When you purchase a VPS/VDS server or shared hosting, usually along with other authorization data in the letter you are given data for SSH access. SSH server access (secure shell) is a secure network protocol for remote server management via the Internet.
Who and why needs to connect to the server via SSH
Programmers, system administrators, devops engineers and testers often turn to common technologies. For example, each of these specialists would benefit from the ability to have remote access - to access the server via SSH. The SSH protocol is an indispensable tool that allows you to securely and conveniently manage a remote server. Thanks to this protocol you can execute commands; file and data packet exchange through a secure connection is available; data compression; entering commands and working with their results; port forwarding; transferring encrypted traffic; working with databases in console mode. By default, the SSH protocol uses port 22.
SSH components
An SSH connection consists of 2 components: SSH server and SSH client.
- SSH server is a special system that allows you to establish a secure connection and authenticate the user, it is configured and runs on the server.
- SSH client is a program to securely access a remote machine and send commands from the user's computer.
Popular SSH clients that allow you to connect to a server via SSH
SSH clients for Windows operating system: PuTTY, KiTTY, MobaXterm, Solar-PUTTY (former SolarWinds), WinSCP, Xshell, FireSSH online extension for Firefox, Secure Shell - plug-in application for Google Chrome, OpenSSH component for Cygwin Terminal, Tunnelier, SSHWindows.
How to connect to a Mac OS server via SSH? A standard utility - a simple console terminal, as well as SSH clients ZOC, vSSH, Shuttle - will help.
These SSH clients will allow you to connect and log in to a Linux server: SecureCRT, PuTTY, OpenSSH, Termius, MobaXterm, SecureCRT, Xshell, KiTTY, TeraTerm. A console terminal is also built into the OS.
Whether you are a system administrator, a software developer, or a simple user, if you need an SSH client, you can find the right one in these lists. It is important to take the time to evaluate the available tools and choose the one that best suits your needs and goals.
How to access the server via SSH - connection types
During connection establishment, the SSH protocol determines who is the user of the client application using one of the options:
- Verify the connection by entering a login and password, with passwords transmitted in encrypted form. This method is the most common method of authentication for login.
- User identification using a key, is considered the most secure. The server and client have public and private key pairs. The public key is known to everyone, while the private key is known only to the owner. Anyone can encrypt a message using the public key, but it can only be decrypted using the private key. A client sends its username and public key to the server. The server checks if the received key matches the entries in the list of allowed users. If the user is on the list, the server generates a random number, encrypts it with the client's public key and sends it back. The client decrypts the data and sends it back. If everything was decrypted correctly - authentication is considered successful. It is allowed to access the remote server using SSH.
How the connection works
- Establishing a TCP connection: TCP (Transmission Control Protocol) is used to exchange information between the remote server and the user.
- Establishing a secure channel. Based on the connection settings, the server and client exchange information on how data will be encrypted and compressed.
User authentication.
Solving typical problems
SSH is a unique and highly flexible tool, but in practice it is often difficult to understand and use it correctly.
Host name
- Check that the hostname is spelled correctly.
- Make sure that you can get the IP address of the host on the client machine by using the ping command.
If you are having trouble resolving DNS at any level, a temporary solution may be to use the IP address of the server.
The connection time has expired
The client was unable to establish a connection to the SSH server within the specified waiting period.
- Verify that the host IP address is correct.
- Make sure the SSH port being used is available for connection through your network. Some public networks block port 22 or user SSH ports. To check if the port is available, you can try connecting to other hosts through the same port.
- Make sure your firewall policy is not set to "DROP" but allows connections through the SSH port.
Connection failure
- Check that the IP address of the host is correct.
- Connect to other hosts on the same port to make sure the problem is not caused by blocking.
- Verify that the firewall policy is not set to "DROP" and that the port is not blocked.
- Verify that the server is running and bound to the correct port.
Despite the elaborate security of the protocol, the use of the standard port 22 seriously increases the possibility of server compromise. For example, attackers can use a brute-force attack. To reduce the risk of unauthorized entry for attackers, you can change SSH ports and create access restrictions.
Conclusion
SSH creates a "tunnel" between devices through which encrypted data is transmitted. To maximize security, exclude remote access with administrative rights to the server or client.
- Change the default SSH port number 22 to a different port number.
- Use long RSA keys.
- Control the IP addresses from which access to the client and server is allowed.
- Watch for authentication errors to quickly detect hacking attempts.
- Install additional security systems of recent versions.
If you follow these rules, you will maximize the security of your SSH connection.
