This tutorial will help you to install and secure the OpenSSH server on Pop!_OS Linux. In this tutorial, we will cover the following topics:

1. Installing OpenSSH server on Pop!_OS
2. Configuring the OpenSSH server
3. Using the OpenSSH client to connect to a remote system
4. Securing the OpenSSH server

Step 1: Installing OpenSSH Server on Pop!_OS

The OpenSSH server packages are available under the default system repositories. You first need to update the package manager cache by running the following command:

sudo apt update 

Next, install the OpenSSH server by the below-mentioned command:

sudo apt install openssh-server 

Press ‘y’ when prompted for confirmation. This will install the OpenSSH server and all the necessary dependencies.

Once the installation is complete, the OpenSSH server will be automatically started and enabled to start on boot. You can check the service status by running the ‘systemctl status ssh’ command.

Step 2: Configuring the OpenSSH Server:

Once the OpenSSH server is installed, you can configure it by editing the main configuration file, which is located at “/etc/ssh/sshd_config“. This file contains a number of options that control the behavior of the OpenSSH server.

Some of the most important options that you might want to configure include:

• Port: This option specifies the port number that the OpenSSH server listens on. By default, the OpenSSH server listens on port 22, but you can change this to any unused port number if you want to.

  Port 22

• PermitRootLogin: This option controls whether root login is allowed over SSH. By default, root login is disabled, but you can enable it by setting this option to “yes”.

  PermitRootLogin yes

• PubkeyAuthentication: This option controls whether public key authentication is allowed. By default, public key authentication is enabled, but you can disable it by setting this option to “no”.

  PubkeyAuthentication yes

• PasswordAuthentication: This option controls whether password authentication is allowed. By default, password authentication is enabled, but you can disable it by setting this option to “no”.

  PasswordAuthentication no

Once you have edited the OpenSSH server configuration file, you need to restart the OpenSSH server to apply the changes. You can do this by running the following command:

sudo systemctl restart ssh 

Step 3: Using the OpenSSH Client to Connect to a Remote System:

To connect to a remote system using OpenSSH, you will need to use the OpenSSH client, which is included in most Linux distributions. To connect to a remote system, you need to know the IP address or hostname of the system, as well as the username and password of a user account on the remote system.

To connect to a remote system, open a terminal and enter the following command:

# Syntax
ssh username@remote_system

Replace “username” with the username of the user account on the remote system, and “remote_system” with the IP address or hostname of the remote system. For example, to connect to a remote system with the IP address 192.168.1.100 as the user “user1”, you would enter the following command:

ssh user1@192.168.1.100 

If this is the first time you are connecting to the remote system, you will be prompted to confirm the authenticity of the host. Type “yes” to continue. You will then be prompted to enter the password for the user account on the remote system. Once you have entered the correct password, you will be logged in to the remote system.

Step 4: Securing the OpenSSH Server:

To secure the OpenSSH server, there are several steps you can take:

• Use strong passwords: Make sure that all user accounts on the OpenSSH server have strong, unique passwords. Avoid using easy-to-guess passwords, and use a combination of letters, numbers, and special characters.
• Use public key authentication: Instead of using passwords for authentication, consider using public key authentication. With public key authentication, you generate a public and private key pair, and the public key is copied to the remote system. When you connect to the remote system, you use the private key to authenticate, instead of a password. This is more secure than password authentication, as the private key is much harder to guess than a password.
• Limit access to specific users: Instead of allowing any user to connect to the OpenSSH server, consider limiting access to specific users. You can do this by adding the names of the allowed users to the “AllowUsers” option in the OpenSSH server configuration file.
• Limit access to specific IP addresses: If you only want to allow connections from specific IP addresses, you can use the “AllowUsers” and “DenyUsers” options to specify which users are allowed to connect from which IP addresses.
• Use a firewall: Use a firewall to block access to the OpenSSH server from unwanted IP addresses. You can use the FirewallD service on Pop!_OS to set up a firewall and allow connections only from specific IP addresses.

Conclusion

In summary, OpenSSH is a powerful and flexible tool for securely accessing and managing remote systems. By following the steps outlined in this article, you can install and configure the OpenSSH server on Pop!_OS, use the OpenSSH client to connect to a remote system, and secure the OpenSSH server to protect against unauthorized access.

The post How to Install and Secure OpenSSH Server on Pop!_OS appeared first on TecAdmin.

With advancements in the technology world, hackers are becoming more sophisticated every day. Even your SSH connection is not secure if you are using the traditional or default installation settings. Therefore, it has become necessary to secure your SSH server from unwanted data breaches and malicious attacks by taking some crucial precautions.

In this article, we will introduce you to some important security practices which will help you in considerably increasing the level of SSH server security.

1. Use Strong Usernames and Passwords

If you are using an SSH exposed to the outside world then there are chances that you will face some login attempts from hackers. They use different advanced techniques to crack your SSH username and password. A strong password and username combination will help you in securing your server.

You can use a password generator to create a strong and random password. Also, do not use any common password sequence like asdf, 12345678, etc.

2. Avoid Using Port 22

Port 22 is a default port for SSH connections and every hacker trying to access your SSH server will first attack this port. Therefore changing the port will add an extra security layer to your SSH Connection and it will prevent automated attacks on the SSH server. Changing the port will also keep you off from hacking radars.

How to change the SSH port?

Follow the below steps to change the default 22 port:

1. Open your /etc/ssh/sshd_config file.
2. Add the following line to your file. Set any non standard port.

   Port 20125
   

3. Restart your SSHD service with the following command:

   sudo systemctl restart sshd 
   

Now the SSH server is listening on a new port.

3. Disable the Root Logins

Allowing direct login to root through SSH is one of the most common and dangerous security breaches. Hackers, with access to your root password, can damage your machine. Therefore it is recommended to disable root user login and use non-root user access instead for security purposes. You can use the ‘su-’ command to access the root privileges after disabling root logins.

How to disable the root user login?

Again you need to edit the sshd_config file or /etc/ssh/sshd_config file as all of your server settings are stored therein that file.

1. Login as a root and open the sshd_config file.
2. Look for #PermitRootLogin or PermitRootLogin yes in that file and change it to:

   PermitRootLogin no
   

3. Then add a user account that you’re gonna use to log in by writing ‘AllowUsers your_username’.
4. Save the changes.
5. Restart your SSHD without closing the current root session.

   sudo systemctl restart sshd 
   

6. Then open a new terminal and check whether you can log in as the new user you added or not.
7. After that, you can close the root session.
8. You can now login as the user you added to have all the root privileges or you can use the ‘su’ command.

4. Use SSH Keys Instead of Passwords

You will use a strong password to secure your server but in some cases, passwords can be cracked or brute-forced. Therefore using an SSH Key login will add an extra layer to your server security.

In SSH key login, you create two keys one public and one private. The private key is associated with your main machine and the public key is installed on the server that you want to access remotely. You can make a connection between the source and destination server with the SSH key pair without using passwords. Once the SSH key pair is configured, you can disable the password login.

Use another tutorial to configure Key-based SSH on Linux.

How does SSH key login work?

Once you initiate a connection request, the server will create an encrypted message by using the public key stored on it. This message will be transmitted to your primary device and the private key will unencrypt the message. Once the message is unencrypted, the primary device will send a confirmation message to the remote server to establish the connection.

5. Disable Empty Passwords

Linux allows users to create empty passwords and allowing empty password login to the server will expose your server to vulnerable cyber attacks. So make sure you disable empty passwords.

How to disable Empty Passwords?

1. Open the sshd_config file.
2. Find PermitEmptyPasswords and replace the ‘no’ value with ‘yes’.

PermitEmptyPasswords  no

3. Restart the sshd.

This will disable Empty Password login to your server.

Conclusion

Cyber attacks are increasing at an alarming rate and it is a strong security practice to add security layers to your IT environment no matter you are working on a virtual machine or building a server. Implementing the above practices will robust your working environment and it will help you in preventing potential cyberthreats.

The post How To Secure SSH Server appeared first on TecAdmin.

Most Linux distributions use OpenSSH as the default application as an SSH server. It encrypts all traffic throughout the route and provides a higher level of security. This article describes you to change the OpenSSH server port on a Linux system.

Change SSH Port in Linux

Changing SSH port is a straightforward process in Linux systems. Any system can use the port range 1 to 65535, For TCP, port number 0 is reserved and cannot be used. The default SSH service listens on port 22. Just this port with some other ports.

To change SSH port in Linux, edit OpenSSH configuration file:

sudo nano /etc/ssh/sshd_config 

• Change from – Search for the below line, default it can be commented.

