Working with SSH Connectivity

No comments

You are given a task to login to 5 different machines and check the CPU and memory utilization, Are you tired of entering the password every time and logging in ? SSH Key based authentication solves this problem very well, lets see how , stay tuned to this tutorial and this will help and guide you forever with SSH connectivity. So Lets start !!

Introduction to SSH

SSH is secure shell protocol to connect Linux machines securely and remotely. When you connect to remote machine , you login using account that already exists. When you connect to remote machine you are dropped into shell session which is text based interface and also to achieve this your machine must have ssh client installed and SSH Daemon must be running on remote machine.

You can connect to remote machines using

  1. Password login – Unsafe and not recommended
  2. SSH Keys – Very secure

Lets talk about SSH KEYS

SSH keys are sets of matching cryptographic keys which can be used for authentication . One of them is Private key ( Never share with anyone and keep it for your login purpose) and other is Public Key which can be shared. Lets get started and Generate SSH Keys

Generate an SSH Key Pair and Connecting to remote machine using SSH keys

METHOD 1 : Connecting two remote machines with new key Pair

There are lots of cryptographic algorithm are used to generate SSH keys such as RSA , DA and ECDSA and among them RSA is preferred.

  1. ssh-keygen

2. Select all the as default as of now and continue with Enter

3. It will generate Private and public keys under ~/.ssh

id_rsa is Private key and id_rsa.pub is Public Key

4. Copy the Public Key to another remote machine

ssh-copy-id ubuntu@remotemachine

5. Once you copy the public key to remote machine , it gets stored under ~/.ssh/authorized_keys file in remote machine

7. You can use a single command as well without ssh-copy-id

cat ~/.ssh/id_rsa.pub | ssh ubuntu@remotemachine “mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys”

6. Now try logging into machine without password.

ssh ubuntu@remotemachine

METHOD 2 : Connecting two remote EC2 instances which already have key Pairs

  1. Create a new KeyPair under EC2 dashboard with name “newly”

2. Download the pem format key which got created (newly.pem)

3. Launch two EC2 instance from AWS console name it source instance and remote instance with keypair (“newly”)

IP address of Source in my case is : 10.111.4.53

IP address of destination in my case is : 10.111.4.18

4. Convert newly.pem into newly.ppk using puttygen tool ( This will be used to login to source machine)

5. Now Login to source machine using Public IP address with newly.ppk key

6. Under Home directory create a file named awskeypair .

7. Now paste the (newly.pem key ) content from your local machine to awskeypair file.

8 . Modify the permissions of awskeypair file to 600 ( chmod awskeypair 600)

9. Now You are set , lets run the command

ssh -i awskeypair ubuntu@10.111.4.18

CONCLUSION:

“This way you can secure your connections SSH connections and you dont need to enter password every time you login to your remote machines. This is very essential for running Ansible Playbooks as well.”

Finally, Lets Make things More Secure by looking at important Connection Instructions below.

Important Connection Instructions

  • Connect to Remote server
    • ssh remotemachine
  • Connect to Remote server with different user on remote machine
    • ssh user@remotemachine
  • Connect to Remote server and run command
    • ssh user@remotemachine command-to-run
  • Connect to Remote server if it runs on NON standard Port 22
    • ssh -p port_number user@remotemachine
  • Disable Password Authentication
    • Modify /etc/ssh/sshd_config
    • and Mark PasswordAuthentication as NO
    • Run command service ssh restart
  • Changing the SSH Daemon Port on which it runs
    • vi /etc/ssh/sshd_config
    • Comment out Port 22 and add desired Port
    • Run command service ssh restart
  • Limit Users or Groups to Login
    • vi /etc/ssh/sshd_config
    • Search for Allowusers and then append usernames in front of it ( For users )
    • Search for AllowGroups and then append group-names in front of it ( For Groups )
    • Run command service ssh restart
  • Disable Root Login
    • vi /etc/ssh/sshd_config
    • PermitRootLogin no
    • Run command service ssh restart

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s