How to Use SSH to Connect to a Remote Server in Linux or Windows?

If you’re ever required to securely connect to a remote system and connect to a command line connection, SSH is the tool to do the task. Secure Shell Protocol (SSH) has been used for many years to connect remotely with Unix and Linux or BSD devices over unsecured connections.

SSH works on a classic client-server model that allows the remote user (client) to join a computer and execute commands just like they were on the machine. 

SSH is especially helpful for servers (perhaps located on some of the most affordable web hosts) and a Raspberry Pi you need to manage remotely. 

Because these systems mainly run Linux, It’s simple to edit scripts, alter important configuration files, or download software from a remote location.

Before You Open SSH: Credentials and Access

To establish an SSH connection using an operating system, first, you require connectivity to the device. In addition, it must have its address as an address on the Internet or an acceptable hostname. 

You’ll need to provide the hostname or IP address to connect, and after that, you’ll be presented with an invitation to enter an account login and password.

If you have a Web hosting account with SSH enabled, you will likely be able to use your domain name as your address and the username and password to connect to FTP or cPanel to sign in. 

If these aren’t working, follow the directions on the hosting site. If you’re connecting to the local network server, you’ll require the computer’s name or IP address and ensure you are connected to the device remotely. It is registered for the user on that.

What is SSH?

Secure Shell, sometimes called Secure Socket Shell, is an interface that allows users to connect securely to remote computers or servers using a text-based interface.

Once a secured SSH connection is established, a shell session will be initiated, and you will be able to control the server by typing commands into the client’s running on your computer.

Network administrators and system administrators utilize this protocol most often, as do all those who must manage the computer remotely in a safe way.

How Does SSH Work?

To set up connection to an SSH connection, you require two elements which are a client as well as the server-side component that is corresponding. 

An SSH client can be described as an app you install on your computer to connect to another device or server. 

The client makes use of the information about the remote host to start the connection. If you verify your credentials, it establishes a secure connection.

On the server’s end, there is a component known as an SSH daemon that is always watching a specific TCP/IP port in case of possible client connection requests. 

When a client attempts to establish a connection, it will be detected by the SSH daemon, will react using the software and protocol versions it is able to support, and both will exchange the client’s identification information. 

SSH creates a new session in the correct environment if the credentials supplied are valid. The standard SSH protocol for SSH servers, as well as SSH client communication, is version 2.

How to Enable an SSH Connection?

Because establishing SSH connections involves both the client and a server component, it is important to ensure that they are installed on the local machine and remote machine. 

An open-source SSH tool that is widely used in Linux distributions is OpenSSH. Installing OpenSSH is fairly simple. You will need access to the server’s terminal and the device you use to connect. Be aware that Ubuntu does not come with an SSH server by default.

How to Install an OpenSSH Client?

Before installing the SSH client, be sure you have it installed. A lot of Linux distributions already come with one SSH client. For Windows machines, it is possible to use PuTTY or another client you like to connect to servers.

To verify whether the client is running on your Linux-based system you’ll need to:

  1. Install your SSH terminal. You can look up “terminal” or press CTRL + ALT + T to open your keyboard.
  2. Enter ssh in the terminal and hit Enter on the terminal.
  3. When the application is running, you’ll receive a message that appears like this:
username@host:$ username@host:$
usage: ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
[-D [bind_address:]port] [-E log_file] [-e escape_char]
[-F configfile] [-I pkcs11] [-i identity_file]
[-J [user@]host[:port]] [-L address] [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port] [-Q query_option] [-R address] [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]]
[user@]hostname [command]
username@host:~$

This means that you’re in a position to connect to a virtual or physical machine remotely. If not, you’ll need to connect to OpenSSH. OpenSSH client:

  1. Use the following procedure to set up OpenSSH on your computer. OpenSSH client onto your PC:
  2. sudo apt-get install OpenSSH-client
  3. Enter the superuser’s password when you are asked to do so.
  4. Hit Enter to complete the installation.

You can now SSH into any device with the server-side software running, provided you have the right permissions along with the hostname and IP address.

How to Install an OpenSSH Server?

The computer requires the server-side portion of the SSH software toolkit to make an SSH connection. Suppose you want to determine whether the OpenSSH server is installed in the Ubuntu system running on the remote computer, which needs to accept SSH connections. In that case, you could attempt to connect directly to your local server:

  1. Start Terminal on the server. You can search for “terminal” or press CTRL + alt + T on your keyboard.
  2. Input ssh localhost, then press enter.
  3. On systems that do not have the SSH server installed, the response will appear like this:
username@host:~$ ssh localhost

SSH: Connect to port 22 of localhost host Connection refused username@host$

If this scenario is true, then you must connect to OpenSSH. Keep the terminal open, and follow these steps:

  1. The following command is needed to set up an SSH server:
  2. Sudo apt-get install openssh-server I.
  3. Enter your password for superusers when you are asked.
  4. Enter and Y to permit an installation process to go on, following the prompt for disk space.

