Secure remote access makes life easier for developers, system administrators, and IT technicians. It allows them to connect to an end user's system without being in the same location as them, improving productivity and performance.
Secure Shell (SSH) is one of the most effective ways to access and manage remote systems. This technology encrypts communications between the client and the server, enhancing system security and preventing unauthorized access.
Another important benefit of SSH is its simplicity. This technology is relatively easy to use with various tools and clients, as we will demonstrate below. Plus, you can also use SSH for file transfers, running commands, and even tunneling.
This guide explains how to use SSH to connect to remote servers across Windows, Linux, and MacOS environments.
Prerequisites
For successful results, you'll need:
- A remote server with SSH enabled
- An SSH client (either pre-installed or downloadable, depending on your OS)
- Credentials (username/password or SSH key)
- Internet connectivity and access to the correct port (usually 22, unless configured differently)
SSH Setup in Different Operating Systems
The way you set up SSH depends on your operating system, whether that's Windows, Linux, or MacOS.
Windows
If you have Windows 10 or later, you won't need to do much, as these operating systems already have SSH built in.
Follow these steps to enable and use SSH in Windows 10:
- To enable SSH, go to Settings > Apps > Optional Features and install OpenSSH Client. If it's not available on your computer, go to Add a feature > OpenSSH Client and click "Install."
- To use SSH, open PowerShell or Command Prompt and connect to a remote server using this command: ssh username@server_ip.
If you have an older version of Windows or prefer a GUI tool rather than just writing commands, you can download the SSH client PuTTY. After installing the client, enter the IP address of your server, set the port to 22, and click "Open." You can use PuTTY if you have Windows 8, which doesn't natively support SSH.
Linux
Most Linux distributions usually have SSH pre-installed. To check whether SSH is available on your system, open the command-line interface, also known as the terminal, and type:
ssh
If you don't have SSH installed, you can install it with:
sudo apt-get install openssh-client.
After installation, you can connect to a remote server with the following command:
ssh username@server_ip
Mac
MacOS has SSH pre-installed. To access it, open the terminal and type the following:
ssh
You can start an SSH connection by typing:
ssh username@server_ip
How to Connect to a Remote Server Using SSH
Connecting to a remote server via SSH depends on your operating system.
Windows (OpenSSH or PuTTY)
If you're using Windows' OpenSSH client, available in Windows 10 and later, you can connect to a remote server by opening PowerShell or Command Prompt. Then, type the following command:
ssh username@server_ip
You'll need to replace "username" with your username on the remote server and "server_ip" with the server's IP address.
Here's an example:
ssh johnsmith@111.111.1.1
If you're a PuTTY user, open the client and enter the server's IP address. Then, set the port to 22 and click "Open" to start the session. PuTTY will ask you to enter your username and password before initiating a connection.
Linux
Start by opening the Linux terminal and typing:
ssh username@server_ip
Replace "username" with your username on the remote server and "server_ip" with the server's IP address.
To specify a custom port, add the "-p" flag and the port number you want to connect to on your command line:
ssh username@server_ip -p port_number
Mac
Connecting to a remote server using SSH on MacOS is similar to the above.
Start by opening the terminal and use the command:
ssh username@server_ip
Again, switch out "username" with your username on the remote server and "server_ip" with the server's IP address.
Security is paramount when you're connecting to remote servers via SSH. StrongDM's role-based access control (RBAC) and audit trail features secure these servers, providing ongoing peace of mind.
Authentication Methods
You can authenticate an SSH session in two main ways:
- Password authentication
- SSH key authentication
Password Authentication
Using a password is the default and most popular method for authenticating SSH sessions. When prompted, you can enter the password linked to your username on the remote server and connect to it via SSH.
Password authentication might not be the most secure way to connect to a remote server. Frequently used passwords are vulnerable to SSH attacks, especially those that include easy-to-guess words and phrases like "password" and "admin."
