SSH Client: Configuration. Best SSH client

The SSH client is a necessary utility when using an SSH connection between two machines. It is designed to enter the operating system of a remote computer and execute commands in it. The client is installed on the local machine of the user. It must be authenticated on the server, and only after that service begins. The client can be implemented to work in the terminal or have a graphical configuration interface.

What is SSH?

SSH (Secure Shell) is translated literally as a "safe shell". In use, SSH is a network protocol that allows you to safely manage the operating system of a remote node on the network. Provides a secure connection, authentication and data transfer from one host to another by encrypting traffic passing through it.

It allows you to create encrypted tunnels to securely transfer other network protocols through an unprotected network, such as the Internet. It is often used to redirect ports of one computer to the ports of another.

The beginning of SSH was laid by Tatu Ilenen from Finland in 1995, which involved him as a more confidential protocol. This version was called SSH-1. At the moment, almost never used.

In 1996, an improved version of SSH-2 was developed. It is incompatible with SSH-1, more secure and has an expanded list of encryption algorithms. Now SSH is understood as the version of SSH-2. Since 2006, the protocol has been recognized as an Internet standard by the IETF.

There are two main implementations of SSH. One of them is proprietary, which is developed by SSH Communications Security. The second is OpenSSH, created under the guidance of Theo de Raadt as a free open alternative to the first. It is the most common and is included in the delivery of most Unix-like systems.

What is the SSH client and the SSH server?

Connection via the SSH protocol is implemented using two main components: the client and the server.

In simple words, the user through the client that is installed on the local computer, gets access to the remote machine (the server). It should be noted that the client can be implemented with a graphical shell (as a destktopnoe application), and for work in the terminal (console).

The SSH server listens for client network connections and upon receipt of a connection request performs the necessary actions for authorization. If successful, runs the service installed for the remote client.

Secure access is organized using an authentication procedure using asymmetric encryption with a public key on the first connection. In the future, symmetric encryption is used.

The SSH standard includes three protocols:

• Transport Layer Protocol - ensures server authentication, privacy and integrity. Provides data compression. Works on top of TCP / IP.

• Authentication protocol - performs client authentication for the server. Operates over the transport protocol layer.

• Connection protocol - represents an encrypted channel in the form of a multiplexed channel of several logical ones used for different services. Runs on top of the authentication channel.

Increasing security is guaranteed by client authentication for the server that the ssh client accesses and server authentication by the client. Authentication of both parties takes place.

The client sends the request the first time a secure transport connection is established. The second request is sent after the SSH client authentication is completed.

Implementation of OpenSSH

OpenSSH is an open implementation of the OpenBSD team. It is the most common version due to free distribution.

The OpenSSH package includes a set of such tools:

• SSHD is the server part.
• SSH is the client part.
• SCP is a utility for secure file copying.
• SSH-keygen - generates public keys (RSA, DSA and others) for computers and users.
• SSH-keyscan - collects public keys on the network.
• SSH-agent - stores personal RSA keys for subsequent authorization with public keys.
• SSH-add - adds new private keys to the SSH-agent.
• SFTP-server is an SFTP server.
• SFTP is a utility for securely copying files over FTP.

OpenSSH is included in the package out of the box for most Unix-like systems. The most common are Linux, Open (Free, Net) BSD, Solaris, HP-UX, Irix, MacOS X and others.

Active development is carried out in the implementation of OpenSSH for Windows, which is available for download on Site. It allows you to create an SSH server in Windows family systems, has an SSH client for connection. OpenSSH for Windows is included in the CygWin package.

The most popular among users are distributions based on the Linux kernel. In the future, all examples of using SSH will be implied in the configuration of OpenSSH. For clarity of work in Linux, the SSH client for Ubuntu, Windows and Mac OS X will be configured.

Install and configure openssh-server

There are many options for configuring OpenSSH -server. The client must be configured based on the config server. This section provides an example of an SSH server installed on Ubuntu Server Edition. In subsequent client configuration descriptions, the configuration of this server will be used.

1. There are two ways to install OpenSSH-server:

1.1. Select the installation of the OpenSSH -server package immediately in the process of deploying Ubuntu Server /

1.2. Download and install from the repository by running the command:

2. You can familiarize yourself with the values of the default SSHD server configuration in the / etc / ssh / sshd_config file with the command:

3. Before changing the default settings, you must create a backup copy of the file and protect it from writing. This is done in case you need to roll back to the default value in case of an error.

4. The default setting is TCP port 22. For security, it is recommended to replace it with a non-standard value, for example, 5754. To change the Port directive, you can use the command:

5. Save the file / Etc / ssh / sshd_config and restart SSHD:

The server is installed and configured. Now it listens on port 5754. By default, any user of the system with access rights can gain access. Authentication is performed using a password or keys DSA, RSA, ed25519, etc.

Cross-platform OpenSSH-client for the terminal. SSH client for Linux

Earlier it was said that the most commonly used implementation of the SSH protocol is OpenSSH, which by default ships with most Linux distributions. In some cases, OpenSSH can be downloaded from the repositories for this distribution.

As part of the packages, the OpenSSH client is implemented as an SSH program, which is launched by the same command. Configuration and management of the client is done through the terminal, it does not have a graphical interface. It is considered the simplest and most convenient version.

Installing and Configuring the OpenSSH-client on Ubuntu

The remote machine has an installed and configured OpenSSH-server. The task is to access it from the local computer on which Ubuntu is installed.

