The Ultimate SSH Guide

ssh

This is an SSH guide to help you set up, configure, connect, and transfer files using SSH.

Setup SSH

Install SSH on your system

Debian-Based

sudo apt install openssh-server -y

CentOS/Fedora

sudo yum -y install openssh-server

Arch

sudo pacman -S openssh

Run SSH server on startup

sudo systemctl start ssh
sudo systemctl enable ssh

**Note: sshd instead of ssh for arch

Configure SSH

Make sure ufw isn’t blocking ssh and enable it for passthrough.

sudo ufw allow ssh
sudo ufw limit ssh
* Limit is required to prevent brute force attacks
sudo ufw enable
sudo ufw status

Options for /etc/ssh/sshd_config

PasswordAuthentication yes/no
* No should be used when facing the internet and key authentication must be used for security

AllowTcpForwarding yes
X11Forwarding yes

* This is used to forward GUI programs (Xming required for Windows)

AllowUsers Fred Wilma
DenyUsers Dino Pebbles

* Block and Allow certain users

Security of a SSH Server

It should be noted that if you open up your firewall and port forward port 22 on a standard SSH server install… you will probably be hacked. This is extremely reckless and should never be done. I highly recommend doing ALL of the following measures if opening up SSH to the outside world.

First, obscure the SSH port by changing it in the sshd_config file
# Change Default port 22 to 2222
Port 2222

Second, disable Password Authentication and use ssh keys instead. This is a complex procedure and recommend using the following script to optimize the encryption and setup process.
https://github.com/angristan/openvpn-install

Third, verify you are using tar-pitting or rate limiting on your SSH port. This will prevent brute force attacks
ufw limit proto tcp from any port 2222
*Note this can also be done via iptables and it needs to be modified to your SSH port.

Connect via SSH

Linux terminal

ssh username@serverip

Windows

PuTTY https://putty.org/ (ssh program)
Xming required for X11 forwarding https://sourceforge.net/projects/xming/
Verify X11 Forwarding in PuTTY options

Video Walkthrough SSH Access

Transfer Files via SSH

The difference between SFTP and SCP by default are one is interactive and the other isn’t. SCP is faster, but can’t be resumed where SFTP and slower and can be.

Linux

Use the native file browser, in the location bar type the following:
sftp://192.168.1.10

Using the terminal

Syntax: scp source destination
Remote PC Syntax: username@serverip:/path/to/file

Example: scp localfile username@serverip:/remote/server/path

Windows

WinSCP is my recommended transfer tool.
https://winscp.net/eng/index.php

pscp.exe for command line. https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html

One Comment

  1. hugbear

    Thanks for this guide! Any chance you could explain and do a similar guide about ssh tunneling some time?

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: