There are times when we have access to physical servers and we can login directly from the server console in front of the server, or at least next to the server via KVM console. But, most of the time we don't have access to the physical server so that we have to login remotely to the server. In this tutorial we'll learn how to login remotely to a Linux Server using Secure Shell (SSH). Of course, you can also use this tutorial as guide to login to *NIX family operating systems as long as they have SSH installed.
- On Linux you can always use Terminal application. This application should be available no matter what desktop environment that you use.
- MacOS X also has Terminal.app installed by default. You can also use iTerm2 as Terminal alternative on Mac.
- Windows does not have an SSH client or server included. You can use PuTTY to do remote SSH logins from Windows. You can download PuTTY for free. You can download the individual program or PuTTY installer that not only installs PuTTY but also additional programs like puttygen.
Login Using a Password
The most simple way to login to Linux Server is using a password as an authentication mechanism. In this section we'll learn how to login to Linux server using a username and password pair.
Login From Linux or MacOS X
Linux, MacOS X and most UNIX variants have SSH installed by default, you don't need to install any additional packages unless you only install the minimalist package that does not install openssh package. In this tutorial I assume that you already have ssh client installed.
To login to a Linux server using ssh you can use the command below :
$ ssh username@server
Another way to login is using the -l option for username :
$ ssh server -l username
In case you need to access a server that is not using SSH default port (22), you can specify an SSH server port number using
-p option. In the example below the SSH port is 2222.
$ ssh server -l username -p 2222
In the example below we try to login to server 188.8.131.52 using username
$ ssh 184.108.40.206 -l root The authenticity of host '220.127.116.11 (18.104.22.168)' can't be established. RSA key fingerprint is 90:8c:7d:f8:ae:1a:09:60:44:08:3b:d9:c9:f7:c4:76. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '22.214.171.124' (RSA) to the list of known hosts. firstname.lastname@example.org's password:
The warning above is shown if you are connecting to the server for the first time. The SSH client will check the authenticity of the server by checking the SSH fingerprinting. Since this is first time connection, SSH does not have any record of this server fingerprint and wil ask you whether you want to trust this server or not.
You can type
yes on the question above and input your password.
If you have logged into this server before and you get this message again there are several possibilities that could happen :
- Your server is reinstalled and of course the SSH fingerprint changed.
- Your server compromized or someone act as man in the middle (MITM), so instead of connecting to the real server you are connecting to the MITM machine.
- Wrong change on DNS records entry so you are connecting to the wrong server.
Login From Windows
Now we'll learn how to login to a Linux Server from a Windows Machine using PuTTY. I assume that you already download PuTTY.
- Input the server address, this can be a hostname or IP Address
If you login to this server for the first time you will get a security alert regarding server fingerprint. If you are sure that you're connecting to the right server you can click Yes.
You have to input your username and password to login.
In the section above, we already learned how to login using username and password pair. In this section we'll learn how to login without password, we'll use keypair instead.
First thing that we have to do is creating keypair. We'll get a private and public key. You have to keep your private key secure while you can use the public key on the server. You can use the same private & public key on multiple servers.
Generate an SSH Keypair on MacOS X and Linux
To generate keypair on MacOS X and Linux, you can use comand below :
ssh-keygen -t rsa -b 2048 -C email@example.com -f keyfile
-Coptions will allow you to give comment for this keypair, this is
-foption allow you to specify filename for the keypair. This process will create two files, since we use filename
keyfileabove, ssh-keygen will create
keyfile.pub. You might already guess the one with the
.pubextension is public key and the one without extension is your private key.
Copy a Public Key to a Server
To copy public key to server, we can use scp program. We'll learn a little bit more about using scp on the section below. You can run command below to copy
keyfile.pub that you just generated to a server:
$ scp keyfile.pub username@server:~
~ (tidle) symbol above means home. So this command will copy the public key to the user home directory.
After copying the file you need to login to the server and run command below on the server:
$ mkdir ~/.ssh $ cat keyfile >> ~/.ssh/authorized_hosts
Securing a Private Key
I recommend moving your private key to
~/.ssh on your computer. After that, change the file permission to
400. This will make the file only readable by you, group and other users cannot read this file.
$ mv keyfile ~/.ssh $ chmod 400 keyfile
Login With a Keypair on Linux or MacOS X
Now the keypair is ready to be used to login to the server. You can use the ssh command below :
$ ssh -i keyfile username@server
-i option will tell SSH which private key to use.
Generate an SSH Keypair on Windows
- From the same site where you download putty, you can download puttygen. Open this application.
- To Generate a new keypair you can click Generate. Hover your mouse cursor around the blank space to give randomness to the generator.
- Key Created. To save the public key from the pair you can click Save public key button.
- Save as keyfile.pub. You can copy this file to the server.
- To save the private key you can click Save private key button. The warning from puttygen is that your key is not protected. We can ignore this warning.
- Save the private file as keyfile.ppk. This is the private key format used by PuTTY and not the .pem format that usually used in Linux / MacOS X.
- To export the private key to
.pemformat, you can choose menu Conversion -> Export OpenSSH Key
- Save the key as keyfile.pem
Login using Keypair using PuTTY
- Make sure that you have already copied your public key to
~/.ssh/authorized_keyson the server
- Open PuTTY. Input hostname. On Connection -> SSH -> Auth. Input the private key on Private key file for authentication column.
- You only need to input username. and Voila! No need to input the password but you can login to the server.
Copying Files Using Secure Copy
Copying Files From Linux or MacOS X Using SCP
In this section we'll learn how to copy files and or folders to a Linux server and vice versa. Linux and MacOS X also have
scp program installed by default so you don't have to install additional program.
To copy a single file from our computer to a server, we can run :
$ scp data.txt @:/path/to/destination
To copy a folder and it's contents including other folders you can use option
-r (recursive). Below is sample of the command to copy folder
data to server.
$ scp -r data @:/path/to/destination
Copying Files From Windows Using WinSCP
You can copy files and/or folders from a Windows client to Linux Servers and vice versa using WinSCP. You can choose between portable executable or installable WinSCP.
- Open WinSCP. Choose SCP on File Protocol. Input Hostname, username and Password
- This is host fingerprint verification. You will get this message when you are connecting to the server for the first time. Click Yes
- You are connected to the server via SCP. The pane on the left is your local computer. The pane on the right is your folder on server.
Running a Command Remotely On Server
We can also run one off commands from our computer to the server. We can use
-C option on ssh. You can only use this option with SSH client on Linux or MacOS X. PuTTY, even if you run it from the commmand prompt does not have such option.
For example. to check process on server, instead of logging in and run
ps, you can run the command below from your computer :
$ ssh username@server -C "ps"
In this tutorial we've learn how to connect via SSH from Windows, Linux and MacOS X machine. We also learned how to do password-less login and run remote commands on the server from the computer.