  #Port 22
  

• Change to – Remove ‘#’ symbol from prefix to uncomment above line, Then replace 22 with a non-standard port like:

  Port 2232
  

To save and close file press CTRL + X keys, then press ‘y’ and hit enter button.

Now, restart the SSH daemon to apply changes.

sudo systemctl restart ssh 

That’s it. The SSH service is now running on an updated port as configured above.

Connect SSH to New Port

The SSH service is listening on a non-standard port. So, you have to provide a port number while connecting the server using the ssh client.

Use the following command from the client machine to connect the remote server to a new port.

ssh -p 2232 user@remote-host 

The rsync user follow these instructions to connect remote system on a different port.

Conclusion

This tutorial helped you to secure your Linux server by changing the SSH port to a non-standard port. Once the SSH port is changed, you must update the firewall rules to secure the new port.

The post How to Change SSH Port in Linux appeared first on TecAdmin.

OpenSSH provides you the option to connect remote system over the SSH protocol. Which provides the end to end encryption between communication to two systems.

This tutorial will help you to check OpenSSH version running on your system.

Check OpenSSH Version

The SSH command provides and option to check version of local SSH server version as well as on remote systems. Use the following commands to check OpenSSH version running on local or remote systems.

• Check OpenSSH version on local system –
  Use the following command to check OpenSSH version running on local system.

  ssh -V 
  

  

• Check OpenSSH version on remote system –

  You can also find the OpenSSH server version running on the remote servers. This can be find by connecting remote server over SSH protocol in verbose. The connection log shows the SSH server version on local system as well as OpenSSH version running on remote machine.

  ssh -v localhost 
  

  Watch the output of the above command and identify the OpenSSH version running on local and remote systems.

  

Conclusion

This tutorial helped you to check OpenSSH version running on the localhost system. Also you can check OpenSSH version running on a remote system.

The post How to Check OpenSSH Version appeared first on TecAdmin.

• SSH for Linux
• RDP for Windows

In this tutorial, we will see how to use SSH to connect to a remote server?

What is SSH?

SSH stands for Secure Socket Shell and it is a network protocol used to access a system remotely in a secured way. SSH is an application layer protocol and it allows you to access another machine without physical access. Simply, you can control the servers remotely via the internet.

In the early 90s, IT professionals were using Telnet for data transfer. It was an application layer protocol and used to transfer data without encryption. Later SSH was created as a secured alternative to Telnet which encrypts data so that others cannot retrieve it without access.

SSH allows encrypted communication between two computers and also, it is used to manage systems and applications remotely. With the help of SSH you can:

• Issue remote commands
• Transfer files, data, text
• Connect to remote servers
• Provide secure access for automated processes and users.

How does SSH work?

It works by connecting a client device with an SSH server. You can start the server on Ubuntu by running sudo systemctl start ssh. You install the SSh application on the client-side and provide information related to the remote server. On the server-side, There will be an SSH daemon that continuously checks for specific TCP/IP ports for client connection requests. Once the client initiates the connection requests with the right credentials, the SSH daemon starts exchanging the identification data with the client to establish a secured remote connection.

So to connect to a remote server using SSH, you need to make sure that SSH is installed on both the server and client devices. In this tutorial, we will use OpenSSH which is an open-source SSH tool for Linux. First, we will install it on both the client and remote devices and then we will use it to connect to the remote device.

Installing an OpenSSH server

The server machine which you are trying to access with SSH must have a server-side part of the SSH software kit. You can also check if you have already installed the OpenSSH server on the remote server or not by connecting to the localhost:

1. Open the terminal on your remote server machine
2. Write ssh localhost and press enter.
3. If you do not have an OpenSSH server installed then you will get a ‘Connection refused error’.

So if you do not have OpenSSH installed on your remote server then you can follow the below steps to install one.

1. Open your terminal and run:

   sudo apt update && apt install openssh-server 
   

2. Type your password when prompted and then enter Y to install. After a few minutes, the SSH server will be installed on your machine.
3. You can run this command to check the server status:

   sudo systemctl status ssh 
   

4. You will see an Active response on your window. This means you have successfully installed the SSH server and it is running well.

Now as you have installed an SSH server on a remote machine, you are ready to accept the connection request from a different remote device or your client device.

Installing an OpenSSH client

We need to install the OpenSSH client on our primary device which we will use to connect to a remote server or machine. So to check if you have already installed the OpenSSH client on your device or not. Follow the below steps:

1. Open your SSH terminal.
2. Type ssh and press Enter.
3. If you already have a client installed, you will see an output like this:

   ssh 
   
   usage: ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
   [-D [bind_address:]port] [-E log_file] [-e escape_char]
   [-F configfile] [-I pkcs11] [-i identity_file]
   [-J [user@]host[:port]] [-L address] [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port] [-Q query_option] [-R address] [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]]
   [user@]hostname [command]
   
   

Or if you do not have a client installed on your system then follow these steps to install one:

1. Open your terminal and run this command:

   sudo apt install openssh-client
   

2. Type your password when asked and hit enter. After a few minutes, the client will be installed on your device.

Now you can connect to any device which has an ssh server installed on it and you have a hostname and IP address of that device.

How to use SSH to connect to a remote server?

After installing OpenSSH on the client and server machines you can proceed to create a connection between them.

1. Open a terminal on your client system and run ssh your_username@host_ip_address. [host IP address is the, IP address of the device you are trying to connect with] If your username is as same as the username on the server machine then you can run this: ssh host_ip_address.
2. Next, type your password and click enter.
3. If you are connecting to the server the first time and the remote server is not identified by your computer.

So, you will get a warning message on your screen that you want to connect or not. Just type yes and click enter.

4. After a few seconds, you will be connected to your remote server and you can perform your tasks.
5. To exit the connection and return to your local device you can run this command exit.

Here is the screenshot of ssh command:

Conclusion

SSH is the light, secured and easy method to connect to a remote server. Also, it is one of the most important things to be mastered by a System Administrator. It is a simple and common Linux activity and you can learn it for your daily use too.

The post How to Use SSH to Connect to a Remote Server appeared first on TecAdmin.

Features of OpenSSH

• Open Source Project
• Free Licensing
• Strong Encryption (3DES, Blowfish, AES, Arcfour)
• X11 Forwarding (encrypt X Window System traffic)
• Port Forwarding (encrypted channels for legacy protocols)
• Strong Authentication (Public Key, One-Time Password and Kerberos Authentication)
• Agent Forwarding (Single-Sign-On)
• Data Compression

Click here to know more details about OpenSSH features.

Step 1 – Install/Update OpenSSH Server

OpenSSH Server packages is available under default apt repositories under all versions of operating systems. You can install or update latest OpenSSH server using following command.

sudo apt-get update
sudo apt-get install openssh-server

Step 2 – Start/Stop OpenSSH Service

After installing OpenSSH latest packages from default apt repository. You OpenSSH server will start automatically. But if you need to Start, Stop or Restart OpenSSH server from the command line, use the following commands

sudo service ssh start
sudo service ssh stop
sudo service ssh restart

Step 3 – Open Firewall Port

If you are using iptables to secure your server, use following command to open port for SSH access.

sudo iptables -A INPUT -s 192.168.1.0/24 -p tcp --dport 22 -j ACCEPT

Or if you are using ufw for managing firewall use following command.

sudo ufw allow from 192.168.1.0/24 to any port 22

What Next: 5 Tips to secure openssh-server

The post How to Install or Update OpenSSH Server on Ubuntu & LinuxMint appeared first on TecAdmin.

OpenSSH is the most widely used ssh server for Linux-based systems. This article describes how to install the OpenSSH server on Debian Linux systems. OpenSSH is used to connect securely to the server from remote ssh client systems.

Step 1 – Installing OpenSSH Server on Debian

OpenSSH server can be installed on Debian systems using the default Apt repositories. You can update Apt-cache and install OpenSSH using the following commands. If OpenSSH is already installed, it will be upgraded to the latest version.

sudo apt update 
sudo apt install openssh-server 

Step 2 – Secure OpenSSH Server

The /etc/ssh/sshd_config is the main configuration file for OpenSSH server. After successfully installing the OpenSSH server on your system, you may need to make few changes to secure your server.

• Change Default Port – OpenSSH runs on default port 22. We recommend changing the SSH port to another port.

  Port 2222
  

• Disable Root Login – By default root user are allowed to ssh from remote clients, For security purpose we recommend to disable direct root access. Use any non-root account for ssh and then switch ( su – ) to the root account. To do this add “PermitRootLogin no” in ssh configuration file

  PermitRootLogin no
  

Remember to restart the OpenSSH server after making changes to the configuration files.

For more details visit https://tecadmin.net/5-tips-to-secure-openssh-server/

Step 3 – Manage OpenSSH Service

Systemd is the default service manager for the latest Debian operating systems. You can manage the OpenSSH service state usign the systemctl command.

Use one of the below commands to start, stop, or restart the OpenSSH service:

sudo systemctl restart ssh 
sudo systemctl start ssh 
sudo systemctl stop ssh 

To check the current status, type:

sudo systemctl status ssh 

Conclusion

The procedure for installing or upgrading the OpenSSH server on Debian Linux is described in this tutorial. You also learn how to change the default SSH port and disable root login.

The post A Guide to Install or Update OpenSSH Server on Debian. appeared first on TecAdmin.

Allow/Deny Users and Groups:

To allow or deny any user or group on OpenSSH, first edit configuration file /etc/ssh/sshd_config in your favorite editor and do changes as following examples.

1. Deny Users: To restrict for block specific user for SSH on server add the following rules. For example to restrict users raj, tyler and sarah.

DenyUsers  raj  tyler  sarah

2. Deny Groups: In place of restricting specific users we can also restrict groups in OpenSSH. For example to restrict support and marketing groups from ssh add following rules.

DenyGroups  support  marketing

3. Allow Users: By default all users are allowed to login to OpenSSH server. But we can specifically allow any user, For example jack and richard belongs to support group and we already have restricted that group members. So we can specify that users in Allow users to allow them specifically.

AllowUsers  jack  richard

4. Allow Groups: Similarly we can allow all the members of specific group which may be denied in any other group. For example user andrew and peter belongs to marketing group as well as admin group. So we can allow access to both users by allowing admin group.

AllowGroups  admin

Restart OpenSSH:

After doing any changes in configuration file, make sure to restart OpenSSH service as following.

# service sshd restart
or
# systemd restart sshd

The post How to Deny/Allow Access for Users & Groups in OpenSSH appeared first on TecAdmin.

Install Package for SCP command

scp command is comes from package openssh-clients on Red Hat systems and package openssh-client is used for Debian based systems. Use following commands to install package for scp command on Linux operating systems.

On CentOS/RHEL and Fedora

# yum install openssh-clients

On Ubuntu and Debian

$ sudo apt-get install openssh-client

Transfer File Using SCP command

Local to Remote: To transfer file /opt/myfile.txt from local to remote (remote.example.com) system’s /opt/ directory use following command.

# scp /opt/myfile.txt remote.example.com:/opt/

Remote to Local: To transfer file /opt/myfile.txt from remote (remote.example.com) system to local systems /opt directory use following command.

# scp remote.example.com:/opt/myfile.txt /opt/

The post bash scp: command not found appeared first on TecAdmin.

Features of OpenSSH

• Open Source Project
• Free Licensing
• Strong Encryption (3DES, Blowfish, AES, Arcfour)
• X11 Forwarding (encrypt X Window System traffic)
• Port Forwarding (encrypted channels for legacy protocols)
• Strong Authentication (Public Key, One-Time Password, and Kerberos Authentication)
• Agent Forwarding (Single-Sign-On)
• Interoperability (Compliance with SSH 1.3, 1.5, and 2.0 protocol Standards)
• SFTP client and server support in both SSH1 and SSH2 protocols.
• Kerberos and AFS Ticket Passing
• Data Compression

Click here to know more details about OpenSSH features.

Step 1 – Install / Update OpenSSH Server

OpenSSH Server is available under default yum repositories. We can install or update the latest OpenSSH server using the following command available under yum repositories.

On CentOS/RHEL 7 Systems:

sudo yum install openssh-server 

On Fedora and CentOS/RHEL 8 Systems:

sudo dnf install openssh-server 

Step 2 – Start OpenSSH Service

After installing or upgrading OpenSSH’s latest rpm packages, start the service using the following command and make it autostart on system boot.

sudo systemctl enable sshd 
sudo systemctl restart sshd 

Step 3 – Open Port in Firewall

If you are using iptables to secure your server, use the following command to open port for SSH access.

iptables -A INPUT -s 192.168.1.0/24 -p tcp --dport 22 -j ACCEPT 

What Next: 5 Tips to secure openssh-server

The post How to Install or Update OpenSSH in CentOS and Fedora appeared first on TecAdmin.