So, you've got yourself a shiny new Linux server! But how do you actually control it from your local machine? That's where SSH comes in. SSH, or Secure Shell, is a powerful tool that lets you log in to your server remotely over a secure connection. It's kind of like having a digital key that unlocks a secret world of server commands.
When you buy a VPS Linux server form a cloud provider they provide you with a root account and a password. You should use this user and password to login to your server using ssh. In this blog post we discuss how to do this and also how to setup a password-less login using public keys.
Why SSH?
Why people in Linux world use ssh login so frequently? Why not just use a web interface or remote desktop software? SSH offers several advantages:
Security: SSH encrypts all communication between your machine and the server, protecting your login credentials and commands from prying eyes.
Efficiency: SSH is a lightweight protocol that works well even over slow internet connections.
Flexibility: SSH allows you to run commands directly on the server terminal, giving you fine-grained control.
Linux systems have a rich history of terminal commands and doing system administration using command line is both efficient and simple. Accessing a remote server using a ssh terminal is very fast and it is available almost everywhere. Obviously you can find a terminal emulator on every Linux installation, but there are apps on Windows that you can use to login to your server using shell. There are even apps for Android and iOS, so you can administer your server anywhere, anytime.
Logging In with SSH
To login to your server you need an ssh app. On Linux ssh in the command line iterface does the job. For Windows we have free tool puTTY, or you can use Windows Terminal. Here's a breakdown of how to log in to your server using SSH:
Fire Up Your Terminal: Open a terminal window on your local machine (Linux/Mac) or a command prompt on Windows (there are also third-party SSH clients available for Windows).
Craft Your Login Command: The basic SSH command looks like this:
$ ssh username@server_ip_address
Replace username with your actual username on the server and server_ip_address with the server's IP address. If you're using a domain name instead of an IP, you can use that as well.
Keying In: Press Enter, and you'll be prompted for your password. Type it carefully (remember, characters won't be shown on screen for security).
Welcome Aboard!: If everything goes well, you'll be greeted by the server's terminal prompt. Congratulations, you're now in!
Going Password-less with SSH Keys
Continually typing your password can get tedious. SSH offers a more convenient solution: public key authentication. In Linux you can simply create a public-private key pair using ssh-keygen command. You need to upload the generated public key to the server, but you don’t have to do it manually. The command ssh-copy-id does the job. Here's how to set it up:
Generate Your Key Pair: On your local machine, type:
$ ssh-keygen
Follow the prompts, choosing a secure location to save the key pair. The default location suggested by the command is just Okay. This generates a public key and a private key. The public key goes on the server, while you keep the private key safe on your local machine.
Sending the Public Key: Use ssh-copy-id to send your public key to the server:
$ ssh-copy-id username@server_ip_address
Enter your server password when prompted. This copies the public key to a file authorized_keys on the server.
Keystone to Access: Now, when you try to SSH again, you'll be automatically logged in without needing a password, as long as you're using the same machine where you generated the key pair.
Remember: Keep your private key safe! If someone gets a hold of it, they can access your server.
Setting Up Public Key Login on Windows for SSH
While we focused on generating keys on your local machine (assumed to be Linux/Mac), the process for Windows is slightly different. Here's how to set up public key login on Windows for SSH access to your Linux server:
Download an SSH Client: Windows doesn't have SSH built-in, so you'll need a third-party client like PuTTY (https://www.putty.org/) or OpenSSH for Windows (https://learn.microsoft.com/en-us/windows/wsl/).
Generate the Key Pair: Launch your chosen SSH client and navigate to its key generation tool. In PuTTYgen (part of PuTTY), go to "SSH" -> "Generate key pair". Follow the prompts, creating a strong passphrase to protect your private key.
Saving the Keys: Save the private key in a secure location on your Windows machine. You can also choose to save the public key as a separate file for easy transfer.
Transferring the Public Key: There are a few ways to get your public key onto the server. You can use a temporary password login (as described earlier) and then use the cp command in the server terminal to copy the public key file to the .ssh directory in your server user's home directory. Alternatively, you can use online storage services like Dropbox or paste the key directly into the server's authorized_keys file (though this method is less secure).
Configuring the Server (Optional): For some SSH clients on Windows, you might need to edit the client configuration file to point to your private key location. Refer to your client's documentation for specific instructions.
Remember:
Keep your private key file on your Windows machine well-protected, ideally with strong password or encryption.
Ensure proper permissions are set on the server's authorized_keys file (only owner and system should have access).
With these steps, you should be able to connect to your Linux server using SSH from your Windows machine without needing to enter a password every time, as long as you're using the same machine with the private key.
The Takeaway
The real Linux server administration is done on the command line interface. SSH is an essential tool for managing your Linux server securely. By understanding basic login and exploring password-less login with SSH keys, you can streamline your workflow and keep your server access safe. As you get more comfortable, you can go deeper into the vast capabilities of SSH for remote server administration by learning commands.