How-to Guide Linux Networking with SSH

Write tutorials and howtos in here
There are more tutorials here http://community.linuxmint.com/tutorial/welcome
Forum rules
Do not start a support topic here please. Before you post please read this

How-to Guide Linux Networking with SSH

Postby cathbard on Mon Jun 16, 2008 4:37 am

SSH (Secure Shell)

SSH is a networking tool to enable remote logins to another GNU/Linux computer. It is superior to Samba because it allows you to log in as the user and have the same access to the machine as you would if you were sitting at the machine. It allows you not only to move files around but also to run applications.
Mint comes with the ssh client preinstalled but to be able to access it from another computer you have to install the ssh server. You can install ssh with a package manager like mintinstall or synaptic or it can be easily accomplished in a terminal with:

sudo apt install ssh

Now you can go to the other pc and gain terminal access to your Mint machine or access it using a filemanager like Nautilus or Konqueror. For the purposes of this howto we will pretend that the ip address of your machine is 192.168.0.111

To gain remote access in a terminal simply enter:

ssh user@ip-address (ie: ssh mintuser@192.168.0.111)
or if you want to run gui applications enter:
ssh -X user@ip-address
You will then be asked for the user id for the remote computer and be granted a prompt for that machine.

To access the remote pc via ssh using Nautilus:

Toggle to text based location input in browser mode as shown below.

Image

The protocol to use ssh in a browser is called sftp. Enter the address into the location field using the following format:
sftp://user@ip-address (ie sftp://mintuser@192.168.0.111)

Access via Konqueror is achieved by entering the same thing into it's location field.

Of course, you can now add a bookmark so you don't have to type the address in every time you want to access it.

-------------------------------------------------------------------------------------------

Remote Access via Internet

The default port for ssh is 22 so make sure that this is port forwarded in your router if you want access through it. (details on changing the port number for greater security are described later in the "Improving SSH Security" section). Setting up port forwarding on the router varies from router to router so you will have to consult your router's manual for information on setting that up.

To access the pc through the router from the outside world you will need to setup a static local IP address so the router knows where to direct the port forwarding. We will continue to use 192.168.0.111 as an example.

Go into Administration > Preferences > Network (or from a terminal: network-admin)
Click "unlock", select the network connection and open Properties
disable "Enable roaming mode" and enter the details which will be something like:

Static IP Address
IP address - 192.168.0.111
Subnet mask - 255.255.255.0
Gateway address - 192.168.0.1

These values can be found by simply looking at what was automatically assigned in the connection information on the network monitor on the task bar. You can also get this info, including the MAC address (HWaddr), by typing in a terminal: ifconfig

Now open the sshd config file by entering in a terminal:

gksu gedit /etc/ssh/sshd_config
(or in kde: kdesu kwrite /etc/ssh/sshd_config)

Look for "#ListenAddress 0.0.0.0" and replace it with "ListenAddress 192.168.0.111"

Save it

When accessing the machine from the outside world you need to enter the server's IP address on the internet into the client's terminal/filemanager and not the local LAN address. If you are accesssing it from the local LAN you use the local address. The configuration settings are all the local address, the internet address is just what a client in the outside world has to use, it has nothing to do with the setup of your ssh server.
The internet address for your ssh server can be gained by examining the router or by simply going to http://whatismyip.com in a web browser.

You will now have to restart the ssh server. Do that by entering this in a terminal:
sudo /etc/init.d/ssh restart

----------------------------------------------------------------------

Improving SSH security

The default settings with ssh leave a little to be desired but it is quite simple to improve them
To do this you need to edit the sshd config file. Do this by entering in a terminal:

gksu gedit /etc/ssh/sshd_config
(or in kde: kdesu kwrite /etc/ssh/sshd_config)

Now we can make some modifications.

