Access the Remote Command Line with SSH
After completing the work in this module you will be able to:
Secure SHell (SSH) creates a secure connection over an insecure network using public key encryption. In this section you will learn how to log into a remote system and run commands.
[student@workstation ~]$ ssh student@servera
student@servera's password:
...output omitted...
[student@servera ~]$
Since student has the same user name on servera the command can be shortened to ssh servera.
[student@servera ~]$ exit
Connection to servera closed.
[student@workstation ~]$
Typing the exit command closes the connect and returns the user to the host where the connection was initiated.
[student@workstation ~]$ ssh developer1@servera
developer1@servera's password:
...output omitted...
[developer1@servera ~]$
[student@workstation ~]$ ssh servera uptime
20:06:13 up 2 min, 0 users, load average: 0.18, 0.06, 0.02
[student@workstation ~]$
You can run a command without logging into the remote host by including the command after the host.
[developer1@servera ~]$ w
16:13:38 up 36 min, 1 user, load average: 0.00, 0.00, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
developer2 pts/0 172.25.250.10 16:13 -bash
developer1 pts/1 172.25.250.10 16:24 -w
[developer1@servera ~]$
Here the w command shows that there are two remote logins.
To establish a SSH connection remote server sends a copy of its public key to the client before logging in. Public keys end in a .pub extension. The private key must not be shared.
[student@workstation ~]$ ls ~/.ssh/
config known_hosts lab_rsa lab_rsa.pub
[student@workstation ~]$
Since student has previously logged into servera a copy of servera's public key will be in the known_hosts file in the ~/.ssh/ directory.
If the StrictHostKeyChecking parameter is set to yes, then the ssh command always aborts the SSH connection if the public and private keys do not match. Otherwise ssh will ask for a password.
Log into a remote system as different users and execute commands.
Configure a user account to use key-based authentication to log in to remote systems securely without a password.
Using keys to log into a remote host can be more secure that typing in a password. The ssh-keygen command generates a mathematically related key pair - a secret private key and a sharable public key with a .pub extension. The command suggests a default name but you can use a custom name if you want. Optionally, you can secure that private key with a passphrase for added security.
[student@workstation ~]$ ls ~/.ssh/
config id_rsa id_rsa.pub known_hosts lab_rsa lab_rsa.pub
[student@workstation ~]$
The newly generated key pair is placed in the hidden ~/.ssh/ directory in student's home directory.
Once the key pair is generated the public key is uploaded to the remote host using ssh-copy-id. The public key can be uploaded to multiple hosts or a new key pair with a different name can be generated for each hosts.
If needed start the agent.
[student@workstation ~]$ eval $(ssh-agent)
Agent pid 10155
The ssh-agent is started in the background.
Then add the key.
[student@workstation ~]$ ssh-add
Identity added: /home/student/.ssh/id_rsa
The ssh-agent command will cache keys for the duration of about 5 minutes.
[user@host ~]$ ssh -v user@remotehost
OpenSSH_8.7p1, OpenSSL 3.0.1 14 Dec 2021 1
debug1: Reading config. data ssh_config 2
debug1: Reading config. data ssh_config.d/01-train.conf
Use the -v option to show the connection process in detail.
[dennisk@sahuaro ~]$ cat ~/.ssh/config
host sdf
HostName sdf.org
User dennisk
IdentityFile ~/.ssh/id_rsa_sdf
host ec2
HostName 54.232.200.77
User ec2-user
IdentyFile ~/.ssh/id_rsa_ec2
A SSH config file containing information needed to log into remote hosts greatly simplies the process. In this example two hosts are listed, sdf and ec2 along with information needed to complete the connection.
[dennisk@sahuaro ~]$ ssh ec2
Login can now be done with only the host name from the ~./ssh/config file.
In this exercise, you configure a user to use key-based authentication for SSH. When asked to enter a passphrase just press the Enter key twice. No passphrase will be used in this lab unless asked for.
/etc/ssh/sshd_config
The /etc/ssh/sshd_config can be customized by uncommenting and changing default values.
You can configure the service by editing the /etc/ssh/sshd_config file. Disable direct logins as root by uncommenting PermitRootLogin and changing prohibit-password to no.
Disable password logins by uncommenting PasswordAuthentication and changing yes to no.
A best practices is to disable remote root logins in /etc/ssh/sshd_config.
[student@servera ~]$ sudo systemctl restart sshd.service
After changing /etc/ssh/sshd_config the service must be either restarted or reloaded.
In this exercise, you disable direct logins as root and disable password-based authentication for the OpenSSH service on one of your servers.
/etc/ssh/known_hosts and .ssh/known_hosts.
In this lab, you set up key-based authentication for users, and disable direct login as root and password authentication for all users for the OpenSSH service on one of your servers.
Thanks for watching. This is the end of the presentation.
Created on 17 February 2025 by Dennis Kibbe. Last modified on 9 June 2025 09:21:00 by DNK.
Keyboard Shortcuts
This slide presentation was created by B6Plus. The audio accompanying this presentation is AI-generated.