Remote admin of Linux Servers
Thu, Jan 25, 2018Installing SSH Server and Configuring.
First of all we must be root user and have all the packages updated.
Step 1. Enter SU Mode or root user.
Step 2. Update Packages.
Step 3. Installing SSH Server.
Now that we have the latest packages we can proceed to install SSH server. To install SSH Server run the following cmd.
apt-get install openssh-server
You will be prompted to with the below warning. Press y and continue with the installation.
Step 4. Generating SSH-Key on Client.
Open a terminal window on the client and enter the cmd. This cmd generates an SSH-key.
ssh-keygen -t rsa
Step 4.1. Adding Passpharse(optional)
You will then be prompted where to save the key and for a passphrase and to confirm the passphrase. Save it in the default location and enter a passphrase. Since SSH-key is used, you will not be prompted for credentials when accessing remote devices, if an attacker gains access to your machine, they will have immediate access to any devices you have transfer SSH-key to. This passphrase is an extra layer of security on top of the SSH-key so they will still not be able to access devices unless they know the passphrase. Your device key will then generate a key and it will look something like below.
This SSH-Key will allow a user to connect to the server as we will be only allowing connections to the server via SSH-Key. This will increase the security of SSH on the server but has the downside that only pre authorized computers will be able to access the server.
E.g. If my server has a problem I won’t be able to log in remotely from my friends machine it will be only a machine that I will have already approve access to. To connect to the server, it must have this key. To transfer the SSH key the server and client must be able to communicate with each other.
Step 5. Transfer SSH-Key to Server
The next step is to transfer it over to the server we can do this by entering the following cmd.
ssh-copy-id USERNAME@SERVERIPADDRESS
you will the prompted for ADMIN password. Enter the password and you will then be prompted with the below message and it will then transfer the key over.
Step 6. Modifying SSH Server settings.
Now that SSH server is installed and has the key from the client, we will modify the configuration file. We will have to edit the file “sshd_config” on the server, but before we do that we will be making a copy of the original in case something goes wrong. Enter the cmd below to create a copy of the “sshd_config” called “sshd_config.factory”
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.factory
Now we will edit the settings. To do this we will be using the text editor called “nano”. Enter the cmd below to open the SSH configuration file in the text editor.
nano /etc/ssh/sshd_config
Step 7. Disabling Password Authorisation Go to the line
"# PasswordAuthorisation yes"
and uncomment this line by removing the # symbol from the start of the line and change yes to no. This will stop any user from accessing the device via SSH unless they have been pre authorized with the SSH-key.
Step 8. Enabling Banner Message
Now we will enable the banner message. To do this, uncomment the line below
"# Banner /etc/issue.net"
by removing the # symbol from the start of the line. You can now edit the banner message to whatever you desire using the below cmd.
Nano /etc/issue.net
Step 9. Test SSH Connectivity
Enter SU mode.
Logging into the Server Remotely Now to connect to the server you must know the ADMIN username and the IP address of the server. Enter the following cmd to SSH into the server
ssh ADMIN@SERVERIPADDRESS
If you were successful, you will be prompted with something similar to below
If you have changed your banner message it will be displayed first after you log in. E.g in the above, my banner message is:
Unbuntu 14.04.5 LTS
No UNAUTHORISED USERS
You will now also see that the cmd line in the terminal has changed to something like
ADMIN@SERVERHOSTNAME
this is due to the fact you are now log into the server and not your local machine in the terminal.
Troubleshooting SSH
If you were not successful here are some trouble shooting tips
Check IP settings on your client and server and that both are set to host-only.
Make sure firewall does not block port 22.
Check the status of the SSH server by using the “service SSH status” cmd.
Restart the SSH server.
Enabling Password Authorization on SSH connections and see if you are able to connect using a password instead of the SSH-key.
Make sure you can login via SSH before proceeding.