Port
It is wise to operate ssh on a different port to the default one if you can. Choose something out of the range of most port scanners. Something above 5000 is a good idea if your ISP isn't one of those Big Brother types that block ports. I will use 5876 for the example but that is an arbitrary choice. Don't forget to setup your router's port forwarding to use the same port number.
Look for "Port 22" and change this to "Port 5876"
If you do this it changes how you must address it accordingly:
In a terminal: ssh user@ip-address -p5876 (ie: ssh mintuser@192.168.0.111 -p5876)
In a filemanager: sftp://user@ip-address:port (ie: sftp://mintuser@192.168.0.111:5876)

Login Grace Time.
This is how long you allow for the password to be entered. This is set to 120 secs by default, adjust this to a figure you are happy with. 120 is probably ok because we are going to limit the number of retries allowed

Root Login .
Disable this. Why it is on by default baffles me.
Replace "PermitRootLogin yes" with "PermitRootLogin no"

Maximum login attempts.
This is also not set by default. Do it. Add this line to the Authentication section to only allow 2 tries before it boots you out. You can make it 3 if you have really clumsy fingers or a bad memory I guess. Suit yourself but no more than 2 or 3 is probably wise
MaxAuthTries 2

Don't forget to restart the server after making the changes with:
sudo /etc/init.d/ssh restart

It is possible to force ssh to use rsa keys instead of passwords for greater security but I will not go into that here, that is a topic of it's own. I suggest that you use a hard to guess password on your pc anyway.


Now you're all ready to ssh your heart out. Have fun.

-------------------------------------------------------------

Other useful commands:

sudo /etc/init.d/ssh stop - stop ssh server
sudo /etc/init.d/ssh start -start ssh server
man ssh - comprehensive description of ssh commands
Last edited by Oscar799 on Thu May 13, 2010 8:31 am, edited 2 times in total.
Reason: amended title to make it clear its a how - to guide
Image
"A bachelor is a selfish, undeserving guy who has cheated some woman out of a divorce." - Don Quinn
User avatar
cathbard
Level 3
Level 3
 
Posts: 148
Joined: Thu Apr 17, 2008 11:50 am
Location: Australia

Linux Mint is funded by ads and donations.
 

Re: Linux Networking with SSH

Postby Husse on Wed Jun 18, 2008 6:09 am

Thanks for that
This is one of my week spots......
Oh - please use gksu or gksudo for a GUI application - in rare events sudo can destroy your user authentication (at least pre Elyssa - have not had the time to check in on the present situation)
Image
Don't fix it if it ain't broken, don't break it if you can't fix it
Husse
Level 21
Level 21
 
Posts: 19710
Joined: Sun Feb 11, 2007 7:22 am
Location: Near Borås Sweden

Re: Linux Networking with SSH

Postby cathbard on Wed Jun 18, 2008 9:04 am

Fixed. I changed it to read gksu (and kdesu for kde users).

Ah this sudo stuff. Nothing beats a real root user does it? :wink:
Image
"A bachelor is a selfish, undeserving guy who has cheated some woman out of a divorce." - Don Quinn
User avatar
cathbard
Level 3
Level 3
 
Posts: 148
Joined: Thu Apr 17, 2008 11:50 am
Location: Australia

Re: Linux Networking with SSH

Postby Ede on Sat Aug 09, 2008 11:34 pm

I just want to mention sshfs, SSH-filesystem.
It lets you mount ssh-accounts as if they were disks. Works as good over the net as on a lan too. Actually, you can even mount it with fstab at start.
User avatar
Ede
Level 4
Level 4
 
Posts: 294
Joined: Thu Jun 14, 2007 7:02 pm
Location: Norway

Re: Linux Networking with SSH

Postby Fred on Sun Aug 10, 2008 9:22 am

cathbard,

Excellent how-to!

Good follow-ups too!

Thanks, :-)

Fred
Insanity: Doing the same thing over and over and each time expecting a different result.

