The SSH client is a necessary utility when using an SSH connection between two machines. It is designed to enter the operating system of a remote computer and execute commands in it. The client is installed on the user's local machine. It must be authenticated on the server, and only after that the service begins. The client can be implemented to work in the terminal or have a graphical configuration interface.
What is SSH?
SSH (Secure Shell) translates literally as “secure shell”. In use, SSH is a network protocol through which secure management of the operating system of a remote node on the network is performed. It provides a secure connection, authentication and data transfer from one host to another thanks to the encryption of traffic passing through it.
It allows you to create encrypted tunnels for the secure transmission of other network protocols over an insecure network, such as the Internet. Often it is used to redirect the ports of one computer to the ports of another.
SSH was launched by Tatu Ilenen from Finland in 1995, who used it as a more confidential protocol. This version was called SSH-1. At the moment, almost never used.
In 1996, an improved version of SSH-2 was developed. It is incompatible with SSH-1, more secure and has an extended list of encryption algorithms. Now SSH is understood to be the version of SSH-2. Since 2006, the protocol has been recognized by the Internet standard by the IETF.
There are two main implementations of SSH. One of them is proprietary, which is being developed by SSH Communications Security. The second is OpenSSH, created under the leadership of Theo de Raadt as a free open alternative to the first. It is the most common and included in the delivery of most Unix-like systems.
What is SSH Client and SSH Server
SSH connection is implemented using two main components: client and server.
In simple words, a user through a client that is installed on the local computer gains access to a remote machine (server). It is worth noting that the client can be implemented with a graphical shell (both a desktop application) and for working in a terminal (console).
The SSH server listens for network connections from clients and, upon receipt of a connection request, performs the necessary steps for authorization. If successful, it starts the service installed for the remote client.
Secure access is organized using an authentication procedure using asymmetric public key encryption the first time you connect. Subsequently, symmetric encryption is used.
The SSH standard includes three protocols:
- Transport layer protocol - guarantees server authentication, privacy and integrity. Provides data compression. Works on top of TCP / IP.
- Authentication Protocol - Performs client authentication for the server. Acts on top of the transport protocol layer.
- Connection Protocol - represents an encrypted channel in the form of a multiplexed channel from several logical channels used for different services. Works on top of the authentication channel.
The increased security is guaranteed by client authentication for the server accessed by the ssh client and server authentication by the client. Both sides are authenticated.
The client sends the request for the first time when a secure connection to the transport layer is established. The second request is sent after the authentication of the SSH client is complete.
OpenSSH implementation
OpenSSH is an open source implementation of the OpenBSD team. It is the most common version due to free distribution.
The OpenSSH package includes a set of such tools:
- SSHD - the server side.
- SSH is the client side.
- SCP is a utility for secure file copying.
- SSH-keygen - generates public keys (RSA, DSA and others) for computers and users.
- SSH-keyscan - collects public keys on the network.
- SSH-agent - stores personal RSA keys for subsequent authorization with public keys.
- SSH-add - Adds new private keys to the SSH-agent.
- SFTP-server - SFTP server.
- SFTP - a utility for secure file copying via FTP.
OpenSSH is included in the box for most Unix-like systems. The most common are Linux, Open (Free, Net) BSD, Solaris, HP-UX, Irix, MacOS X and others.
Active development is underway in the implementation of OpenSSH for Windows, which is available for download on site. It allows you to create an SSH server in systems of the Windows family, has an SSH client for connecting. OpenSSH for Windows is included with CygWin.
The most popular among users are distributions based on the Linux kernel. In the future, all examples of using SSH will be implied in the configuration of OpenSSH. For clarity, Linux will configure the SSH client for Ubuntu, Windows, and Mac OS X.
Install and configure openssh-server
There are many configuration options for OpenSSH-server. Client configuration should be based on the server config. This section provides an example of an SSH server installed on Ubuntu Server Edition. The following client setup descriptions will use this server configuration.
1. There are two ways to install OpenSSH -server:
1.1. Choose to install the OpenSSH -server package immediately during the deployment of Ubuntu Server /
1.2. Download and install from the repository by running the command:
2. You can familiarize yourself with the default SSHD server configuration values in the / etc / ssh / sshd_config file using the command:
3. Before changing the default settings, you must create a backup copy of the file and protect it from writing. This is done in case you need to roll back to the default value in case of an error.
4. TCP port 22 is set in the default settings. For security, it is recommended to replace it with a non-standard value, for example, 5754. You can change the Port directive with the command:
5. Save the file / etc / ssh / sshd_config and restart SSHD:
The server is installed and configured. Now it listens on port 5754. By default, any user of the system with access rights can access. Authentication is performed using a password or keys DSA, RSA, ed25519, etc.
Cross-platform OpenSSH-client for the terminal. SSH client for Linux
It was said earlier that the most commonly used implementation of the SSH protocol is OpenSSH, which comes by default with most builds of Linux distributions. In some cases, OpenSSH can be downloaded from the repositories for this distribution.
As part of the packages, the OpenSSH client is implemented as an SSH program, which is launched by the command of the same name. Configuring and managing the client is done through the terminal; it does not have a graphical interface. It is considered the simplest and most convenient version.
Install and configure OpenSSH-client on Ubuntu
On the remote machine there is an installed and configured OpenSSH-server. The task is to access it from the local computer on which Ubuntu is installed.
