Here I will briefly describe, what is SSH/SFTP and what is it for, how to configure ssh client for Linux, OSX, Unix, generate keys, and prepare it for use.
There are two ways to control Linux Server on VMware virtual machine because of absence of physical terminal. They are using window VMware vSphere virtual client terminal and SSH secure connection.
When one installs our virtual machine template ore configuring the Linux server, we use (or will use) window VMware vSphere client terminal, since there is no alternative at this stage. Of course, in the future, one can work through it, but it is very uncomfortable. The window is small, there is no advanced editing tools and copy-paste. It is needed to enter everything manually. One can not transfer the file to a virtual machine, etc.
Using ssh client for Linux one can manage the server. Wherein the terminal box may be any size. There all advanced editing tools available, including copy-paste from any other applications running on the computer on which ssh client is running. For example, one can copy the command from this post directly to the server’s terminal window. sftp program enables secure file transfer to/from the virtual machine, which Linux server is running.
From wikipedia: SSH is a network application layer protocol that allows for remote control of the operating system and the tunneling of TCP-connections (for example, to transfer files).
This protocol is similar in functionality to Telnet and rlogin, but, unlike them, encrypts all traffic, including typed passwords. SSH allows to select different encryption algorithms, that allows one to safely pass in unprotected computer network environments of nearly any other network protocol.
To implement SSH secure connection, one needs SSH-server and SSH-client. SSH-server listens for connections from client computers, and, if the connection is established, authenticates and then starts to transfer data. SSH-client is used to access the remote machine and execute commands there. SSH-client, and SSH-servers are available for most operating systems.
Or in other words, using the ssh protocol, one can control Linux server from any remote computer, send commands and data in the secure way, including passwords and other sensitive information.
How to configure ssh client for Linux
SSH client for Linux, MAC OS and Unix is included in the base operating system. On Windows, you have to install ssh client, as a third-party application. How to do it and how to use such an application I have described in posts “SSH client for Windows Bitvise Tunnelier“, “SSH client for the Windows PuTTY” and “PSFTP – SFTP client is PuTTY for Windows“.
Les’s start with launching program Terminal. If this looks unclear, You can read my posts “A few words about the Linux” and “Linux Commands“. You can also simply repeat the following commands without any errors and get the necessary results. Commands follow the sign “$” and are written in italics. The sign “$” we will not type!
We should type following commands (you can copy-paste). In this examples, the user name (login) of the current user is admin.
$ cd ~ move into the user’s home folder (typed cd ~)
$ ls -la .ssh (One should check, whether there is subfolder .ssh)
There are two possible answers.
The first one:
ls: .ssh: No such file or directory This folder is missing. One have to create it.
One should type:
$ mkdir -p .ssh – This creates subfolder .ssh
$ chmod 0700 .ssh – This folder is now accessible only for the current user (This is mandatory! Without this SSH client will refuse to work).
$ ls -la .ssh – One should check, what happened.
Must be everything, as in Fig. 1.
Now one need to generate keys for ssh client for Linux. We need a good password for the key. Good password should contain at least 8 characters, including capital and small letters, numbers and some punctuation as -, +, #. When I need a password, I usually open a random English-language news site. Then I choose a paragraph with numbers and write out the first letters of several words before and after the numbers and insert punctuation randomly.
Once the password is ready, press:
$ ssh-keygen -t rsa -C “email@example.com”
In quotes Your e-mail address. The program asks where we want to place the keys (user name admin):
Enter file in which to save the key (/home/admin/.ssh/id_rsa):
The path and the file name are correct. Just press Enter. Then we are prompted for a password.
Enter passphrase (empty for no passphrase):
Enter just created good password for the key. Input characters are not displayed when one enters passwords. Then, the program asks to enter the same password again.
Enter same passphrase again:
We enter and get the keys a little bit after. In the folder .ssh should be id_rsa private key and id_rsa.pub public key. Let us make sure that this is so:
$ ls -la .ssh
Must be everything, as in Fig. 2.
folder .ssh already exists, and contains already generated keys, we get the output as in the lower part of Fig. 2.
And now, the final step – copy the public key in the user’s home folder to transfer it to the server:
$ cp .ssh/id_rsa.pub authorized_keys2
Finally, You have to write File authorized_keys2 to the USB-stick. Soon, You will need it to establish secure SSH connection to Linux Server. You will also need it when you install Linux server from our virtual machine template. The installer will place the file in the its location and will give the necessary access rights permissions.
By default, SSH server is installed and starts on any distro Linux. And ssh server is configured (at least, Red Hat/Cent OS Linux), the way, that in order to establish secure ssh connection from the client, it is enough to enter correct user name and password. This configuration makes the server is potentially exposed to brute force attacks. If one look at any Linux server logs, one can see that somebody is constantly trying to guess the password to login to the server via ssh. At least everyone knows one username (login) as root (superuser). Although there are many attempts to login with other user names.
Therefore, the Linux Server based on the our virtual machine is designed the way, that registration via ssh is allowed only for users who do not have root privileges and whose public key is located on a server in file authorized_keys2. If one have to to execute commands as root, one must use the sudo or su commands (see my post “Linux commands. The very short description“).
So, in this post I have briefly described, what is SSH/SFTP and what is it for, how to configure ssh client for Linux, OSX, Unix, generate keys, and prepare it for use.