Francisco Javier Cruces Doval
Friday, September 8, 2023 | 4 minutes
SSH under debian
#SSH server under debian
Remote management using SSH
The first thing we should do is install the package on the server and the client:
For safety it is usually not allowed to connect the root to the server; for this, the /etc/ssh/sshd config file should be modified, and the following option is put:
And we restart the service to apply the changes:
Connect to ssh server
We’re going to install the ssh client, for that:
To access the server from the client we type:
We’d open up remotely.
Remote execution of graphic applications
By ssh there is the possibility of running graphic applications on the server and handling and visualizing them on the client. The ssh server must have the redirection of the X protocol activated, i.e. the following parameter in the / etc / ssh / sshd\ _ config configuration file:
In my case it was already enabled, if we didn’t have it we changed it and restarted the service to apply the changes. We must now connect to the -X parameter:
and then we can run any graphic application, for example, gedit:
The program will be opened to us graphically:
Now we see on the server that has been created:
Transfer files with ssh
To copy a file from the client to the server we enter the following command:
Now let’s check if it’s been copied to the server:
Remote access by asymmetrical encryption
Key access configuration
We will generate our keys from our client:
Now let’s add it to our server:
Once I do this we disable password access on the server by editing the / etc / ssh / sshd\ _ config file:
Then we just need to restart the service and when we re-register, we’ll be using public key:
‘‘If we try to register with a user which we don’t have the public key will tell us the following:
Port change
Now let’s edit the configuration file to indicate the port:
And we will restart the service:
Now if we try to connect as we have done before, it will give us the following mistake:
To connect we must specify the port by which we connect with -p:
Connect with a remote access client using tunnels
We will use kitty, when we open it on the first screen we enter the server ip and the port you have configured on the server for the ssh in my case 2222
Now we add the port by which we will connect using the tunnel and then the ip followed by two points and the same port.
Now we enter our user and password and we will have connected:
If we want to do the same but using a public key from windows, we press windows + r and write the following:
And we generate the public keys:
Now we go to the route we’ve saved it we copy the public key and we put it on the server, for comfort I have copied it from the client using ssh.
Once added we save the file:
We’re going to disable the password authentication and restart the service
Now from the kitty we have to go to the ssh > auth, we give it to browse and select our private key, which must have the .ppk extension. I copied it into another directory for comfort for the tests.
And we connect:
Here we have combined to connect with kitty using a tunnel + another port + public key.
VNCserver
We install it with the following command:
Below we set the configuration credentials for access users and administrators with the following command:
Now we go to the client and we enter the ip followed by the port by two points, if we don’t know we can look at it with:
We will be given a warning as the communication is not encrypted, we give you to continue and we enter the access password, which we have previously put:
Since we do not have a graphic entry on the server, it will not show us an image, but we can see that we have established a connection in both windows and Linux:
Web page management using ssh
- Once the two virtual sites have been created, we want to establish a secure connection to each of our sites, for this we must establish a ssh tunnel in the same way we have established it to establish a remote connection per vnc.
2.Create a tunnel from the ssh client so that access to the private section of the department website is established by port 9999
- With both established tunnels check that access to the iesgn.org web can be done smoothly by port 80
I only managed to do my page by default, for that we do a tunnel with kitty for example:
We now add the ports of origin and destination of the port:
We now register with our user:
Once the tunnel is established we enter the localhost browser: 8888:
And so we have established a secure web connection.
If we close the tunnel we’ll lose the connection:
