Harnessing the power of SSH

One piece of software I regularly use on various systems is SSH. It is a very powerful and useful protocol for remote and encrypted connectivity internal or external to your network.

One piece of software I regularly use on various systems is SSH. It is a very powerful and useful protocol for remote and encrypted connectivity internal or external to your network. One thing that makes it extremly powerful on GNU/Linux systems is that it directly connects you to the shell on the host/remote system, which allows complete system administration. In addition, it is very easy to set up and by default all traffic is encrypted right out of the box. If a command is available in your shell, it is available through SSH because it's basically a direct connection to your shell on the host system. Many applications on GNU/Linux systems are command line based programs, often times with a graphic front-end written that makes them simpler to use. If you know the right commands to use, you can do anything on your system such as look at disk space, look at partitions, monitor system resources, see who is logged in, view system processed, end tasks, and the list is practically infinite. And, shells are color coded which as simple as it sounds, helps tremendously in various cases.

SSH tunneling and port forwarding

There is more to SSH than just the remote terminal. One of the most useful features I've found with SSH is the ability to tunnel TCP traffic through the SSH connection. I find it a common and very usable piece of SSH, mainly useful if you don't want the extra bloat of a VPN but simply want secure remote connectivity and access to a few things on the remote network. SSH tunneling is very useful when you need two applications to talk to one another remotely over the Internet. If the applications are TCP/IP aware, SSH tunneling will allow secure communication between the two. For example, many sites will use rsync to synchronize filesystems from one host to another remote host over the Internet, and use SSH tunneling to encrypt the rsync connection. The only requirement is the SSH client software running on the client machine, and SSH server software running on the destination host.

The SSH tunneling feature relies on the port forwarding feature of SSH. This is enabled by default for the SSH server, where a single host can forward SSH connections (and other TCP ports) to other internal hosts on its network. So for instance, you can tell your SSH client to connect to an SSH server, and also specify additional ports on your local system to map to the same or different ports on various hosts located on the same internal network as the SSH server. I commonly use this scenario for connecting to a host with SSH and using the terminal, but then forwarding my local PC port 5910 to a remote server at port 5900 for using VNC at the same time. I open VNC and connect to which will connect to the remote host because the port is being forwarded through the SSH session. The forwarded (or mapped) ports are active as soon as the SSH connection is established.

Secure file copy (SCP)

There is also another extension of SSH which is the SCP protocol (Secure Copy Protocol). This is a way of securely copying files to and from the host system once the SSH session is established. I don't use this feature much so I won't go into detail about it, but I did want to make a mention of it.

SSH software

On GNU/Linux, setting up the SSH server and client software is very easy. On Fedora/CentOS/RHEL, it's as simple as installing the "openssh" and "openssh-server" packages; the "openssh" package contains the client components, and "openssh-server" contains the SSH server components. On Windows, there are various forms of SSH that have been ported from Unix/Linux (mainly the SSH server software). I have not tried to set up an SSH server on Windows in a long time, but searching for this should result in enough resources to allow a Windows user to set it up.

The command line version of SSH is called "ssh" and is the basic ssh client. If I need a quick connection to a host I use this once in a while. But I prefer PuTTY as my graphical SSH client and has full support for all of the SSH features. It has full support for SSH tunneling and is a very stable piece of software available for Windows, Mac OS X, and GNU/Linux, making it a very powerful and cross platform solution. In PuTTY under the Tunnels section of the session configuration options, you will see options for Port Forwarding. To configure a TCP port to forward, the setup is as simple as adding an entry, and specifying the local port (on your PC) and which destination host/port it maps to. The destination host of course is located on the same network as the SSH host you are connecting to. You can also connect to the SSH host itself by specifying as the destination host in the Port Forwarding entry. You just need to make sure if you use a host name, that the SSH server you are connecting to can resolve that name (either by DNS or the /etc/hosts file), otherwise the forwarding entry will fail. You can use IP addresses as well, but keep in mind that if the destination server's IP address gets changed you will have to remove and add the forwarding entry in PuTTY; there is no way to edit entries.

I've contrasted SSH to PowerShell in the past. SSH is nice because the components are very lightweight and completely compatible with many operating systems like GNU/Linux, Mac OS X, Windows, and more. PowerShell is not completely cross-platform compatible. What I also like about SSH is that it is a direct connection to your shell on the remote system, so what you get on the local terminal on that host system is also what you get in the remote SSH session. Bash is the default shell on many GNU/Linux distributions which is very powerful. There are no extensions to install or mess around with like PowerShell, because the client software with SSH is extremely lightweight; its job is mainly to connect securely to the host system and transfer text data back and forth. Simplicity at its best.