Page 1 of 1

How to work with SSH connections (SSH Clients)

How to work with SSH connections (SSH Clients)
   0

Knowing how to use SSH has become more an more important, as more and more devices use Linux as their “core” firmware, utilizing SSH for remote access.

SSH, or Secure SHell, is a secure (encrypted) method to remotely access a shell (command-line) on a different computer or device, to execute commands.
What this means is that it allows you to execute commands from your computer on another computer or device, over an encrypted and secure connection, as if you were working directly on that computer.

SSH use can be found in numerous places, but the most common one of use with a Linux, Unix, or FreeBSD based devices or computers.
Some common examples are: a Raspberry Pi, NAS, Modem, DVR, Router, Satellite Receiver, Smart TV, cellphone, Media Players, some Smart TV’s, WiFi SD-Kaarten, etc. etc.

Since I have a growing number of articles that refer to SSH use, I decided to write a short article for reference purposes.




SSH on QNAP

To be able to use SSH or SFTP, you will need to enable these services. Other servers and systems will work differently.

Go to “Control Panel Network Services Telnet / SSH“, check “Allow SSH Connection” and optionally check “Enable SFTP” and click “Apply“. That’s all there is to it.

Using SSH Clients

In this article I’ll cover some of the very basics of setting up a SSH Shell connection …
Since most of the references to our articles are based on trying to get SSH access to a device that has a SSH service enabled, we will mostly focus on that.

SFTP, FTPS, SCP and SSH 

SSH, SFTP and SCP have a connection that’s fully encrypted.

SFTP (SSH File Transfer Protocol) is a secure File Transfer Protocol protocol, which uses SSH.
SFTP is used only for interactively working with files, i.e. Copy, Rename, Transfer, Delete, etc.

SCP (Secure CoPy) is similar to SFTP and also uses SSH, but with less options. It’s more designed to just transfer files.

FTPS (FTP over SSL) is a File Transfer Protocol (FTP) protocol but unlike SSH this one runs over a SSL connection.
Although often confused with SFTP, this protocol has nothing to do with SSH and is not compatible with SFTP.
Data in this protocol is encrypted using SSL.

Keep in mind that SFTP is very different than FTPS!

SSH Client

The SSH Client is the application on your computer that you will using for accessing the “other” computer or device.

 

Note that with each SSH Connection we need:

  • Server: Often IP-Address or ComputerName, for example: 192.168.1.100
  • Username: You username on the machine you’d like to access, for example: admin
  • Password: The password on the machine you’d like to access, for example: mysecretpassword

 

In rare occasions you might need the used IP port number as well. The default port number is 22 (TCP).

Web Browser Extension for Google Chrome (Cross Platform)

Modern browsers have to option to add extensions, and believe it or not, there are SSH Client extensions for one of the most popular browsers: Google Chrome.
Now I can already hear the complaints: “What about FireFox? “.
Well … none of the plugins (FireSSH for example) is working in the latest FireFox versions … You can try searching for an SSH Shell extension or and try to install it, maybe you’re having more luck than I did.

  Secure Shell is a neat little add-on for Google Chrome browsers and as far as I can see, you can use it on any Operating System. You can download it here for free.
The cool part is that it remembers your previous connections, you just have to enter the password again.
Things become pretty easy with Google Chrome when you add a shortcut to your toolbar.

To exit Secure Shell, either close the tab or type “exit” and press ENTER.

For making a connection we use at least 2 or 3 of the available fields:
– The top (wide) field is basically where you enter the “name” of your connection, for example “My Server” (visible if you want to connect again at a later time)
– Right under that we see the first field (username) and IP-Address (or device network name)
– A connection will be established once you press ENTER or click the button “[ENTER] Connect” and typically a password will be asked.

Google Chrome - Secure Shell - Open a connection

Google Chrome – Secure Shell – Open a connection

Google Chrome - Secure Shell - Example SSH Connection

Google Chrome – Secure Shell – Example SSH Connection

  FireSSH is also a cross-platform SSH Client and seems to be quicker on it’s feet than Secure Shell. You can download this one here and it’s free as well.
Like Secure Shell, FireSSH also remembers previous connections without password.
The only downside of FireSSH is that I have not been able to create a shortcut in the browser’s toolbar, and instead I need to use the Chrome App Launcher (which is something I really didn’t need – yet another App Launcher).

To exit FireSSH, simply close the window or type “exit”.

The important fields here are:
– Top left dropdown: select an existing SSH connection or “Create an account…” to create a new SSH connection.
– “Account Name” is used for future reference, so for example “My Server”.
– “Host” is where you enter IP-Address (or device network name) of the server you’d like to contact.
– “Login” will be your username on that device and “Password” obviously the password of this account (not saved).
– A connection will be established after clicking the “Connect” button.