The necessary supporting files for the server will be downloaded. Then, you can verify that you are running the SSH server has been running on your machine by typing: Sudo service ssh status.

The terminal’s response will look like this if you are using the SSH service is currently working properly:

username@host:-$ sudo service ssh status
* ssh.service * ssh.service OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enab
Inactive: actively (running) since the 12th of March, 2022 at 10:53:44 CET, 1min 22s old The process is 1174. ExecReload=/bin/kill $MAINPID (code=exited Status=0/SUCCES
Main PID: 3165 (sshd)

Another method of determining whether you are sure that the OpenSSH server is properly installed and can accept connections is to run the ssh localhost command within your terminal prompt. The output will be similar to the screen you see when executing this command the first time.

username@host:~$ ssh localhost
The authenticity of the host "localhost (127.0.0.1) cannot be confirmed. ECDSA key fingerprint is SHA256:9jqmhko9Yo1EQAS1QeNy9xKceHFG5F8W6kp7EX9U3Rs. Are you sure that you wish to connect (yes/no)? Yes
Warning: Added 'localhost' (ECDSA) to the list of hosts that are known to exist.
username@host:~$

You can enter Y or Yes to continue.

Congratulations! You’ve set up your server to take SSH connections from a different

Computer that is using an SSH client.

TIP

You are now able to edit the SSH daemon’s configuration file. For instance, you can alter the default port used for SSH connections. In the terminal prompt, run the following command:

sudo nano /etc/ssh/sshd_config

The configuration file will be opened in the editor you prefer. In this instance, we used Nano. If you are required to install Nano, then run this command:

sudo the command sudo apt-get install nano

Be aware that you will need to start the SSH service each time you make any modifications to the sshd_config file using this command:

Sudo service ssh restart

How to Connect via SSH?

SSH Tutorial: What is SSH, Encryptions and Ports

To set up secure remote connections using OpenSSH:

  1. Open the SSH terminal on your local machine and enter the following command: ssh your_username@host_ip_address. If the username on your local machine is the same as the one on the server you want to connect to, you can simply enter ssh host_ip_address.
  2. Enter your password and press Enter. Note that you won’t see any feedback on the screen while typing your password. Make sure to keep your password safe and not in an unprotected text file if you are pasting it.
  3. The first time you connect to a server, you may be asked if you want to continue connecting. Enter “yes” and press Enter. This message will only appear this time because the remote server is not recognized by your local machine.
  4. You will be connected to the remote server once an ECDSA fingerprint has been added.

It’s generally best to use a private IP address when trying to remotely connect to a device on the same network. If the device is not on the same network, you will need to use the public IP address.

Make sure you know the correct TCP port that OpenSSH is listening on for connection requests and that you have the proper port forwarding configurations in place. The default port is 22 unless it has been modified in the sshd_config files. You can also specify the port number after the host’s IP address.

Here’s an example of making a connection request using the OpenSSH client:

username@machine:~$ ssh [email protected] -p7654
[email protected]'s password:
The authenticity of the host '185.52.53.222 (185.52.53.222)' cannot be verified. ECDSA key fingerprint is SHA256:9lyrpzo5Yo1EQAS2QeHy9xKceHFH8F8W6kp7EX2O3Ps. Are you sure you want to continue connecting (yes/no)? Yes
Warn: Added ' 185.52.53.222' (ECDSA) permanently to the list of known hosts.
username@host:~$

You can now control and manage the remote device using your terminal. If you have trouble connecting to remote servers, make sure that:

  • The IP address for the remote machine is correct.
  • The port that the SSH daemon is listening on is not blocked by firewalls or not properly forwarded.
  • Your username and password are correct.
  • The SSH software is properly installed.

SSH Further Steps

To improve the security of your SSH connection:

  1. Consider changing the default TCP port on which the SSH daemon listens. Instead of using the default port 22, choose a larger port number such as 24596. Avoid choosing easily guessable port numbers like 22222 or 2222.
  2. Use SSH key pairs to enable password-free SSH login. These are both secure and allow you to log in to your account without entering a password (which is faster and more convenient).
  3. Remove password-based login from your server to prevent the possibility of someone using a compromised password to log in. Before turning off the option of logging in with passwords, make sure that the authentication process with key pairs is working properly.
  4. Remove root access from your server and use a regular account that can switch to the root user using the su command.
  5. Use TCP wrappers to limit access to specific hostnames or IP addresses. Use the /etc/hosts.allow and /etc/hosts.deny files to specify which hosts are allowed to connect using TCP wrappers. Note that allowed hosts take precedence over denied hosts. For example, to grant SSH access to a single host, you can first block all hosts by adding the following two lines to /etc/hosts.deny:
    • SSHD: ALL
    • ALL: ALL
    • Then, in /etc/hosts.allow, add a line containing the allowed hosts for SSH service, such as an IP address, an IP range, or a hostname (e.g. sshd: 10.10.0.5, Local).

It is important to keep your login information secure at all times and to protect your data at multiple levels. Use a variety of strategies to secure your SSH connection to the servers.

VNC Over SSH

Benefits of having tech watch for competitive intelligence | Netscribes

To tunnel VNC connections through SSH:

  1. On a Linux or UNIX machine, use the following command in the terminal:
$ ssh -L 5901:localhost:5901 -N -f -l username hostname_or_IP

This command does the following:

  • ssh: launches the SSH client application locally on the machine, allowing secure connections to the SSH server from remote computers.
  • -L 5901:localhost:5901: specifies that the local port of the client should be forwarded to the host and port on the remote device. In this case, the local port 5901 on the local client will be forwarded to the same port on the remote server.
  • -N: instructs the client to only forward ports, not to execute a remote command.
  • -f: sends SSH to the background after the password has been entered and before the command is executed. This allows you to continue using the terminal to enter commands locally on your machine.
  • -l username: specifies the username to use when logging into the remote server specified below.
  • hostname_or_IP: is the remote system that has the VNC server. An example of an IP address might be 172.16.0.5, and an example of a hostname might be myserver.somedomain.com.

To connect to remote servers using an SSH tunnel from a Windows machine using PuTTY:

  1. Go to Connection -> SSH -> Tunnels on the PuTTY configuration window.
  2. Enter “5901” in the Source port field and “localhost:5901” in the Destination field.
  3. Start the SSH session as you normally would.
  4. Connect to the server using a VNC client of your choice.

What is RDP?

Remote Desktop Protocol (RDP) is a protocol developed by Microsoft that enables you to remotely control and manage computers running a Windows operating system. When you connect to a remote computer using an RDP client, you are provided with a graphical interface that allows you to access and operate the remote computer as if it were your local computer. 

Remote Desktop Services, formerly known as terminal services, allow system and network administrators to manage remote computers connected to local networks or the internet. However, it is important to note that RDP connections are less secure than SSH connections if you are not using a virtual private network (VPN). 

Automated scripts are constantly searching for vulnerabilities on your network, especially on the ports used for Windows Remote Desktop connections. To increase the security of your RDP connections, it is recommended to use secure, hard-to-guess passwords and change them regularly. While this does not fully secure RDP connections, it does make them more secure.

How Does Remote Desktop Protocol Work?

RDP Meaning. Learn the Basics of the Remote Desktop Protocol

Windows Remote Desktop connection is a feature that allows you to remotely access and control another computer over a network connection. It is based on a simple server-client model that uses Remote Desktop Protocol (RDP). 

When you enable Windows Remote Desktop and turn it on, it becomes active when the Windows Remote Desktop server-side service begins listening for connections on port 3389. To connect to the Windows server, you will need the appropriate login credentials for the remote account you are trying to access. 

Once you have been granted access, you will be able to manage your applications, transfer files between two machines, and perform any tasks you could do locally using the account you are using. The Remote Desktop client is available by default on all versions of the Windows operating system, allowing you to create an encrypted, remote connection to another PC. 

However, computers can only be remotely accessed if they are running the Pro, Enterprise, or Server version of the Windows operating system. In summary, RDP connections are only possible between computers running an installed version of the Windows operating system.

How to Enable an RDP Connection?