1. In Ubuntu, the OpenSSH-client distribution is not added by default, so you need to install it with the command:
2. After installing the program, it is called by the SSH command from the terminal without Root.
3. If you are using user authentication with a password:
1) the connection is made by the command:
- username - account name on the remote machine,
- host is the IP address of the remote server (or domain, if the domain has been delegated to the server);
2) after entering the command, you must press Enter - a request for entering a password appears; it is required to enter the password for the account of the remote machine (you should be careful, because for security the password is not displayed in any way)
3) after the password is entered correctly, the terminal window of the remote server appears with a greeting; Now you can execute the necessary commands.
4. If authorization is required for DSA keys:
1) if necessary, generate public and private SSH keys from the OpenSSH-client:
2) by default, the public key is saved in the file /home/user/.ssh/id_dsa.pub, and the private one in /home/user/.ssh/id_dsa;
3) the generated public key must be copied to the remote machine and added to the authorization /home/user/.ssh/authorized_keys with the command:
The user can now authenticate with the SSH server without entering a password.
Installing and Configuring OpenSSH for Cygwin Terminal on Windows
Installing Cygwin is done by running the Cygwin.exe file, which is downloaded from the official site.
Cygwin is an assembly of many different packages. To work with a remote terminal, only OpenSSH is required. You can find it using the search in Cygwin itself.
After installing the package, you need to run Cygwin Terminal and enter the command:
Then press Enter. A password prompt appears. After authentication, the terminal of the remote server appears with a greeting from the user.
The syntax is exactly the same as in the OpenSSH-client implemented for Linux.
Cross Platform SSH Client with PuTTY GUI
Putty is an SSH graphical client for remote administration that includes support for the SSH protocol. The program is open source and completely free.
Initially released only for Windows OS, but later the client was ported to Linux, included in the repositories of almost all popular distributions.
Actively developed to work on Mac OS X.
The PuTTY configuration window looks the same on all operating systems. The difference exists only in the installation methods. Therefore, the installation methods for the three operating systems will be presented first, and then the PuTTY settings.
Install PuTTY Linux Ubuntu
1. You can install PuTTY with the command:
2. The launch is performed by putty command from the terminal or by clicking the mouse from the menu:
3. The client settings window opens, where you need to specify the connection parameters.
Install PuTTY for Windows
To install, you need to download putty.exe, save it in a convenient place, for example, on your desktop. The program is launched by two clicks of the left mouse button.
PuTTY is an SSH client for Mac. Install and run the GUI version
At the time of writing, PuTTY was not adequately ported to work on Mac OS X. Problems arose in compiling the part that is responsible for the graphical interface.
For installation, you must perform some preliminary work.
1. Install Xcode.
A package of utilities and programs from Apple for the development and assembly of applications for Mac OS X.
For Mac OS X 10.7 Lion, you must install Command Line Tools for Xcode from Apple Developer.
After installation, you must accept the license agreement:
2. Install Xquartz.
This is an implementation of the X.Org X Window System (X11) server for Mac OS X. Required for the GUI version of PuTTY written in GTK +. You can install from the official site. After installation, relogin is required.
3. Install Homebrew.
Installation is performed by the command:
Next, you need to check for correct installation using the command:
4. Putty installation is performed by the command:
The process may take more than half an hour, as many dependencies like Glib / GTK + / Pango / Cairo will be installed.
5. Creating the Putty.app startup file.
You need to run Automator.app. In the document type, select “program”, in the actions you need to select “run shell script”, in the input field specify the path to the executable file “/ user / local / bin / putty”, save it as “putty.app”, indicating the file format “ program ”, to the“ program ”directory. If desired, the standard icon can be replaced.
Configure SSH PuTTY Client
The SSH PuTTY graphical client setup process looks the same on all operating systems. The appearance is slightly different depending on the design of the working environment.
To connect to a remote machine via SSH, you must run PuTTY. In the window that appears, you need to set the parameters:
Connection Type - connection type - is established by SSH.
Host Name (or IP-adress) - host name, or IP-address - here is the IP address of the remote server, domain name or Internet address. In the above example, the IP address is 192.168.128.3
Port - the listening port - on the server that was given as an example, port 5754 is configured. We specify it.
If desired, you can save the settings for this session.
When you click "Open", a terminal window will appear where you will be required to enter the account name of the remote machine and password.
If you need to authenticate the client with a pair of keys, you will need the puttygen.exe utility, which runs on Windows. PuTTY-Gen generates its public and private key pair.
The public key must be added to the server, it is generated in the SSH standard. You can add the key in the same way, through OpenSSH in the terminal or using PuTTY, having passed the first login-password authorization.
The private key is generated in .ppk format and is added to the client. On the left in the tree you need to find SSH, expand the list, find Auth and in this parameter select the key in the "Private key file for Authentication" field.
After these manipulations, the user can authenticate with the server without entering a password.
At the moment, PuTTY is considered a universal SSH client with a graphical interface. Third-party developers Gao-Feng created the SSH client for Android as a mobile version of PuTTY.
Best SSH Client
There is still no consensus on which SSH client is better to use. System administrators select utilities based on their own needs.
As a rule, users of * Unix systems are inclined to use standard SSH from the OpenSSH package. It has an understandable universal syntax and is available directly from the terminal. To work with additional tools like Secure File Copy (SCP), you do not need to install additional programs. Everything you need is included in OpenSSH.
GUI fans who typically run on Windows operating systems use PuTTY. This is considered to be the best SSH client for Windows. It has all the necessary tools for tunneling, copying files and so on, even if this requires downloading additional modules.