tested on Centos v7
The ssh, or Secure Shell, is a cryptographic network protocol used to securely log onto remote systems. ssh was designed as a replacement for Telnet and for other unsecured remote shell protocols. It is the most common way to access remote Linux servers.
It can be used to log into a Linux server from another Linux server using ssh command. It can also be used from any computer that supports ssh compatible terminal emulation software such as putty client
The ssh service is probably already running on your Linux server. Use systemctl status command to see if it is running
# systemctl status sshd.service
output:
● sshd.service - OpenSSH server daemon Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled) Active: active (running) since 2015-11-21 09:32:37 EST; 1h 22min ago Docs: man:sshd(8) man:sshd_config(5) Main PID: 9434 (sshd) CGroup: /system.slice/sshd.service └─9434 /usr/sbin/sshd -D Nov 21 11:55:21 localhost.localdomain sshd[11234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0...=root Nov 21 11:55:26 localhost.localdomain sshd[11236]: Accepted password for username from 99.99.226.96 port 61586 ssh2 tty=ssh ...=root ...
If not, try starting it
To start ssh
# systemctl start sshd.service
To install ssh if not already installed.
install ssh server yum install openssh-server.x86_64
once installed you may want to open up port in firewall
# iptables -I INPUT 1 -p tcp --dport 22 -j ACCEPT
where:
If everything is set up we should be able to to connect to remote IP with user username from remote machine:
ssh username@192.168.1.1
to edit ssh configuration file
# vi /etc/ssh/sshd_config
If your ssh access is accessible from the web, you proabaly want to make sure hackers can't try to guess your root user's password. To accomplish this set PermitRootLogin=no. Make sure to set up and test another user first
PermitRootLogin no
Other keywords give you some control on who can use ssh. These include:
AllowGroups AllowUsers DenyGroups DenyUsers
Other security considerations
Time allowe to login:
LoginGraceTime 30s
Change the ssh port number (security by obscurity):
Port 2222
limit IP addresses that ssh will listen to
ListenAddress 192.1.1.4 ListenAddress 192.1.1.5
A set idle timeout time can be achived with these settings
ClientAliveInterval 300 ClientAliveCountMax 0
scp stands for "secure copy". It is similar to the cp command except one or both of the locations may be on a remote system. scp copies files securely between hosts on a network. It uses ssh for data transfer, and uses the same authentication and provides the same security as ssh. scp will ask for passwords or passphrases if they are needed for authentication.
Example
scp /home/backups/daily_backup*.tar.gz username@mysite.com:/home/newbackups
Where