Mastering Secure Remote Access with SSH and Mosh

mrleon

Levani (Leo)

Posted on July 24, 2024

Mastering Secure Remote Access with SSH and Mosh

✨ Introductions

In today's digital age, remote access to servers and systems is a crucial aspect of managing and maintaining IT infrastructure. Secure Shell (SSH) and Mosh (Mobile Shell) are powerful tools that provide robust, secure, and responsive remote connectivity. This guide will walk you through the essential steps to install, configure, and optimize SSH and Mosh, ensuring you have a reliable setup for your remote operations.

  • SSH: The Secure Shell Protocol is a cryptographic network protocol for operating network services securely over an unsecured network.

  • Mosh is a replacement for interactive SSH terminals. It's more robust and responsive, especially over Wi-Fi, cellular, and long-distance links.

For MacOS and Arch-Linux, replace the file manager commands with the appropriate ones, the rest will be mostly the same.

Step 1: Install

Debian/Ubuntu:

sudo apt install ssh mosh
Enter fullscreen mode Exit fullscreen mode

Step 2: Configurations and Settings

After installing SSH, navigate to the folder that appears in your home directory.

ls ~/.ssh
Enter fullscreen mode Exit fullscreen mode

There you will see:

id_dsa / id_dsa.pub

or

id_rsa / id_rsa.pub

Look for a file named id_dsa or id_rsa.

And the corresponding file with the .pub extension.
(.pub) is the public key, and the other file is the private key.

If the specified files are absent (or there is no .ssh directory).

For standard generation:

ssh-keygen
Enter fullscreen mode Exit fullscreen mode

or

For more detailed configuration:

ssh-keygen -t rsa -b 4096 -C "<your_email>@example.com"
Enter fullscreen mode Exit fullscreen mode

To change the passphrase for a key, use the command:

ssh-keygen -p
Enter fullscreen mode Exit fullscreen mode

The program will first ask for the file location to save the key (.ssh/id_rsa).

If you don't want to enter a passphrase every time you use the key, you can leave it empty or use the ssh-agent program.

If you decide to use a passphrase for the private key, it is highly recommended to use the -o option.

Now, each user should send their public key to you or to the person administering the server (assuming your SSH server is already configured to work with public keys). To do this, simply copy the contents of the .pub file and send it via email.

Step 3: Getting Started with SSH

  1. Start the ssh-agent:

    eval $(ssh-agent -s)
    
  2. Authorize the ssh key:

    ssh-add ~/.ssh/id_rsa
    
  3. Check the contents:

    ssh-add -l
    
  4. Remove all keys (Optional):

    ssh-add -D
    

Step 4: Setting Up Remote Access

  1. Add your public SSH key to the server's 'authorized_keys' file:

    vi ~/.ssh/authorized_keys
    
  2. Optional:
    If your SSH server is running on a non-standard port (443):

    ssh-copy-id -p 443 <user>@<server>
    

    or

    If you are using the default port (22):

    ssh-copy-id <server_name>
    

    Add:

    • login
    • password

Step 5: Disabling passwords for SSH access

  1. Disable password access to the server:

    sudo vi /etc/ssh/sshd_config
    
  2. Find and modify the following lines to disable password authentication:

    'PasswordAuthentication no'

  3. Apply the changes by restarting the SSH service:

    sudo service ssh restart
    

Step 6: Setting Up an SSH Alias

Open the SSH configuration file:

vi ~/.ssh/config
Enter fullscreen mode Exit fullscreen mode

Add the following configuration to the file:

Host alias
     Hostname alias.<host_name>
     User <user_name>
     Port 22
     ForwardAgent yes
     ServerAliveInterval 60
Enter fullscreen mode Exit fullscreen mode

To connect to the server using Mosh:

mosh --ssh="ssh -p 22" <user>@<server>
Enter fullscreen mode Exit fullscreen mode

To connect as root, use the following command:

ssh -o "User=root" alias
Enter fullscreen mode Exit fullscreen mode

To connect using SSH:

ssh <alias>
Enter fullscreen mode Exit fullscreen mode

To connect using MOSH:

mosh <alias>
Enter fullscreen mode Exit fullscreen mode

GIT Settings (Optional)

To check the current remote URL:

git remote -v
Enter fullscreen mode Exit fullscreen mode

To change the remote URL from HTTPS to SSH:

git remote set-url origin git@ssh:<repository_name>
Enter fullscreen mode Exit fullscreen mode

P.S. I was glad to share my configuration.

💖 💪 🙅 🚩
mrleon
Levani (Leo)

Posted on July 24, 2024

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related