Remote Desktop Protocol (RDP) - Network Encyclopedia

To set up a Remote Desktop connection to another PC over the network, you will need to enable Windows Remote Desktop. Remote Desktop is a built-in feature of the Windows operating system that allows you to remotely access and control another computer. However, the ability to accept Remote Desktop connections from another machine is turned off by default on all versions of Windows. If you want to connect remotely to a server over the internet, you need to consider the following:

  • Port forwarding: If you are not using a virtual private network (VPN), you need to ensure that the ports are properly forwarded to the IP address of the remote host. Check your router’s settings to see if the data to the default TCP port of the Remote Desktop Protocol (port 3389) is being directed to the IP address of the server you want to connect to. Keep in mind that exposing your Windows server directly to the internet can make it vulnerable to attacks.
  • Using a VPN: This is a more secure option for Remote Desktop connectivity. By creating a virtual private network on your client’s PC and connecting to it, you will be able to access all the services available through local connections.
  • Firewall settings: Make sure that the firewall you are using on your remote machine is not blocking Remote Desktop connections. You need to open the local port used for RDP, whether it is the default port or a custom port number.

Enabling Remote Access in Windows 7, 8, 10, and Windows Server Versions

The process of configuring remote desktops and allowing secure remote access to the server or PC from a different computer is the same for all versions of the Windows operating system.

Here are the basic steps to enable remote connection to the desired computer. Before starting, make sure you have considered the guidelines mentioned above regarding port forwarding, VPN, and firewall configurations.

Step 1: Allow Remote Connections

To allow remote connections on the computer you want to connect to:

  1. Right-click on Computer or This PC (depending on your version of Windows).
  2. Click on Properties.
  3. Click on the Remote settings option on the left side of the screen.
  4. Select the “Allow Remote Connections on this computer” option. This will add a Remote Desktop Firewall exception. You can also check the box that says “Allow connections only from computers running Remote Desktop with Network Level Authentication (recommended)” to increase security for your RDP sessions.
  5. Click Apply if you want to stay on the tab, or click OK to close it.

Step 2: Add Users to the List of Remote Users

If you want to allow users other than administrators to access the machine, follow these steps:

  1. In the Remote settings screen, click on the Select Users button.
  2. Click on the Add button in the Remote Desktop Users box.
  3. In the Select Users window that appears, you can choose the location you want to search by clicking on Locations.
  4. In the “Enter the object names to select” field, type the name of the user and then click Check Names.
  5. If a matching account is found, click on the user’s account and click OK.
  6. Close the System Properties window by clicking OK.

Note: Administrator accounts are automatically added to the list of allowed users, but will not appear on the list. There are not many other settings to change in order to set up a Remote Desktop connection. If other settings do not prevent the connection, you should be able to remotely connect to and control the computer.

How to Use the Remove Desktop Connection Client?

To use Remote Desktop on a local computer:

  1. Launch the Remote Desktop Connection application:
    • On Windows 7: go to Start > All Programs, open the Accessories folder, and click on Remote Desktop Connection.
    • On Windows 10: go to Start, open the Windows Accessories folder, and click on the Remote Desktop Connection app.
    • Alternatively, you can search for “Remote Desktop Connection” in the start menu or press the Windows + R keys, enter “mstsc” in the “Open:” field, and press Enter.
  2. In the “Computer” field, enter the name or IP address of the remote computer you wish to connect to and click “Connect.” If the port for the Remote Desktop connection on the remote host has been changed from the default (port 3389), you will need to add it after the IP address, for example: 174.163.152.141:6200.
  3. Depending on your situation, you may need to enter the public or private IP address of the host. If both the client and the remote host are on the same Local Area Network, you will use the host’s IP address. If you are using a VPN on the client to connect to an external host, you will use the host’s IP address. If the client is connecting to the host via another network over the internet, you will use the public IP address.

How to Find the IP Address and Host Name?

To set up a Remote Desktop service, you will need to find the name or IP address of the computer you want to connect to. Here are some methods to find this information:

  • To find the private IP address of a computer:
    1. Open the Command Prompt by searching for “CMD” in the start menu or pressing the Windows + R keys, typing “CMD,” and pressing Enter.
    2. Type “ipconfig” in the command prompt and press Enter.
    3. The private IP address of the computer will be listed under “IPv4 Address.”
  • To find the public IP address of a computer:
    1. Open a web browser and go to the search bar.
    2. Type “what is my IP” or “my IP” and press Enter.
    3. The public IP address of the computer will be displayed in the upper right corner of the page, or on the first page of the search results.
  • To find the name of a computer:
    1. Right-click on Computer or This PC (depending on your Windows version).
    2. Click on “Properties.”
    3. The complete name of the computer can be found under “System settings” in the “Computer name, domain, and workgroup settings” section.

