How-to Guide Linux Networking with SSH

Write tutorials for Linux Mint here
More tutorials on https://github.com/orgs/linuxmint/discu ... /tutorials and (archive) on https://community.linuxmint.com/tutorial
Forum rules
Don't add support questions to tutorials; start your own topic in the appropriate sub-forum instead. Before you post read forum rules
Post Reply
cathbard

How-to Guide Linux Networking with SSH

Post by cathbard »

SSH (Secure Shell)

SSH is a networking tool to enable remote logins to another GNU/Linux computer. It is superior to Samba because it allows you to log in as the user and have the same access to the machine as you would if you were sitting at the machine. It allows you not only to move files around but also to run applications.
Mint comes with the ssh client preinstalled but to be able to access it from another computer you have to install the ssh server. You can install ssh with a package manager like mintinstall or synaptic or it can be easily accomplished in a terminal with:

sudo apt install ssh

Now you can go to the other pc and gain terminal access to your Mint machine or access it using a filemanager like Nautilus or Konqueror. For the purposes of this howto we will pretend that the ip address of your machine is 192.168.0.111

To gain remote access in a terminal simply enter:

ssh user@ip-address (ie: ssh mintuser@192.168.0.111)
or if you want to run gui applications enter:
ssh -X user@ip-address
You will then be asked for the user id for the remote computer and be granted a prompt for that machine.

To access the remote pc via ssh using Nautilus:

Toggle to text based location input in browser mode as shown below.

Image

The protocol to use ssh in a browser is called sftp. Enter the address into the location field using the following format:
sftp://user@ip-address (ie sftp://mintuser@192.168.0.111)

Access via Konqueror is achieved by entering the same thing into it's location field.

Of course, you can now add a bookmark so you don't have to type the address in every time you want to access it.

-------------------------------------------------------------------------------------------

Remote Access via Internet

The default port for ssh is 22 so make sure that this is port forwarded in your router if you want access through it. (details on changing the port number for greater security are described later in the "Improving SSH Security" section). Setting up port forwarding on the router varies from router to router so you will have to consult your router's manual for information on setting that up.

To access the pc through the router from the outside world you will need to setup a static local IP address so the router knows where to direct the port forwarding. We will continue to use 192.168.0.111 as an example.

Go into Administration > Preferences > Network (or from a terminal: network-admin)
Click "unlock", select the network connection and open Properties
disable "Enable roaming mode" and enter the details which will be something like:

Static IP Address
IP address - 192.168.0.111
Subnet mask - 255.255.255.0
Gateway address - 192.168.0.1

These values can be found by simply looking at what was automatically assigned in the connection information on the network monitor on the task bar. You can also get this info, including the MAC address (HWaddr), by typing in a terminal: ifconfig

Now open the sshd config file by entering in a terminal:

gksu gedit /etc/ssh/sshd_config
(or in kde: kdesu kwrite /etc/ssh/sshd_config)

Look for "#ListenAddress 0.0.0.0" and replace it with "ListenAddress 192.168.0.111"

Save it

When accessing the machine from the outside world you need to enter the server's IP address on the internet into the client's terminal/filemanager and not the local LAN address. If you are accesssing it from the local LAN you use the local address. The configuration settings are all the local address, the internet address is just what a client in the outside world has to use, it has nothing to do with the setup of your ssh server.
The internet address for your ssh server can be gained by examining the router or by simply going to http://whatismyip.com in a web browser.

You will now have to restart the ssh server. Do that by entering this in a terminal:
sudo /etc/init.d/ssh restart

----------------------------------------------------------------------

Improving SSH security

The default settings with ssh leave a little to be desired but it is quite simple to improve them
To do this you need to edit the sshd config file. Do this by entering in a terminal:

gksu gedit /etc/ssh/sshd_config
(or in kde: kdesu kwrite /etc/ssh/sshd_config)

Now we can make some modifications.

