Harnessing the power of SSH

Harnessing the power of SSH

Summary: One piece of software I regularly use on various systems is SSH. It is a very powerful and useful protocol for remote and encrypted connectivity internal or external to your network.

SHARE:
TOPICS: Open Source
2

One piece of software I regularly use on various systems is SSH. It is a very powerful and useful protocol for remote and encrypted connectivity internal or external to your network. One thing that makes it extremly powerful on GNU/Linux systems is that it directly connects you to the shell on the host/remote system, which allows complete system administration. In addition, it is very easy to set up and by default all traffic is encrypted right out of the box. If a command is available in your shell, it is available through SSH because it's basically a direct connection to your shell on the host system. Many applications on GNU/Linux systems are command line based programs, often times with a graphic front-end written that makes them simpler to use. If you know the right commands to use, you can do anything on your system such as look at disk space, look at partitions, monitor system resources, see who is logged in, view system processed, end tasks, and the list is practically infinite. And, shells are color coded which as simple as it sounds, helps tremendously in various cases.

SSH tunneling and port forwarding

There is more to SSH than just the remote terminal. One of the most useful features I've found with SSH is the ability to tunnel TCP traffic through the SSH connection. I find it a common and very usable piece of SSH, mainly useful if you don't want the extra bloat of a VPN but simply want secure remote connectivity and access to a few things on the remote network. SSH tunneling is very useful when you need two applications to talk to one another remotely over the Internet. If the applications are TCP/IP aware, SSH tunneling will allow secure communication between the two. For example, many sites will use rsync to synchronize filesystems from one host to another remote host over the Internet, and use SSH tunneling to encrypt the rsync connection. The only requirement is the SSH client software running on the client machine, and SSH server software running on the destination host.

The SSH tunneling feature relies on the port forwarding feature of SSH. This is enabled by default for the SSH server, where a single host can forward SSH connections (and other TCP ports) to other internal hosts on its network. So for instance, you can tell your SSH client to connect to an SSH server, and also specify additional ports on your local system to map to the same or different ports on various hosts located on the same internal network as the SSH server. I commonly use this scenario for connecting to a host with SSH and using the terminal, but then forwarding my local PC port 5910 to a remote server at port 5900 for using VNC at the same time. I open VNC and connect to 127.0.0.1:10 which will connect to the remote host because the port is being forwarded through the SSH session. The forwarded (or mapped) ports are active as soon as the SSH connection is established.

Secure file copy (SCP)

There is also another extension of SSH which is the SCP protocol (Secure Copy Protocol). This is a way of securely copying files to and from the host system once the SSH session is established. I don't use this feature much so I won't go into detail about it, but I did want to make a mention of it.

SSH software

On GNU/Linux, setting up the SSH server and client software is very easy. On Fedora/CentOS/RHEL, it's as simple as installing the "openssh" and "openssh-server" packages; the "openssh" package contains the client components, and "openssh-server" contains the SSH server components. On Windows, there are various forms of SSH that have been ported from Unix/Linux (mainly the SSH server software). I have not tried to set up an SSH server on Windows in a long time, but searching for this should result in enough resources to allow a Windows user to set it up.

The command line version of SSH is called "ssh" and is the basic ssh client. If I need a quick connection to a host I use this once in a while. But I prefer PuTTY as my graphical SSH client and has full support for all of the SSH features. It has full support for SSH tunneling and is a very stable piece of software available for Windows, Mac OS X, and GNU/Linux, making it a very powerful and cross platform solution. In PuTTY under the Tunnels section of the session configuration options, you will see options for Port Forwarding. To configure a TCP port to forward, the setup is as simple as adding an entry, and specifying the local port (on your PC) and which destination host/port it maps to. The destination host of course is located on the same network as the SSH host you are connecting to. You can also connect to the SSH host itself by specifying 127.0.0.1 as the destination host in the Port Forwarding entry. You just need to make sure if you use a host name, that the SSH server you are connecting to can resolve that name (either by DNS or the /etc/hosts file), otherwise the forwarding entry will fail. You can use IP addresses as well, but keep in mind that if the destination server's IP address gets changed you will have to remove and add the forwarding entry in PuTTY; there is no way to edit entries.

I've contrasted SSH to PowerShell in the past. SSH is nice because the components are very lightweight and completely compatible with many operating systems like GNU/Linux, Mac OS X, Windows, and more. PowerShell is not completely cross-platform compatible. What I also like about SSH is that it is a direct connection to your shell on the remote system, so what you get on the local terminal on that host system is also what you get in the remote SSH session. Bash is the default shell on many GNU/Linux distributions which is very powerful. There are no extensions to install or mess around with like PowerShell, because the client software with SSH is extremely lightweight; its job is mainly to connect securely to the host system and transfer text data back and forth. Simplicity at its best.

Topic: Open Source

Chris Clay

About Chris Clay

After administering Linux and Windows for over 17 years in multiple environments, my focus of this blog is to document my adventures in both operating systems to compare the two against each other. Past and present experiences have shown me that Linux can replace Windows and succeed in a vast variety of environments. Linux has proven itself many times over in the datacentre and is more than capable for the desktop.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

2 comments
Log in or register to join the discussion
  • This is a good article on SSH -- but why does it mention PowerShell?

    Does the author not realize that PowerShell is to Windows as Bash is to GNU/Linux? It makes no sense to "contrast SSH to PowerShell" anymore than it would make sense to contrast SSH to Bash.

    If anything, you could and should have contrasted SSH to Windows Remoting (WinRM), Microsoft's closed-source implementation of WS-Remoting, which is what PowerShell uses for managing remote systems. It's interesting (and for many purposes, serves the same purpose as SSH) but extremely different in so many ways. It supports one-to-many remoting, but is rather clumsy at the one-to-one remoting that SSH is so excellent at.
    Jaykul-3bc50
  • Jaykul :

    I mentioned PowerShell because it, like SSH, is a way to remotely access a shell on a Windows system. You bring up a good point with WinRM; it seems there are a lot of pieces all trying to work together with Windows remote administration, whereas SSH is just one mechanism. Thanks for the comments.
    Chris_Clay