Three Timely SSH Tricks - Heart Internet Blog - Focusing on all aspects of the web

The ability to SSH into your server is one of the most versatile tools in your sysadmin toolbox. It’s more than just a simple way to connect remotely to your server, it can be used to securely copy files, make automation easier, and add even more security to your server.

So open up your SSH client of choice, log into your server, and discover more with these tricks!

Configure a more secure SSH

Although it has “Secure” in the name, and it’s secure in your default installation, you can make some tweaks to your SSH to provide an even more secure environment.

You can find the parameters to change in /etc/ssh/sshd_config

You can deny root user logins by finding the line:

PermitRootLogin Yes

Change the Yes to No.

If you have less than ten users, you can also use AllowUsers to limit which users can connect to your server using SSH. The user list is space delimited, and don’t forget to include yourself!

AllowUsers erica neville joseph sanjit

If you have more than ten, or if you’re managing your users by group, use AllowGroups and create separate groups for users.

To set up the groups first:

sudo groupadd -r sshadmin
sudo usermod -a -G sshadmin erica

Then in sshd_config, find AllowGroups and change it to:

AllowGroups sshusers

Restart the SSH daemon with:

sudo service ssh restart

Or if you use systemd, use:

sudo systemctl restart sshd

or

sudo systemctl restart ssh

Another option is only allow SSH sessions to originate from a single server – often known as the Jump server. This is great if you know that your IP address won’t change.

You can limit the allowed IP addresses through IPTables using:

sudo iptables -A INPUT -p tcp -s [IPADDRESS] -dport 22 - j ACCEPT

Copying files to and from your remote computer

SSH protocol also includes SCP (Secure Copy) and SFTP (Secure FTP), letting you securely move files between your computer and your server as needed.

You can easily copy files over if you know the specific path on the remote server:

scp index.html neville@serverfarm:/opt/test/index.html
neville@serverfarm's password: ******************
index.html           100%   0   0.0KB/s   00:00

You can also copy files from the remote server to your system by changing the syntax:

scp neville@serverfarm:/opt/text/index.html .

The trailing full stop (.) tells SCP to copy to the current directory on the local system.

SFTP works like FTP, just at the command line. You can transfer one file or many by using wildcards to either get or put files.

To initiate an SFTP session:

sftp sanjit@serverfarm

Then enter the user’s password.

To put files onto the server:

sftp> put index.html
sftp> put index.html shop.html opening-hours.html
sftp> mput *.html

To get files from the server:

sftp> get index.html
sftp> get index.html shop.html opening-hours.html
sftp> mget *.html

Set up a passwordless SSH connection for automated scripting

It’s often convenient to connect from one server to another, especially for automated tasks, but you could run the risk of your scripts containing passwords, which is a major security risk.

You can set up shared keys, which are also a security risk, but since you can control which systems the users can connect to, you can add an extra layer of security.

Use SSH to connect to every host you want to configure passwordless SSH in. Then SSH back to the original host from each system to accept the host fingerprint and establish a local .ssh directory in the user’s home directory on the remote system

ssh-keygen -t rsa
cat. ssh/id_rsa.pub >> .ssh/authorized_keys
cat .ssh/authorized_keys | ssh serverfarm 'cat >> .ssh/authorized_keys'

Enter the password for the remote host

Type exit to return to the original host

SSH into the remote host – no password is required!

SSH is a remarkable tool for managing your server. Learning how to use SSH, whether you read books or use online articles, helps to make you a very powerful administrator.

What are some SSH tricks you use on your servers?

Subscribe to our monthly Heart Internet newsletter, filled with the latest articles about web design, development, building your business, and exclusive offers.

Subscribe now!

Comments

Please remember that all comments are moderated and any links you paste in your comment will remain as plain text. If your comment looks like spam it will be deleted. We're looking forward to answering your questions and hearing your comments and opinions!

Leave a reply

Comments are closed.

Drop us a line 0330 660 0255 or email sales@heartinternet.uk