Democracy is 2 wolves and a lamb voting on the menu. Liberty is an armed lamb protesting the electoral outcome. A Republic negates the need for an armed protest.
User avatar
Fred
Level 10
Level 10
 
Posts: 3356
Joined: Fri Jan 04, 2008 11:59 am
Location: NC USA

Re: Linux Networking with SSH

Postby Old Marcus on Fri Nov 14, 2008 7:55 pm

Cheers cathbard, awesome tutorial. :)
Linux Mint 8 RC1 = Nice
'apt install' can be used on Linux Mint as a shortcut for 'sudo apt-get install'. 'apt x' can be used for various other apt commands as well.
When a problem is solved, please add [SOLVED] to your thread title.
User avatar
Old Marcus
Level 4
Level 4
 
Posts: 395
Joined: Sun Jun 08, 2008 4:51 pm
Location: Exeter, UK

Re: Linux Networking with SSH

Postby NWAdawg on Fri Nov 14, 2008 10:59 pm

Great how-to, It made my day today.
Ubuntu User #24005, Linux User #480025
User avatar
NWAdawg
Level 1
Level 1
 
Posts: 22
Joined: Sun Sep 21, 2008 8:48 am
Location: NW Arkansas

Re: Linux Networking with SSH

Postby AndyVIII on Sat Jun 13, 2009 6:49 am

great how to!!!

first I was tinkering with NFS... difficult to set-up!
samba is working... more or less... :-(

IMHO the SSH solution is perfect, quick to set-up and easy to use!!!

to ease the usage, and to avoid problems with a dhcp server,
where the IP address depend on the startup sequence,
I have one additional remark to get around to evaluate IP addresses:

check if already installed on any pc:
openssh-client

with Synaptic: install on pc with hostname: "my-pc-one"
openssh-server
to enable the access from external to local folders.

"on my-pc-two" (<- is hostname)
To access the remote my-pc-one via ssh using Nautilus:
Toggle to text based location input in browser mode (symbol top left).
Enter the address into the location field using the following format:
sftp:// <username> @ <hostname> .local/ <foldername>/<foldername..
ie:
sftp://charlie@my-pc-one.local/some/folder

and here it is :-) :-) !!!
Last edited by AndyVIII on Sat Jun 20, 2009 12:02 am, edited 1 time in total.
AndyVIII
Level 1
Level 1
 
Posts: 11
Joined: Sat Jun 13, 2009 6:26 am

Re: Linux Networking with SSH

Postby emorrp1 on Sat Jun 13, 2009 6:57 am

mintUpload v3 (gloria) has sftp support, so if you entered an IP address in the host configuration, then you can just right-click & "upload" a file to the other machine (we're working on a CLI for v4).
If you have a question that has been answered and solved, then please edit your original post and put a [SOLVED] at the end of your subject header
Hint - use a google search including the search term site:forums.linuxmint.com
emorrp1
Level 8
Level 8
 
Posts: 2322
Joined: Thu Feb 26, 2009 8:58 pm

Re: Linux Networking with SSH

Postby RichardH on Sat Aug 08, 2009 12:56 pm

Running mint7xfce RC1.
I remember seeing mintUpload when first installed mint7gloria but it isn't available at present in the xfce CE versi9on.
Perhaps in the final release of mint7xfce.

I use Krusader which is great for connecting and transferring files to and fro via wireless or wired.
Krusader was built for all those Norton Commander/Total Commander addicts who needed a crutch to leave Windows.
It is the first thing I install in a new install of any flavor: xfce4, kde, gnome, flux, icewm, etc.
Last edited by RichardH on Mon Aug 10, 2009 12:10 pm, edited 1 time in total.
User avatar
RichardH
Level 3
Level 3
 
