Linux Commands for Beginners 22 - Remote Management with OpenSSH

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
[Music] hello again and welcome back to my linux commands or beginner series as linux administrators were somewhat lazy we don't want to walk all the way down the hall into the server room connect a monitor and a keyboard every time we want to do work on a server no we want to connect remotely from wherever we might be sitting and to do that we're going to use open SSH which is the subject of this particular video now I do have a video on SSH already actually have several so I'm not going to go too deep into this but I definitely want to give you guys the basics and then if you want to learn more you can go ahead and check out those videos now for this video you're going to need more than one instance so I recommend that you have two linux instances it doesn't matter if there are two virtual machines two physical machines or you have a Linux laptop or desktop and then a server you're basically going to need something to connect to and something to connect from I'm going to assume two Linux machines in this video but you could go ahead and have those Linux machines set up however you'd like you just need SSH so let's go ahead and get started so here I have a Linux instance created on Linode but it doesn't matter if it's created on Linode again it could be a virtual machine a physical machine doesn't really matter but what you're seeing on your screen right now is my linux server on Linode now in order to connect to a server via SSH you actually need the SSH server package installed when you create a Linux instance on the cloud it's always going to have the SSH server installed already so if you install Linux from an ISO image you might not have that so how do you know well there's several ways you could do this now first of all what you could do is sudo netstat - tu LPN I don't need su do because I'm running his route but just to have it and press enter and you'll see the services that are listening for remote connections we you can see that we have sshd listed right here you could also do which s is HD perhaps that was a simpler way you can see that it is installed because we actually have a path to the binary we could also see if SSH is running so system CTL status SSH enter and you can see that the OpenBSD secure shell server is active and running so that's basically what you can see when your SSH service is running in since I did systemctl status here it gives me some log entries you can see that people are already trying to get into my server from the outside world and basically what this means is you don't want to have password authentication enabled I'll talk a little bit about that later on in this video but we can ignore this for now we know that SSH is running so we're good to go but what if it wasn't so if you do not have SSH installed on your server and it's Debian or a boon to based you could basically do this sudo apt install open SSH - server just like that and it's already installed in my case we already knew that but if you're running on a debian ubuntu or something based on a double you know boon to distribution then that's the command you would use to install the server and once that's installed you can connect to the server again I'm on a Linode instance at the moment now over here I have a Fedora instance and you can install the SSH server if not already installed by simply doing sudo DNF install open SSH since I'm using Linode it's already installed it's ready to go as you'll see if I do net stat - tu LPN we can definitely see that SSH is here we'll get back to the video shortly but I'd like to take a moment to thank my sponsor Linode I definitely recommend you check out Linode Linode has a special offer for subscribers of learn Linux TV if you watch my channel no doubt you're interested in tinkering with things like computers Linux servers and the like so that's why Linode wants your help testing out their new data center coming to Sydney Australia by the end of 2019 sign up to become a beta tester by visiting the link in the description and you'll be notified by email when the beta opens for testing by joining the beta program you'll even have the opportunity to be the first to test other Linode products in the future be sure to check the I want to be a beta tester box when you sign up be sure to check out Linode and let's get back to the video so now that we know that SSH is installed the server is installed that basically needs to be running on the server we want to connect to this being a Linode instance i want to ssh into that now i already am connected to the server via ssh because when you have a virtual private server well that's just the way you do it so what I'm going to do is step back and show you guys how I did that now first of all you need the IP address of the server you want to connect to in my case I'll do IP space a that's going to give me the IP address and we see it right here so what I'm going to do is copy that and then I'm going to disconnect from the server so in this case what I want to do is SSH because that's how I want to connect to the server we want to type the user that we want to connect to the server as in my case I'll do root at and then I'll paste in the IP address the IP address will depend on whatever the IP address scheme is on your network or whatever your server was assigned if you have a local server for example you'd have your local server IP here if it's a virtual private server it'll give you an IP address when you create it either way you'll have that IP address and you simply want to connect to it now allowing root access is not a good idea I'll go over that a little bit here in a minute but basically do as I say not as I do I'll let you guys know what referring to but effectively SSH user whatever your username is at whatever the IP address is of a server you want to connect to so I'll press ENTER and I'll be prompted for the password here which I'll enter and you can see that now I am connected to that server and to exit or logout I could simply type exit and press Enter I can even just simply do ctrl D and that'll log me out back to my local instance this green prompt right here is the prompt from my local computer and then again that's the command I would use to SSH I did create a user for myself so I could simply do SSH and then my name I could type in my password here and you can see that I'm now logged into the server as myself so I mentioned a few times some things such as passwords and root access being a bad idea I want to give you guys some information on why I feel that way or why that's the case so when you have a Linux instance that is accessible from the internet everybody online is going to be trying to get into it I'll show you what I mean so again if I do sudo systemctl status ssh i my boon to server here then the password i'll use sudo because that makes sure you can see the log entries you don't always need that to check the status you can see that someone's trying to get in there failing authentication here maximum authentication attempts have been reached so basically you see these IP addresses and you can see that people are basically trying to get in and again the reason why they're trying to get in is