit. Failing that, a nicely-worded comment on this post may get you some help if we're feeling generous!

I haven't covered graphical login here yet, as that's a touch more complex and requires some fiddling. Until then, enjoy!

Avatar for peter Peter Upfold - http://peter.upfold.org.uk/

Peter Upfold is a technology enthusiast from the UK. Peter’s interest in Linux stems back to 2003, when curiosity got the better of him and he began using SUSE 9.0. Now he runs Linux Mint 9 on the desktop, runs a CentOS-based web server from home for his personal website and dabbles in all sorts of technology things across the Windows, Mac and open source worlds.

Home » Articles »

Discussion: Quick tutorial - secure remote login to your system with SSH

  1. Chris (guest)

    # Posted on 27 November 2006 at 05:42 AM

    Hardly a "Quick tutorial"! Nice post Peter.



  2. Peter (guest)

    # Posted on 27 November 2006 at 08:33 AM

    When I say "Quick", I really mean "less than two pages", but that would make the post title too long. :P



  3. # Posted on 26 March 2007 at 02:49 PM

    [...] in November, I took a quick look at how to set up secure remote login with [...]



  4. Tim Archer (guest)

    # Posted on 09 April 2007 at 05:13 PM

    You can find some additional information on securing SSH through changing the port and disabling the root login through a writeup I did. I also change the grace time setting to keep people from hanging onto unauthenticated connections forever (ideally preventing DOS attacks).

    My writeup is at: <a href="http://timarcher.com/?q=node/46" rel="nofollow">http://timarcher.com/?q=node/46</a>



  5. # Posted on 20 April 2007 at 12:58 PM

    [...] quick tutorial to take OpenSSH server to use is provided by Fosswiere- Secure login to your system with SSH. I agree in most of the part with this but I would use edit the iptables config file [...]



Home » Articles » Quick tutorial - secure remote login to your system with SSH