FireSSH Shortcut Tip 

MacOS X:
The FireSSH App can be found in ~/Applications/Chrome Apps/FireSSH.
From here you can make an alias (place it on your Desktop or in your “Applications” folder) or drag the App on the Finder Dock.

Windows:
In the “Google App Launcherright clickFireSSH” and choose “Create Shortcuts” from the popup menu. In the upcoming window check “Desktop” and/or “Taskbar” and click the “Create” button to create a shortcut.

FireSSH - Open a Connection

FireSSH – Open a Connection

FireSSH - Example Connection

FireSSH – Example Connection 

SSH Client for Windows

PuTTY is probably the easiest and most commonly used SSH Client for Windows users. You can download it for free from the PuTTY website.
Good an maybe interesting alternatives (free) are: MobaXTerm, FreeSSH, OpenSSH for Windows, WinSCP.

PuTTY

PuTTY can also be download from Tweaking4All but as usual we highly recommend getting it from the developers website.

DOWNLOAD - Putty 

Platform: Windows
Filename: putty_0.63.7z
Version: 0.63
Size: 226.2 KiB
Date: January 18, 2014
 Download Now 

In the startup screen we only have to enter “username@serveripaddress“, in the “Host Name” field, to start a connection, where “username” is your username for SSH access on the device, and “serveripaddress” is the IP-Address of the device.

Optionally you can enter a name for this connection in the “Saved Sessions” field and click “Save” to easier recall the connection at a later time. Your password will not be saved as usual.

Windows - PuTTY - Setup SSH Connection

Windows – PuTTY – Setup SSH Connection

Windows - PuTTY - Active Connection

Windows – PuTTY – Active Connection

SSH Client for MacOS X

Although ports have been made of PuTTY, installation isn’t all that great (MacPorts offer is), but for SSH use MacOS X have better options.
As with Windows, several options are available, just to mention a few: iTerm2, CSSHX, JellyFissh, MacTerm.

Terminal SSH

In all honesty, I often use “ssh” simply in Terminal (“Applications Utilities Terminal“).
The usage is straight forward:


ssh username@computeripaddress

Here “username” is of course your username, or for example “root” or “admin”, and the “computeripaddress” is the IP-Address (or in some cases the computer name works as well) of the device you’d like to reach. I have noticed that the “computeripaddress” often has to be the IP-Address when you’re working in your local network, but that could be a flaw in the DNS service I’m running in my network …

If a password is required, SSH will ask you to enter it.
You can either close Terminal or enter “exit” to close the connection.

MacOS X - Terminal - Open a SSH Connection

MacOS X – Terminal – Open a SSH Connection

MacOS X - Terminal - Example SSH Connection

MacOS X – Terminal – Example SSH Connection

SSH client for Linux

Command-line

Linux users are probably more experienced with the use of SSH and most will use the command-line (Terminal) approach as seen under MacOS X:


ssh username@serveripaddress

PuTTY

To my (pleasant) surprise, PuTTY is also available under Linux, though it might be a bit harder to find.
For Ubuntu users, either user the “Ubuntu Software Center” and install “PuTTY SSH Client”.
Non-Ubuntu users, or Ubuntu version without the software center, can try (for some reason I had to run it twice to make it work):


sudo apt-get install putty

PuTTY can then be started from the command line (type:  putty) or through the “PuTTY SSH Client” shortcut.

In the startup screen we only have to enter the server IP-Address in the “Host Name” field, to start a connection, here we seem to be unable to add “username@” in front of the connection, so just enter the IP-Address. Username and Password will be asked once the connection has been established.

Optionally you can enter a name for this connection in the “Saved Sessions” field and click “Save” to easier recall the connection at a later time. Your password will not be saved as usual.

Linux - PuTTY - Setup SSH Connection

Linux – PuTTY – Setup SSH Connection

Linux - PuTTY - Active Connection

Linux – PuTTY – Active Connection

How SSH works

For SSH to work, we will need two key elements:

SERVER – the Software that can receive SSH requests over the network from another computer
CLIENT – Software that can send SSH requests and setup a connection to a device that can accept SSH connections

To get such a connection started one would need software (often a so called Daemon that runs unnoticed in the background) that can received SSH requests: The Server.
The other side of the story is the SSH Client. The program that requests an SSH connection from the device that you like to remotely access.

Of course you will also need a username and password to gain access and the server needs to have the ability to check these. Some SSH servers use username and password sets as defined by the Operating System (common under Linux variants) and some maintain their own username and passwords. 