Posts: 133
Joined: Tue Jun 17, 2008 10:36 am
Location: Venezuela

Re: Linux Networking with SSH

Postby emorrp1 on Mon Aug 10, 2009 8:36 am

Hi RichardH, I'm not sure about the gloria XFCE progress, but the right-click integration used to be provided in a package called thunar-custom-actions-xfce which may not have been updated for gloria yet. You can still use mintUpload using the command "mintupload ~/path/to/file" in any launcher (e.g. terminal)
If you have a question that has been answered and solved, then please edit your original post and put a [SOLVED] at the end of your subject header
Hint - use a google search including the search term site:forums.linuxmint.com
emorrp1
Level 8
Level 8
 
Posts: 2322
Joined: Thu Feb 26, 2009 8:58 pm

Re: Linux Networking with SSH

Postby optimize me on Mon Aug 10, 2009 9:09 am

This is a good guide.. Thanks for writing it up!

I see where someone else mentioned using NFS and it being difficult to set up. It's certainly no more difficult than SSH, especially when setting up RSA & DSA keys come in to play. NFS is a better system for a LAN behind a NAT router, since SSH & SSHFS have encryption overhead that will slow down your file transfers considerably when compared to NFS or CIFS.

In any event, here's some more instructional links that I've collected concerning SSH that I used when setting up on my LAN. I hope someone finds them useful:
AMD Phenom II X6 1045T 2.8GHz 8GB DDR3 RAM ATI Radeon HD6970
User avatar
optimize me
Level 5
Level 5
 
Posts: 639
Joined: Wed Jun 03, 2009 5:25 pm

Re: Linux Networking with SSH

Postby RichardH on Mon Aug 10, 2009 12:21 pm

@emorrp1
thunar-custom-actions-xfce is at v1.2

richard@mint7p6x ~ $ mintupload
Traceback (most recent call last):
File "/usr/lib/linuxmint/mintUpload/mintUpload.py", line 783, in <module>
filename = sys.argv[1]
IndexError: list index out of range

$ mintupload UEOC-ubicación.png 192.168.1.100
got it running. added the service and made the attempt for proof of concept.

Thanks for the reply. I can still connect with krusader to do what was needed.
User avatar
RichardH
Level 3
Level 3
 
Posts: 133
Joined: Tue Jun 17, 2008 10:36 am
Location: Venezuela

Re: Linux Networking with SSH

Postby emorrp1 on Mon Aug 10, 2009 12:43 pm

Hi RichardH, glad you got it working (despite the problems), and if you prefer krusader, then fair enough. I've just checked, and not only is thunar...xfce the latest version, but it also includes the Upload context menu item for mintUpload, so you should be able to access it via the normal right-click on a file method - It seems I'll have to download and test the XFCE edition to check it works properly, and fix it if not. You'll be glad to know that we're working on tons of improvements for Helena, one of the first that we did being more helpful error messages :-)!
If you have a question that has been answered and solved, then please edit your original post and put a [SOLVED] at the end of your subject header
Hint - use a google search including the search term site:forums.linuxmint.com
emorrp1
Level 8
Level 8
 
Posts: 2322
Joined: Thu Feb 26, 2009 8:58 pm

Re: Linux Networking with SSH

Postby RichardH on Mon Aug 10, 2009 1:15 pm

:oops:
You are right. It is there in Thunar. Just hadn't tried right clicking which brings up Subir/Upload.
Thunar is more and more a handy app.
User avatar
RichardH
Level 3
Level 3
 
Posts: 133
Joined: Tue Jun 17, 2008 10:36 am
Location: Venezuela

Re: How-to Guide Linux Networking with SSH

Postby silver_moon on Sat Jun 29, 2013 10:09 am

When using gui file browser like konqueror or dolphin you have 2 options

Secure FTP
sftp://username@hostname

File transfer over ssh
fish://username@hostname
silver_moon
Level 1
Level 1
 
Posts: 5
Joined: Sat Jun 29, 2013 9:38 am

Linux Mint is funded by ads and donations.
 

Return to Tutorials / Howtos

Who is online

Users browsing this forum: No registered users and 14 guests