Once you have the name or IP address of the computer you want to connect to, you can proceed with the following steps:

  1. Open the Remote Desktop Connection application and enter the name or IP address of the remote computer in the “Computer” field.
  2. When the connection is established, you will see a window where you can enter the login credentials for the remote computer. If necessary, you can also provide a different username.
  3. Click “OK” and you will be prompted to accept a security certificate warning. Select “Yes” to continue.
  4. If another user is already logged into the remote computer, you will receive a warning message that you need to have them disconnect before you can access the machine.

Note that only one user can be logged into a Windows computer at a time. Once you are connected to the remote computer, you will have access to perform any tasks based on your user account permissions.

Remote Desktop Protocol Further Steps

To ensure the security of your remote desktop connection:

  1. Consider using a built-in VPN server to encrypt your internet traffic and provide additional security for your Windows server and its services.
  2. Set the client connection encryption level to “High” to ensure that all client communication and Remote Desktop Sessions Host servers are encrypted with 128-bit encryption. Avoid using the “Client Compatible” encryption level, as it may not provide adequate security.
  3. Use two-factor authentication with tools like Duo Security to add an extra layer of protection to RDP sessions.
  4. Use firewall rules to limit access to RDP ports on the internet, especially the standard RDP port 3389 for TCP. You can use the firewall included in Windows, accessed through the Control Panel, to restrict access to specific ports and IP addresses.

By following these best practices, you can protect your remote desktops and reduce the risk of unauthorized login attempts without having to spend a lot of time configuring your devices. Remember, your server is particularly vulnerable when accessed over the internet, so it is important to take steps to protect it.

FAQ

What is the best way to connect with a server with SSH?

To establish the SSH connection to another computer, it is necessary to know the server’s Internet Protocol (IP) address or hostname, as well as an authentic username. Connect using an account password or public and private key pair. Since usernames and passwords can be used to force access, using the SSH key is recommended.

What is the procedure for SSH work step-by-step?

The steps required to create an SSH session can be described as follows:

  1. The client calls the server to establish an exchange.
  2. The server responds to the request by sending the client a private cryptography key.
  3. The server determines parameters and creates an encrypted channel for the client.
  4. The user, via their client, connects to the server.

Are SSH employed for remote access?

Apart from providing strong encrypted security, SSH has been widely utilized by network administrators to control software and systems remotely. It enables them to log in to another system on networks, perform commands, and transfer documents from one system to the next.

What is the procedure for SSH to perform on Linux?

The method by which SSH operates is through the use of a client-server model to permit authentication of two remote systems as well as encryption of data that flows between them. SSH runs using TCP Port 22 as default (though SSH port can be modified if necessary).

Do you SSH with no VPN?

Through SSH, you can set up encrypted connections that can be used to access secure services, even with no VPN. This is typically used for secure HTTP and SOCKS proxy servers.

How can I connect to a remote server with the command prompt?

Enter “mstsc /console /v: computer name” into the Command Prompt with the specific computer name that you recorded earlier instead in place of “computer name.” This will direct you to the log-in screen on the remote computer. After you’ve logged on to the remote machine like it were the one you’re in front of.

How can I connect to a Unix server via Windows?

Visit My Computer, and there will be an L: Drive that’s the Unix Home folder. With the SSH client, a program known as PuTTY, it is possible to connect to a Unix computer securely. SSH (Secure Shell) is a substitute for telnet and provides you with an interface to Unix.

Can you utilize Linux commands within Windows Terminal?

Any program that uses an interface to the command line can be run in Windows Terminal. This encompasses the entire range of PowerShell along with Command Prompt to Azure Cloud Shell and any WSL distribution.

What are the disadvantages of SSH?

Every site that is added requires an SSH key that is added by SFTP or manually through SSH. There is no native GUI. The GUI is an added layer of complexity, meaning simple issues like theme management or plugins could take longer. It also means that you need to create a GUI when you plan to use something other than the command line.

Which one is better? SSH or VPN?

The primary distinction between these two methods can be seen in SSH being connected to a particular device, while VPN connects to the network. Both of them add a layer of security while browsing the internet. If you’re in search of an enterprise solution for your business, the VPN provides the best security and privacy options of the two.

Is SSH superior to HTTP?

It’s among the primary reasons why developers use SSH instead of HTTP. Reduces Time: SSH is a great way to save time as the user does not have to enter credentials each time. SSH keys are secure: SSH keys are more secure than any password you could think of.

Conclusion

The procedures and steps described in this article will be useful for most users and most variants of Linux and Windows operating systems.

Connecting to the Remote Server with Linux or Windows should now be possible. There are, of course, other ways to connect two computers from a distance. However, these are the best we discussed here.

Share this:

Leave a Comment