During the initial handshake, so called keys will be exchanged between the server and the client.
One key (public key) is used for authentication and some clients save that key for future reference (for authentication – to make sure that in the future the client is talking to the same server).

The other key is used to encrypt the connection, so that nobody can listen into what you’re doing, obviously with the intend to prevent that others gain access to your SSH enabled device. Each time you setup a connection, a new key will be used.

As you can see: Privacy/Security are key!

Please keep in mind that this is a simplified explanation of what really is going on in the background!
Specially the handshake can be done in several ways. A more detailed explanation for example can be found here.

Tip 

The request receiving party is often a device or computer that comes with SSH installed – in some cases you might need to enable it.
Most Linux/Unix/FreeBSD based devices it’s often already there.

As a rule of thumb I always disable the SSH service on a “server” and only enable it for the time that I need access (if this is an option).

Warning: Remote Host Identification has changed!

Since some SSH Clients save the key to authenticate a computer or device, linked to their computer name or IP-Address, a warning on occasion might occur.

For example when you re-install the operating system on the target computer, the computer will generate a new key, which will not match with the key your computer was expecting, and your SSH Client will complain about this with a message like this (depending on your system):

WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!

IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!

Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
....

If you did reinstall you target computer, or for some other reason the key got re-generated, then removing the existing entry in the list of known-SSH-servers will resolve this issue.

A great, in-depth, resource concerning RSS keys is SSH Keys at SourceForge.

Note : Most of these error messages will illustrate where this invalid key can be found, possibly with an explanation how to remove it – so read the message carefully!

  If you’re unaware of any reasons why this key was changed, then please check first what’s going on! Make sure security has not been compromised!

Google Chrome webbrowser extensions

Secure Shell

If you know the index of the offending host entry (it’s usually reported by ssh if the connection fails) then you will have to open the JavaScript console, which is not something every user will know how to do.

With Secure Shell open, right click for example the “[ENTER] Connectbutton and select “Inspect element” from the popup menu. You will no see the window of “split” – in the header of the new area look for “Console” and click it – this will open the JavaScript Console.

Now in the JavaScript console type: term_.command.removeKnownHostByIndex(index) where “index” needs to be replaced with the index number indicated in the error message.

If you don’t know the index, or you’d like to clear all known hosts, use: </span><span style="line-height: 1.5em;">term_.command.removeAllKnownHosts().

See also the Secure Shell FAQ.

FireSSH

Sorry — I was unable to find the location of the SSH keys, or how to modify them, for FireSSH.

Windows remove SSH key

PuTTY

For PuTTY under Windows we will need to edit the registry.

Open the registry (regedit) and go to HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\SshHostKeys .

Here you’ll find the SSH keys. The “name” column will tell you the name or IP-Address of the server.
Remove the row that holds the offending servername or IP-Address.

MacOS X remove SSH key

Terminal SSH

MacOS X “ssh” stores the SSH Keys in ~/.ssh/known_hosts .
Locate the server name or IP address of the offending “server” in this file and delete this line.

Cleaner and better is using: ssh-keygen -R serveripaddress  or ssh-keygen -R servername where “serveripaddress” is the IP address of the targeted server, or “servername” the name of the targeted server. These should match with how you call ssh.

Linux remove SSH key

Command-Line SSH

The keys for “ssh” are store in: ~/.shh/known_hosts .
The error message will give you a number, for example: Offending key in /home/user/.ssh/known_hosts:1 .
In this case you’ll have to look for the line that starts with |1| and remove this line.

Cleaner and better is using: ssh-keygen -R serveripaddress  or ssh-keygen -R servername where “serveripaddress” is the IP address of the targeted server, or “servername” the name of the targeted server. These should match with how you call ssh.

PuTTY

For PuTTY you can find quite a lot of information on how to handle SSH keys, there is even a tool that can help you convert keys (puttygen).

PuTTY under Linux stores it’s SSH key here: ~/.putty/sshhostkeys
In this file, find the line that starts with the server-name or server IP-Address of the offending server and delete this line.

Donation options


Donations are very much appreciated, but not required. Donations will be used for web-hosting expenses, project hardware or a motivational boost (a drink or snack). Thank you very much for those have donated already! It's truly AwEsOmE to see that folks like our articles and small applications.

Comments


There are no comments yet.
You can post your own comments by using the form below, or reply to existing comments by using the "Reply" button.



Your Comment …

Friendly request to not post large files here (like source codes, log files or config files). Please use the Forum for that purpose.

Please share:
*
*
Notify me about new comments (email).
       You can also use your RSS reader to track comments.


Tweaking4All uses the free Gravatar service for Avatar display.
Tweaking4All will never share your email address with others.