 Today, I wanted to cover some of the basics of SSH. What is SSH? It is the Secure Shell, and you use this for logging into a remote server, typically remote Linux or BSD servers, although it also works on Windows as well. Now the name, the Secure Shell, why is that important? Well, SSH is really intended to provide you a way to send secure encrypted information between two machines, your local machine, the computer right in front of you, and of course the remote server that you're trying to send information to or get information from. So how exactly does SSH work? Well essentially, there's two programs. There's the SSH server that needs to be installed on the remote machine. There's also the SSH client that needs to be installed on your local machine. Now the server is running on the remote machine, that's a daemon, that's always running, right? It's always listening. It's listening on a specific TCP IP port, and it's listening for potential connections, and whenever it hears a connection, so I'm on my local machine, I decide to try to connect to that remote machine. What I'm going to do is I'm going to open up a terminal and SSH into the remote machine, and it's going to ask for authentication, it's going to ask for a key or a password, and if I have the correct credentials, it will allow me to connect to that remote machine. Of course you do all of this in a terminal, and when you do this in the terminal, when you have a successful connection, all of a sudden, instead of your local user at your local host as the command prompt, it all of a sudden changes to whatever the name of the remote user and the remote host name on the remote machine is, and you're actually now in your terminal, you're actually controlling the remote machine. You did a LS command, for example, it would actually show you the directory contents of whatever directory you're in on the remote machine, you're no longer really controlling your local machine. I know a lot of this sounds really complicated, it's not, it's actually very easy, especially once you see it in action, that's what I'm going to do, I'm going to go ahead and demonstrate some of this. So what I'm going to do is SSH into a remote machine, what I'll do is I'm going to spin up a VM of Ubuntu, so I'm going to create essentially an Ubuntu server VM, and then what I'm going to do is I'm going to SSH into that virtual machine, from of course my host machine, the local machine. So here's a virtual machine of Ubuntu, so imagine this is the remote server that we're trying to log into, right? So on the remote server, what you need to do is make sure that you have the open SSH server installed. So when we talk about SSH, the name of the package these days is called open SSH, let me zoom in so you guys can see this open SSH-server and open SSH-client, at least on Debian and Ubuntu-based systems. If you're doing this on Arch Linux, on Arch Linux, the server and the client is actually all in one package. All you need to do is install open SSH and you get both the client and the server. So here on this remote machine, what we would need to do before trying to install anything, it's a good idea to do a update, so sudo apt update and sudo apt upgrade. And hit enter, enter my super secure password for this VM. And I've already updated the machine, so there's nothing to do there. And then once you've successfully updated all the packages, what you should do is of course sudo apt install open SSH-server and go ahead and install that. This may take a second. Now that we've installed the open SSH server, let's see if it's actually active if it's running. So you can do a sudo system CTL status and SSH and it says active and running. So SSH, the daemon, the server is actually running. Now if for some reason that wasn't running, what you would need to do is you would need to enable it and you would do that with sudo system CTL enable, if I can spell enable correctly dash dash now SSH and that's how you would do that with system D that would enable the SSH daemon and it would also start it. That's what the dash dash now does. Now one thing to consider with most servers is they have firewalls enabled by default of boon2 and many other Linux distributions use a firewall program called UFW. And what you need to do is make sure that the uncomplicated firewall UFW allows for SSH connections. So you could do sudo system CTL, actually we could do system CTL status UFW to see if it's even installed and active. It is. So the firewall is active here. So what we need to do is sudo UFW allow SSH. This rules updated. That's now allowing the SSH port to be open so anybody can now SSH into this machine as long as they have the correct credentials. Now let me switch over to the actual machine so not the virtual machine but my actual desktop here and what I'll do is I will SSH into the remote machine, the boon2 VM. Let me zoom in here. Now to SSH into another machine you need to type the command SSH and then user at IP typically or domain name. So the user on that I know the user was DT in the remote machine but the IP address I actually don't know. So let's go back to the VM and what I'm going to do is let me make this full screen again so you guys can see this, get out of that and clear the screen. If I do IPA it will actually give me the IP address for this VM and this is actually the IP address I need. So now let me switch back over here and I've got the IP address and let's SSH into that. Now at first, the very first time you log into a remote machine it's going to ask you this question. Are you sure you want to continue connecting? Obviously type the word yes, hit enter. It's going to ask for DT's password, the DT user on the remote machine. We're logging into the remote machine. It's asking for that DT's password, not the DT user on this machine. So the password on the remote machine that VM was a super secure and complicated password then let me hit enter and now I am inside that virtual machine. You see my host name and everything changed DT at Ubuntu-vert because the host name of the remote machine is Ubuntu-vert. So that's how you know. Now it gets a little complicated because I sometimes do this where I'll have the same username and maybe even sometimes the same host name on a computer that gets kind of complicated. It becomes confusing. You don't know which