1. In Ubuntu by default, the OpenSSH-client distribution is not added, so you need to install it:

2. After installing the program, it is called by the SSH command from the terminal without Root.

3. If user authentication using a password is used:

1) the connection is made by the command:

• Username is the name of the account on the remote machine,
• Host is the IP address of the remote server (or domain, if the domain was delegated to the server);

2) after entering the command, you must press Enter - you will be prompted for the password; It is required to enter the password from the remote machine account (be careful, because the password is not displayed for security);

3) after the correct password is entered, the terminal window of the remote server appears with a greeting; Now you can execute the necessary commands.

4. In case you need authorization for DSA keys:

1) if necessary, generate an open and private SSH keys from the OpenSSH-client:

2) by default, the public key is stored in the /home/user/.ssh/id_dsa.pub file, and the private key is closed in /home/user/.ssh/id_dsa;

3) the generated public key must be copied to the remote machine and added to the authorization of /home/user/.ssh/authorized_keys command:

The user can now be identified on the SSH server without entering a password.

Installing and Configuring OpenSSH for Cygwin Terminal on Windows

Cygwin installation is performed by running the Cygwin.exe file, which is downloaded from the official site.

Cygwin is the assembly of many different packages. To work with a remote terminal, only OpenSSH is required. You can find it by searching in Cygwin itself.

After installing the package, run Cygwin Terminal and enter the command:

Then press Enter. You will be prompted to enter a password. After authentication passes, the terminal of the remote server appears with the user's greeting.

The syntax is exactly the same as in OpenSSH-client, implemented for Linux.

Cross-platform SSH client with GUI PuTTY

Putty is a graphical SSH client for remote administration, which includes support for the SSH protocol. The program is distributed with open source and absolutely free.

It was originally released only for Windows OS, but later the client was ported to Linux, it is included in the repository of almost all popular distributions.

It is actively developed for work in Mac OS X.

The PuTTY configuration window looks the same on all operating systems. The difference exists only in the methods of installation. Therefore, the installation methods for the three operating systems will be listed first, and then the PuTTY settings.

Installing PuTTY Linux Ubuntu

1. Install PuTTY using the command:

2. Running is performed with the putty command from the terminal or by clicking the mouse from the menu:

3. The client settings window opens, where you need to register the connection settings.

Installing PuTTY for Windows

To install, you need to download the file putty.exe, save it in a convenient place, for example, on the desktop. The program is launched by two clicks of the left mouse button.

PuTTY - SSH client for Mac. Installing and running the GUI version

At the time of writing, PuTTY was not adequately ported to work on Mac OS X. Problems occurred on the compilation of the part that is responsible for the graphical interface.

For the installation, you must perform some preliminary work.

1. Install the Xcode.

A package of utilities and programs from Apple to develop and build applications for Mac OS X.

From the Mac OS X version 10.7 Lion, you must install "Command Line Tools for Xcode" from the Apple Developer site.

After installation, you need to accept a license agreement:

2. Install Xquartz.

This is the implementation of the X.Org X Window System (X11) server for Mac OS X. Required for the GUI version of PuTTY written in GTK +. You can install from the official site. After installation, you will need a log.

3. Install Homebrew.

Installation is performed by the command:

Next, you need to check for the correctness of the installation command:

4. Putty installation is performed by the command:

The process can take more than half an hour, as many dependencies like Glib / GTK + / Pango / Cairo will be installed.

5. Create the Putty.app startup file.

You need to run Automator.app. In the document type, select the "program", select "run the shell script" in the actions, set the path to the executable file "/ user / local / bin / putty" in the input field, save it as "putty.app", specifying the file format " Program ", to the" programs "directory. If desired, the standard icon can be replaced.

Configuring the PuTTY client SSH

The process of setting up the SSH PuTTY graphical client looks the same on all operating systems. The appearance is slightly different depending on the design of the working environment.

To connect to a remote machine via SSH, PuTTY must be started. In the appeared window of the program it is necessary to set the parameters:

Connection Type - the connection type is set to SSH.

Host Name (or IP-adress) - host name, or IP-address - it specifies the IP address of the remote server, domain name or Internet address. In the example above, the IP address is 192.168.128.3

Port - listening port - on the server that was given as an example, port 5754 is configured. We specify it.

If you want, you can save the settings for this session.

When you click the "Open" button, the terminal window appears, where you will be asked to enter the name of the remote machine account and the password.

If you need to authenticate the client with a pair of keys, you need the utility puttygen.exe, which runs in Windows. PuTTY-Gen generates its public and private key pair.

The public key must be added to the server, it is generated in the SSH standard. You can add the key in the same way, via OpenSSH in the terminal or using PuTTY, after the first login-password authorization.

The private key is generated in the .ppk format and added to the client. On the left in the tree you need to find SSH, expand the list, find Auth and in this parameter in the "Private key file for Authentication" field select the key.

After these manipulations, the user can authenticate to the server without entering a password.

At the moment, PuTTY is considered a universal client of SSH with a graphical interface. Third-party Gao-Feng developers have created an SSH client for Android, as a mobile version of PuTTY.

Best SSH client

Until now, there is no consensus on which SSH client is better to use. System administrators select utilities based on their own needs.

Typically, users of * Unix systems tend to use the standard SSH from the OpenSSH package. It has a clear universal syntax and is accessible directly from the terminal. To work with additional tools like secure file copying (SCP), you do not need to install additional programs. Everything is included in OpenSSH.

The GUI fans, which usually work on Windows operating systems, use PuTTY. It is believed that this is the best SSH client for Windows. It has all the necessary tools for tunneling, copying files and so on, even if you need to download additional modules for this.