Remote Administration for Remote System Administrators ( 1 / 2)
Day X for Community Quarantine, the government decided to step up its action by putting the rest of the country into State of Calamity for Covid-19 as the number of confirmed cases increases here. Anyways, the news agencies can give us more update on the virus as we continuously monitor it.
In this article, I would like to highlight one remote tool for system administrators ; the SSH ( Secure Shell ). SSH is widely used on *nix based systems as it uses asymmetric encryption to encrypt data being sent back-forth the remote machines.
What happens in the process :
- Remote Server runs a service called sshd service which is installed via SSH-Server Package
- Remote Server generates private and public key
- Remote Client (SSH-Client) tries to connect for the first time, the public key of the server is downloaded
- The next message passed by the Remote Client would then be encrypted by the Remote Server’s public key
- The Remote Server decrypted the encrypted message using its private key (Please do note that ssh uses asymmetric encryption)
Most *nix based systems have sshd-server installed, the main configuration file of the sshd-server is found inside the directory /etc/ssh/ with the name sshd-config, other files inside the directory includes the public and private key generated by the sshd-server.
* note : those with *_key are the private keys generate and the *.pub are the public keys.
Inside the main configuration file (sshd_config), I would like to highlight few parameters :
- Port 2222
- PermitRootLogin yes
- PasswordAuthentication yes
- AllowUsers <user1> <user2>
The Port parameter opens up the port number to be used by the sshd server once it started up. By default, if this is not changed, then sshd-server would use port 22 as its listening port.
The PermitRootLogin parameter is by default set to yes, it means that logging in as the root user is allowed. We normally should disable this by default.
Depends on your security policies, the Password Authentication can be set to “no” to strictly do not allow logged in without authorized keys. This is actually the authentication mechanism used by popular cloud providers.
Lastly, the AllowUsers parameter allows you to specifically set the users who are allowed to logged in to the system.
SSH Client are normally installed by default in *nix based systems. But if you are running on Windows platform, a tool such as putty can be used to connect to SSH Servers.
The first time you connect to a server, you will be asked to download the public key and store it under the ~/.ssh/known_hosts file :
After the successful download of the key, you can then type in your password and begin remotely managing your machine.
P.S. SSH not only allows you to remotely managed machines, it also allows you to securely transfer files between machines. In some cases, it can also be used as VPN and some people fo call it as poor-man’s VPN.
That’s all for today, I hope this article would be of help to you.
Author: Ryan Ching
Technology Manager for IT Infrastructure, IT Group Inc.