machine you're actually in. So it's a good idea if you're going to use SSH all the time to give descriptive names for these machines as far as the host name. So if it's DT's laptop or whatever, if you've got a million laptops say, hey, this is Lenovo laptop for the host name or Toshiba laptop for the host name. Now let me get back over into, of course, the desktop, the client here. If I did an LS, let me do an LS-LA. This is, of course, not my home directory because the home directory on the local machine, let me open up a new terminal. I mean, I've got a million things in my home directory, right? So this is clearly the VM, the freshly spun up VM that hardly has anything installed on it. That's why that home directory is very bare. And now that I'm connected to the virtual machine, the remote machine, I can do anything I want to that remote machine. So if I wanted to edit the bash RC of that Ubuntu VM, what I could do is VIM-bashRC and remember the prompt, we're connected to the remote machine. This is not my local machine. Yeah, this is definitely not my bash RC because it doesn't have any of my custom stuff. Also the VIM is actually not using some of my functionality in my VIM RC either. Because again, this is using VIM on the remote machine, not VIM on my local machine. If I wanted to create a new file, I could do touch and I'll do file 1.txt, if I go back to the VM, let me get back into that and do an LS, you will see file 1.txt. So SSH is really, really cool, really neat. And typically when you do web servers and you do any kind of hosting, you go and grab a cheap server from somebody from some hosting company, a lot of times the only way to get into that machine is through SSH. You create a root password typically and then they give you the IP of that server. And then that's how you get in SSH root at IP and then of course you have to enter that password and then that's how you get into that machine the very first time. Now one of the interesting things with SSH is you don't have to worry about passwords if you don't want to. As a matter of fact, it's probably more secure if you don't actually use passwords with SSH, you do have the ability to set up SSH keys and it generates this key pair and this key pair of course is known from with the remote machine and the local machine so they know that, hey, this is a trusted device, I can talk to it and then you no longer have to enter passwords. So let me create a SSH key pair and let's see if we can get the keys working. So I'm going to switch back to the desktop, I've already got a terminal here. What I want to do though is I need to do this on the local machine. Right now I'm connected to the remote machine. What I could do is type exit and the connection to that IP address is closed meaning I'm now back on my local machine. So let's go ahead and generate a key pair. So I'm going to do ssh-key-gen-t ed25519, hit enter and it says generating public private ed25519 key pair enter the file name so it's automatically selected a file name it's going to put this in the .ssh folder in my home directory and it's going to call it id underscore ed25519 if I wanted to change the name of that file or the location in general I could do that. I'm just going to go with the default so I'm just going to hit enter. As for a passphrase now you can enter a passphrase or you can not and it's totally up to you. Now for security reasons it's strongly recommended typically to add a passphrase so since it's recommended I will actually add a passphrase for this so enter the same passphrase your identification has been saved yada yada yada. So now that we've got that created I need to copy the public key over to the server because that's where that needs to be. So what I need is I need the username and a host name the IP address of the remote machine once again except instead of ssh user at host what I need to do is ssh dash copy dash id user at host so in this case we're going to copy over the public key that's sitting on the local machine right now we're going to over ssh send that to the remote server we get some information here now it's going to ask for a password so this is interesting here what password is it actually asking for because remember we created a passphrase but if you notice it's asking for DT at IP addresses password so it's asking for the remote DT password so let's enter that one yeah and that was the one it wanted because it looks like everything was fine it says the key was added let me clear the screen and let's actually see if this works so let me do ssh and then let's do the user at the IP address of the VM and now if the keys were set up correctly I should not have to enter a password this time it says enter passphrase because we did set up the passphrase so enter your passphrase and now we are connected you see I'm now DT at Ubuntu-vert now remember entering up doing the passphrase part of the ssh keys is totally optional now it's strongly recommended if people have physical access to your machine but if people if you know a lot of times I don't do the passphrases because nobody has physical access to my machine you know nobody else can get into them even if they could they couldn't figure out how to work you know some of my machines with X mode add-in things but it's one of those things it's it is kind of dangerous especially those of you that you know do any kind of system administration work and things because if you just leave your keys around you know people could use those keys without a passphrase to ssh into any machine that you had access to that's the point of the passphrase is adding up the passphrase just adds another level of security now one final thing we could do here is we could disable password authentication on the remote machine you know so we've got the remote server and we can actually set that to no longer accept passwords for SSH meaning I can't log in via SSH with a password I either have to have a key pair or I don't or I can't get in so let's do that so let me switch back over here to the VM and what I'm gonna do is let's clear the screen here so you guys can see the command I'm gonna type I'm gonna do sudo vm if you prefer nano you could nano it just needs to be a text editor and you need sudo privileges and we're gonna edit this file slash etsy slash ssh slash sshd underscore config