Port
It is wise to operate ssh on a different port to the default one if you can. Choose something out of the range of most port scanners. Something above 5000 is a good idea if your ISP isn't one of those Big Brother types that block ports. I will use 5876 for the example but that is an arbitrary choice. Don't forget to setup your router's port forwarding to use the same port number.
Look for "Port 22" and change this to "Port 5876"
If you do this it changes how you must address it accordingly:
In a terminal: ssh user@ip-address -p5876 (ie: ssh mintuser@192.168.0.111 -p5876)
In a filemanager: sftp://user@ip-address:port (ie: sftp://mintuser@192.168.0.111:5876)

Login Grace Time.
This is how long you allow for the password to be entered. This is set to 120 secs by default, adjust this to a figure you are happy with. 120 is probably ok because we are going to limit the number of retries allowed

Root Login .
Disable this. Why it is on by default baffles me.
Replace "PermitRootLogin yes" with "PermitRootLogin no"

Maximum login attempts.
This is also not set by default. Do it. Add this line to the Authentication section to only allow 2 tries before it boots you out. You can make it 3 if you have really clumsy fingers or a bad memory I guess. Suit yourself but no more than 2 or 3 is probably wise
MaxAuthTries 2

Don't forget to restart the server after making the changes with:
sudo /etc/init.d/ssh restart

It is possible to force ssh to use rsa keys instead of passwords for greater security but I will not go into that here, that is a topic of it's own. I suggest that you use a hard to guess password on your pc anyway.


Now you're all ready to ssh your heart out. Have fun.

-------------------------------------------------------------

Other useful commands:

sudo /etc/init.d/ssh stop - stop ssh server
sudo /etc/init.d/ssh start -start ssh server
man ssh - comprehensive description of ssh commands
Last edited by Oscar799 on Thu May 13, 2010 8:31 am, edited 2 times in total.
Husse

Re: Linux Networking with SSH

Post by Husse »

Thanks for that
This is one of my week spots......
Oh - please use gksu or gksudo for a GUI application - in rare events sudo can destroy your user authentication (at least pre Elyssa - have not had the time to check in on the present situation)
cathbard

Re: Linux Networking with SSH

Post by cathbard »

Fixed. I changed it to read gksu (and kdesu for kde users).

Ah this sudo stuff. Nothing beats a real root user does it? :wink:
Fred

Re: Linux Networking with SSH

Post by Fred »

cathbard,

Excellent how-to!

Good follow-ups too!

Thanks, :-)

Fred
Old Marcus

Re: Linux Networking with SSH

Post by Old Marcus »

Cheers cathbard, awesome tutorial. :)
NWAdawg

Re: Linux Networking with SSH

Post by NWAdawg »

Great how-to, It made my day today.
AndyVIII

Re: Linux Networking with SSH

Post by AndyVIII »

great how to!!!

first I was tinkering with NFS... difficult to set-up!
samba is working... more or less... :-(

IMHO the SSH solution is perfect, quick to set-up and easy to use!!!

to ease the usage, and to avoid problems with a dhcp server,
where the IP address depend on the startup sequence,
I have one additional remark to get around to evaluate IP addresses:

check if already installed on any pc:
openssh-client

with Synaptic: install on pc with hostname: "my-pc-one"
openssh-server
to enable the access from external to local folders.

"on my-pc-two" (<- is hostname)
To access the remote my-pc-one via ssh using Nautilus:
Toggle to text based location input in browser mode (symbol top left).
Enter the address into the location field using the following format:
sftp:// <username> @ <hostname> .local/ <foldername>/<foldername..
ie:
sftp://charlie@my-pc-one.local/some/folder

and here it is :-) :-) !!!
Last edited by AndyVIII on Sat Jun 20, 2009 12:02 am, edited 1 time in total.
emorrp1

Re: Linux Networking with SSH

Post by emorrp1 »

mintUpload v3 (gloria) has sftp support, so if you entered an IP address in the host configuration, then you can just right-click & "upload" a file to the other machine (we're working on a CLI for v4).
RichardH

Re: Linux Networking with SSH

Post by RichardH »

Running mint7xfce RC1.
I remember seeing mintUpload when first installed mint7gloria but it isn't available at present in the xfce CE versi9on.
Perhaps in the final release of mint7xfce.

