The ability to SSH into your server is one of the most versatile tools in your sysadmin toolbox. It’s more than just a simple way to connect remotely to your server, it can be used to securely copy files, make automation easier, and add even more security to your server.
So open up your SSH client of choice, log into your server, and discover more with these tricks!
Configure a more secure SSH
Although it has “Secure” in the name, and it’s secure in your default installation, you can make some tweaks to your SSH to provide an even more secure environment.
You can find the parameters to change in /etc/ssh/sshd_config
You can deny root user logins by finding the line:
PermitRootLogin Yes
Change the Yes
to No
.
If you have less than ten users, you can also use AllowUsers
to limit which users can connect to your server using SSH. The user list is space delimited, and don’t forget to include yourself!
AllowUsers erica neville joseph sanjit
If you have more than ten, or if you’re managing your users by group, use AllowGroups
and create separate groups for users.
To set up the groups first:
sudo groupadd -r sshadmin
sudo usermod -a -G sshadmin erica
Then in sshd_config
, find AllowGroups
and change it to:
AllowGroups sshusers
Restart the SSH daemon with:
sudo service ssh restart
Or if you use systemd, use:
sudo systemctl restart sshd
or
sudo systemctl restart ssh
Another option is only allow SSH sessions to originate from a single server – often known as the Jump server. This is great if you know that your IP address won’t change.
You can limit the allowed IP addresses through IPTables using:
sudo iptables -A INPUT -p tcp -s [IPADDRESS] -dport 22 - j ACCEPT
Copying files to and from your remote computer
SSH protocol also includes SCP (Secure Copy) and SFTP (Secure FTP), letting you securely move files between your computer and your server as needed.
You can easily copy files over if you know the specific path on the remote server:
scp index.html neville@serverfarm:/opt/test/index.html
neville@serverfarm's password: ******************
index.html 100% 0 0.0KB/s 00:00
You can also copy files from the remote server to your system by changing the syntax:
scp neville@serverfarm:/opt/text/index.html .
The trailing full stop (.) tells SCP to copy to the current directory on the local system.
SFTP works like FTP, just at the command line. You can transfer one file or many by using wildcards to either get or put files.
To initiate an SFTP session:
sftp sanjit@serverfarm
Then enter the user’s password.
To put files onto the server:
sftp> put index.html
sftp> put index.html shop.html opening-hours.html
sftp> mput *.html
To get files from the server:
sftp> get index.html
sftp> get index.html shop.html opening-hours.html
sftp> mget *.html
Set up a passwordless SSH connection for automated scripting
It’s often convenient to connect from one server to another, especially for automated tasks, but you could run the risk of your scripts containing passwords, which is a major security risk.
You can set up shared keys, which are also a security risk, but since you can control which systems the users can connect to, you can add an extra layer of security.
Use SSH to connect to every host you want to configure passwordless SSH in. Then SSH back to the original host from each system to accept the host fingerprint and establish a local .ssh directory in the user’s home directory on the remote system
ssh-keygen -t rsa
cat. ssh/id_rsa.pub >> .ssh/authorized_keys
cat .ssh/authorized_keys | ssh serverfarm 'cat >> .ssh/authorized_keys'
Enter the password for the remote host
Type exit
to return to the original host
SSH into the remote host – no password is required!
SSH is a remarkable tool for managing your server. Learning how to use SSH, whether you read books or use online articles, helps to make you a very powerful administrator.
What are some SSH tricks you use on your servers?
Comments
Please remember that all comments are moderated and any links you paste in your comment will remain as plain text. If your comment looks like spam it will be deleted. We're looking forward to answering your questions and hearing your comments and opinions!