I'm gonna ask for a root password of course and then we need to find a particular line here the line we need is password authentication so if I did a search here for password authentication there we go and you see the line is commented out and it's set to yes now the line since it's commented out is is actually basically allowing passwords right now but if we uncomment this line and instead of yes we set it to no and write that and then let me go ahead and write it and quit and what I could do now is we need to reload the SSH server on this machine and those changes should take effect so let me do a sudo system CTL reload SSH D and now if we've done that correctly no longer will a password be allowed for you to SSH into this machine you either have a key or you don't so SSH is really not complicated I mean that's really some of the basics right there and really that's pretty much I've covered most things that your your typical Linux user needs to know about now one of the cool things especially those of you that are desktop Linux users like me maybe you don't want to always have to go to a terminal and do everything at the command line with SSH there are a few SSH clients out there desktop clients that make you know connecting to remote machines a little easier especially if you remote into a lot of different machines you know you don't want to have to you know remember passwords and inner passwords if you're constantly SSHing into a machine I don't play a lot with these SSH clients but I know one of the most popular ones especially since we're talking about Ubuntu right now is let me close this terminal if I go into activities here and I start searching for Remina yeah Remina is a remote desktop client and it accepts SSH connections now of course we need Remina on the actual local machine not the server so I actually have already off camera installed Remina on this machine so let me close that terminal and launch Remina here and I've even set up some connections for my web servers I've got several web servers that I've already added the credentials here in Remina too so if I wanted to I could add one more since you know what let's add the VM because why not so we're going to give it a name here I'm going to say Ubuntu VM I don't need the quick connect part of that name then it's going to ask for a protocol because there's several protocols you could use to remote into machines SSH of course is kind of the standard when it comes to Linux servers and then we need the server so that's typically going to be an IP address or a domain name if you have it I don't remember what the IP address was let me look that up and I will add it and then the authentication type now you have several things you could do if we set up the keys we could use the keys if we had to use a password you could use a password we need to do the key though because we disabled password connections for that that VM and we may need to enter the passphrase which is the password to unlock the private key let me see if I can actually do that this is the first time I've actually used Remina you know here in just the last few minutes so let's actually see if this works let me try to connect and it actually work DT at Ubuntu Dash verb so how easy was that and then of course you've got a terminal inside Remina here if you got some buttons here these buttons really don't do much I mean think that one of these makes the option of resizing the window probably going full screen but the cool thing about it is it is tabbed so if I had several connections remote connections they would be tabbed you know I could open you know all five of these and I could quickly switch between them we're in a terminal unless you're using a terminal that has built-in tab support you know sometimes that can be frustrating to switch between them and of course if this was a SSH connection that I would need to come back to now I'm gonna blow away this VM so this is not a connection I needed to save but if I needed to save it of course it would be saved here in the front page here you know the main window of Remina if I wanted to come back to it let me close that out so that is one rather popular SSH client available on Linux there's a few out there that are available on Linux but unfortunately most of them are actually proprietary software oddly enough Remina is not it's free and open source software those of you that use Emacs Emacs has the ability to SSH into a remote machine just built into it it's a program called Tramp you don't have to install it and it's just dead simple your SSH into a remote machine through Emacs on your local machine Emacs doesn't need to be installed on the remote machine just your local machine the SSH through Emacs and Emacs is actually in the remote machine so if you do DRID the file manager inside Emacs is actually showing you the files on the remote machine if you're editing something you're editing something on the remote machine it's really neat so that's just a little bit of some of the basics with SSH and I've done some videos on SSH before in the past but those videos are several years old now I wanted to recover this because I've been getting questions about this because I often talk about hey I'm going to SSH into this machine or I'll just use SSH for that and I've got new viewers of the channel now asking me what are you talking about what do you mean SSH or when you say remote into a machine what does that mean hopefully showing you guys now you kind of understand what I'm talking about with this stuff now before I go I need to think a few special people I need to thank the producers of this episode Ebsi gave Mitchell, Akami Allen, Chuck, David, Dylan, Gregory, Irion, Paul, Polytech Scott, Steven Smith, Wes and Willie these guys they're the producers of this episode they're my highest tiered patrons over on Patreon without these guys this quick look at SSH it wouldn't have been possible the show's also brought to you by each and every one of these ladies and gentlemen as well all these names you're seeing on the screen right now these are all my supporters over on Patreon because the DistroTube channel I've got no corporate sponsors I'm sponsored by you guys the community if you'd like to support my work I'd appreciate it please consider subscribing to DistroTube over on Patreon all right guys peace