because I have SSH installed and it's open to the public Internet so you always want to make sure that you disallow root access and then you also disallow password access as well I'm not going to show you everything about SSH key authentication which is what you want to do instead of password authentication and the reason I'm not going to show you that in this video is because I already have covered that in other videos I'm giving you the basics here but you could check out those videos more on how to do that but what I am gonna do right now is show you how to disallow root login so back here at the terminal I'll quit out clear the screen and for this to work you're gonna want to have created a user for yourself I created a user for myself that's me right there you want to test to make sure sudo works you can simply do sudo - L and right here it's basically telling me I could do everything and a test it we could do sudo LS because LS is a very harmless command to use su do with I'll just press ENTER and you see that it works now what would happen is you know if you don't have sudo access you'd have to switch to root but if the root account is disabled you might get locked out you just want to make sure that you have su do on the server which I do next we'll do sudo nano you can use vim or whatever you'd like we want to edit the configuration file for SSH so slash Etsy SSH SSH D underscore config that's the file that we want to edit I'm going to scroll down here a bit we have permit root login yes I'm gonna change that to no and in Nano we can save the file ctrl o enter and then ctrl X now that we've changed that setting it doesn't take effect until we restart SSH so let's do that sudo systemctl restart SSH now they'll restart the SSH server now notice I'm still connected to the server even though I restarted SSH you can see that I am still connected it's not going to drop a current established connection the changes that we made to that file will take effect for all new connections that will come on so I'll clear the screen and any time we make changes to the ssh configuration file we want to test it before we log out because if we lock ourselves out and we log out of the only active session that we have we may not be able to get back in we just want to make sure that everything works so I'll open a new terminal here SSH I'll paste the IP address blow up the text a little bit go ahead and clear the screen there you can see that I just omitted the username you don't have to have the username if the username that you want to connect to the server with is the user you're already logged in as so I'll press ENTER I'll type in my super-secret password maybe I'll need to type it correctly and you can see that I am able to connect so that I do know that SSH is still working so that means I can go ahead and log out of the shell I'm back to my local computer I'll recall the SSH command and we can see that it still works but what happens if I try to connect to it as root let's see what happens I'm prompted for password so I'll type that in press Enter now I know I typed in the right password but just to be completely sure I'll try again it doesn't let me in why is that so let's see I'll connect to the server as me password and you already know why it's not letting us in as root because we disabled that but what we could do is sudo let's do tail I'll do the last 50 lines of slash bar log off dot log which is where you would go to find attempts to log into your server we can see that we have an authentication failure for root and that of course is because we disallowed root login but as soon as we login via myself we see here accepted password and then I went ahead and allowed me in session opened for a user J we see that right here so the next thing we want to do is go into the same file again we're not going to save any changes but just to show you where another setting is of importance I'm going to scroll down here until I find password authentication you see it down here I'm screwed all the bit password authentication is set to yes I'm gonna uncomment that set it to no I'm not gonna save my changes because if I do I'm not going to get back into the server at all so actually what I am gonna do is save the changes I'm not wanting you to do that I'm just going to show you what exactly will happen so I'll save it exit out let's restart SSH then in a new terminal I'm gonna go ahead and try to connect to that server there's the IP address for it permission denied it didn't even ask for password so that just means it's not going to allow connection by password which means that all these people on the internet that are trying to brute force their way into the server will now not be able to do that I'm still connected to the SSH server though so I probably should go back to that file and then re-enable password authentication so that way it doesn't lock me out then save it will restart it open a new terminal you should be able to connect now and we are I'm logged into the server now SSH is a very powerful utility because it allows you to remotely manage your servers now again I recommend that you disable password authentication but you can only do that when you've learned how to connect via public key authentication I have videos on my channel already about that that you can check out that'll allow you to learn how to set that up but basically as long as you don't allow root login or password base login your server is reasonably secure there's still other things that you want to do you want to keep up to date on packages and you know make sure you have all the latest security updates and things like that but at the bare minimum you shouldn't allow login or password based login but the Pope whole point of this video was to show you guys how to access your servers via SSH and we've done that so that's all for this video now in the next video we're going to start a two part series or sub series about transferring files so in the next video we're going to check out SCP so I'll see you when I have that uploaded thanks for checking out my video I really appreciate it if you found it useful click that like button and if you haven't already done so make sure you subscribe so you'll see the latest content as soon as it becomes available if you want to help me out there's links down below for my patreon page as well as links for purchasing my Linux books and also my affiliate store which has a listing of linux compatible hardware that i've actually tested personally thanks again for watching and I'll see you in the next video
Info
Channel: LearnLinuxTV
Views: 7,970
Rating: 4.9859157 out of 5
Keywords: Linux, Tutorial, Learn Linux, commands, cli, command-line, bash, linux commands for beginners, linux tutorial, linux command line, linux for beginners, ubuntu linux, command line, linux (operating system), linux tutorial for beginners, linux, linux terminal, linux command line tutorial, basic linux commands, linux basic commands, linux commands tutorial, linux command line basics, commands in linux, introduction to linux, sudo, su, ls, cd, mkdir, mv, cp, chmod, chown, linux commands, openssh
Id: 7OQYlLh0srY
Channel Id: undefined
Length: 16min 53sec (1013 seconds)
Published: Mon Oct 21 2019
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.