Sixty-five percent of the more than 20 million SSH servers on the public internet allow password authentication.
SSH Key Authentication
A safer alternative to password authentication might be SSH keys, which can offer better security in some cases.
You can set up key-based authentication by following these steps:
- Type the command ssh-keygen in your operating system's terminal and generate a public key.
- Copy the public key to the remote server using ssh-copy-id username@server_ip.
You can now connect to a remote server via SSH without using a potentially vulnerable password.
Common SSH Commands and Features
Here are some things you can do once you've established a connection with a remote server using SSH:
SSH Port Forwarding (Tunneling)
SSH tunneling lets you securely forward traffic between local and remote systems. To create a local port forwarding tunnel, use the following command in your terminal:
ssh -L local_port:localhost:remote_port username@server_ip
This command forwards traffic from "localhost:local_port" on your local machine to "localhost:remote_port" on the remote server.
Transferring and Managing Files With SSH
You can also utilize SSH for secure file transfers and management.
Use the following command to move files between local and remote systems via the secure copy protocol (SCP):
scp file.txt username@server_ip:/path/to/destination
SCP is a file transfer network protocol that supports encryption.
Once you've transferred files, you can manage them on a remote server via Secure File Transfer Protocol (SFTP). This technology authenticates the host and client.
Use this command to manage files on a remote server:
sftp username@server_ip
Using the SSH Config File
The "~/.ssh/config" file lets you create different aliases for your servers. Here's an example script that establishes a repeated SSH connection for this purpose:
Host myserver
HostName server_ip
User username
Port 22
You can then connect with:
ssh myserver
Running Commands on Remote Servers
Finally, you can execute commands on a remote server without starting a full SSH session. Do this by running the following command in your terminal:
ssh username@server_ip "ls -l"
Best Practices for Secure SSH Connections
You can make your SSH connections more secure by following these tips.
Use Strong Passwords or SSH Keys
Strong passwords or SSH keys are critical for secure connections. As previously mentioned, SSH keys are more secure than passwords, especially those that someone can easily guess. Therefore, keys better suit sensitive SSH environments.
If you prefer to use a password, think up one that is strong and unique. According to the Cybersecurity and Infrastructure Security Agency (CISA), the best passwords are at least 16 characters long and include a string of mixed-case letters, numbers, and symbols or a passphrase of four to seven random words.
Disable Root Log-In
For even more security, you can disable root log-in by editing the SSH configuration file (/etc/ssh/sshd_config). This prevents unauthorized persons from accessing your root account over SSH.
Use this command line to turn off root log-in:
PermitRootLogin no
Change the Default SSH Port
Changing the default SSH port (22) might reduce the chances of a data breach or other type of cyberattack.
You can swap the default port for a custom port by editing the "sshd_config" file, finding the line that says "Port 22," and changing it to another number.
You'll need to restart the SSH for these changes to take effect.
Use Fail2Ban or Other Security Tools
Fail2Ban can prevent brute-force attacks by tracking failed SSH log-in attempts and blocking suspicious IP addresses. You can download Fail2Ban using:
sudo apt-get install fail2ban
There are also similar security tools that can help you protect sensitive information.
Secure SSH Remote Access With StrongDM
SSH is an incredible technology for managing remote access. However, managing multiple SSH connections in different environments can be challenging, as your team might already know. The process is often time-consuming and complex, which can be overwhelming if you have hundreds of other tasks already on your plate.
StrongDM offers a solution. By centralizing and automating remote server management, we can streamline SSH access for your whole business. There's no need to manually manage keys, firewalls, or passwords. You can do everything from a single, unified interface.
We also offer enhanced security. With our Zero Trust approach, we encrypt, audit, and log all of your connections. That means you get full visibility into your IT infrastructure or enterprise-level system. Say goodbye to managing multiple SSH configurations and jump hosts for good!
Book your StrongDM demo today.