I use Krusader which is great for connecting and transferring files to and fro via wireless or wired.
Krusader was built for all those Norton Commander/Total Commander addicts who needed a crutch to leave Windows.
It is the first thing I install in a new install of any flavor: xfce4, kde, gnome, flux, icewm, etc.
Last edited by RichardH on Mon Aug 10, 2009 12:10 pm, edited 1 time in total.
emorrp1

Re: Linux Networking with SSH

Post by emorrp1 »

Hi RichardH, I'm not sure about the gloria XFCE progress, but the right-click integration used to be provided in a package called thunar-custom-actions-xfce which may not have been updated for gloria yet. You can still use mintUpload using the command "mintupload ~/path/to/file" in any launcher (e.g. terminal)
optimize me

Re: Linux Networking with SSH

Post by optimize me »

This is a good guide.. Thanks for writing it up!

I see where someone else mentioned using NFS and it being difficult to set up. It's certainly no more difficult than SSH, especially when setting up RSA & DSA keys come in to play. NFS is a better system for a LAN behind a NAT router, since SSH & SSHFS have encryption overhead that will slow down your file transfers considerably when compared to NFS or CIFS.

In any event, here's some more instructional links that I've collected concerning SSH that I used when setting up on my LAN. I hope someone finds them useful:
RichardH

Re: Linux Networking with SSH

Post by RichardH »

@emorrp1
thunar-custom-actions-xfce is at v1.2

richard@mint7p6x ~ $ mintupload
Traceback (most recent call last):
File "/usr/lib/linuxmint/mintUpload/mintUpload.py", line 783, in <module>
filename = sys.argv[1]
IndexError: list index out of range

$ mintupload UEOC-ubicación.png 192.168.1.100
got it running. added the service and made the attempt for proof of concept.

Thanks for the reply. I can still connect with krusader to do what was needed.
emorrp1

Re: Linux Networking with SSH

Post by emorrp1 »

Hi RichardH, glad you got it working (despite the problems), and if you prefer krusader, then fair enough. I've just checked, and not only is thunar...xfce the latest version, but it also includes the Upload context menu item for mintUpload, so you should be able to access it via the normal right-click on a file method - It seems I'll have to download and test the XFCE edition to check it works properly, and fix it if not. You'll be glad to know that we're working on tons of improvements for Helena, one of the first that we did being more helpful error messages :-)!
RichardH

Re: Linux Networking with SSH

Post by RichardH »

:oops:
You are right. It is there in Thunar. Just hadn't tried right clicking which brings up Subir/Upload.
Thunar is more and more a handy app.
silver_moon

Re: How-to Guide Linux Networking with SSH

Post by silver_moon »

When using gui file browser like konqueror or dolphin you have 2 options

Secure FTP
sftp://username@hostname

File transfer over ssh
fish://username@hostname
zolar1

Re: How-to Guide Linux Networking with SSH

Post by zolar1 »

If you never used SSH as described above, isn't it a security issue for leaving it on and running in the system?

What happens if I apt-get remove ssh?

Seems to me that someone could use SSH and get into someone else's system.

Or am I wrong?
Cwashpimp

Re: How-to Guide Linux Networking with SSH

Post by Cwashpimp »

do you mind if i use this guide on my linux wiki?
http://www.lif3h4ck.com/
Habitual

Re: How-to Guide Linux Networking with SSH

Post by Habitual »

This 'guide' is missing one key element (IMO) and those without benefit of a router/firewall/other could be more secure using it in their /etc/ssh/sshd_config

Code: Select all

PasswordAuthentication no
Restricting User Logins
Using Match Options to Add Exceptions
Stricter Defaults

Strong keys without password

Code: Select all

ssh-keygen -f /path/to/file_rsa -t rsa -N '' -b 4096 -q


Comments in key generation:

Code: Select all

ssh-keygen -f /path/to/file_rsa -t rsa -N '' -b 4096 -C "$(whoami)@$(hostname)-$(date -I)" -q
Be safe out there!

Good job and well done.

Edit:
Another option

Code: Select all

PubkeyAuthentication yes
User avatar
wutsinterweb
Level 6
Level 6
Posts: 1042
Joined: Tue Feb 28, 2017 2:14 am
Location: Connecticut, USA

Re: How-to Guide Linux Networking with SSH

Post by wutsinterweb »

I can't see any image, just the word image where it talks about using nautilus or konqorer.
I've been using Mint for over 4 years, but I'm still a slow learner. I have a website: https://pickfetish.com. It is dedicated to guitar/instrument picks.
Post Reply

Return to “Tutorials”