What is SSH on Linux

SSH remote maintenance for your Linux server

David Wolski

Linux servers, regardless of whether they are in your own home network or on the Internet, are usually managed via the command line using the SSH protocol. This may seem anachronistic, but it is a robust and secure method of remote maintenance.

EnlargeNo server without SSH: remote maintenance in the terminal is safe, lean and robust.

Ideally, it is never necessary to sit in front of the screen with a keyboard and mouse to administer a Linux system. Almost every Linux system can be administered via the network out of the box. The basic building blocks are the command line (shell) and the SSH protocol. These were created decades ago and have proven themselves to this day - on high-availability servers in data centers as well as on a small Raspberry Pi at home.

SSH: the basics

SSH has its price: It's not intuitive here. A shell is available in all situations, does not require a graphical desktop and can also be called via poor network connections. The common and secure method of using a shell on a Linux system in the network is SSH (short for "Secure Shell"). This is a client-server protocol that allows you to log on to a remote Linux system with a user name and password, as well as to a local text console. Anyone who operates a Linux system in the network cannot avoid SSH and the Linux command line.

EnlargeFirst connection to the remote Linux system via SSH: Confirmation of the fingerprint ("fingerprint") required.

The access component (client): Linux and Mac OS X have an SSH program preinstalled to establish a connection: The connection to a Linux server is possible with the "ssh" program in the terminal with the command

or as a concrete example:

The cryptographic SSH fingerprint of the server system then has to be accepted - only for the very first access. The password is then requested and the user arrives in the other shell, which works just like a local Linux command line.

Windows does not have an SSH client, but the Putty tool has been a reliable helper here for years. In principle, it is sufficient to enter the IP address in the "Host Name (or IP address)" field and click on "Open". Standard port 22 for SSH is preset. Anyone who uses Putty frequently will, however, appreciate the possibility of saving user, window, font and color settings. Putty allows the definition of any number of server connections as bookmarks under "Session".

EnlargeUnder Windows, Putty is indispensable for the remote maintenance of Linux systems.

The server component: The SSH server is usually preinstalled on server distributions and activated by default. On desktop distributions such as Ubuntu and Linux Mint, no SSH server is running after the installation. In order to change this, only the server service "OpenSSH" has to be installed from the package sources. The command

installs the package and activates the SSH server.

Reading tip: Graphical SSH clients - Putty, Hot SSH and Co.

Rights: work with sudo

An administrator usually needs root rights on the Linux system to be configured. root is the system account with the highest privileges and is allowed to do everything - including damage. Therefore, root is not a good user account for day-to-day work. With the command "su" you can switch from an ordinary user to root. For admin work in the command line, however, the auxiliary tool sudo has established itself. This tool executes the command given after it with root rights. In Ubuntu and Linux Mint, the first user set up is preconfigured for sudo and can execute root commands after entering their own password - for example to update package lists:

sudo is also the way to go when it comes to editing configuration files on the local or remote Linux system. The command

loads on Ubuntu and Linux Mint, for example, the file “/ etc / hostname”, which contains the name (host name) of the system, into the editor Nano. The key combination Ctrl-O saves a changed file and Ctrl-X exits Nano.

Typical patrols on the server

One of the most common tasks is checking the system, the utilization and analyzing errors if a server service does not work as expected. The first point of contact is then the kernel protocol, which a Linux system creates from the system start. The command

shows all messages of the kernel log files with time stamp. A look at this log allows this command:

The appended "less" displays the messages page by page and pressing Q ends this list. Error messages and warnings for all devices and drivers can also be found here. The input

reduces the output to errors. Normal messages, such as those logged by the kernel for the initialization of devices, are then filtered out.

A very recommendable command line tool for displaying the system load is the program htop, which comes with

is quickly installed on Debian / Ubuntu-based servers. htop shows the list of running processes as well as processor and RAM usage. The htop display can be set in detail via F2, F10 closes the tool.

Also interesting: The 10 most important Linux commands for networks and the Internet

EnlargeWith Filezilla it is also possible under Windows to securely transfer files to Linux servers via SSH.

SSH for file transfer

Unencrypted protocols such as FTP and Webdav are taboo for file transfer on the Internet and in shared networks. There is always the risk that the unencrypted login data will fall into the wrong hands. The all-rounder SSH ensures secure transfer of login information and secure data transfer. The command line program for transferring files from the client to the server via SSH is called scp, short for "secure copy". With