Online security is a grand topic nowadays, and with more sophisticated attacks happening worldwide, the need to stay safe online is increasing.
Measures against malicious code have been around for some time, and Secure Shell Protocol is one of the go-to solutions to safely log into a network, whether a simple home network or an enterprise one.
You might have guessed that today’s subject is SSH, and in this guide, we’ll cover all about SSH and how you can troubleshoot problems with it.
What is SSH, and How Does it Work?
SSH stands for Secure Shell Protocol, an encrypted, remote administration protocol that lets users connect, access, and modify servers and their contents over the internet.
SSH was designed as a replacement for the insecure method Telnet and rlogin, used with remote shell protocols, to remotely use a computer over a network. While programmers created SSH primarily for use in Unix-like operating systems, you can connect through SSH in Windows with an SSH client.
The way SSH works is simple, and its encrypted nature makes it very secure against unauthorized access. The basic SSH command has three parts, SSH, User, and Host.
ssh root@host
User refers to the account you want to access, and the argument “@” refers to the user’s location or server. A host can be a URL or a direct IP address pointing to a server online.
With this simple syntax, the SSH protocol enables a secure pathway to the server asking for the user’s password.
The most significant difference between other methods is that SSH encrypts the password sent over the internet with a secret key used for encryption and decryption purposes. Three are the current SSH encryption methods.
- Asymmetrical encryption
- Symmetrical encryption
- Hashes
Symmetric Encryption
It’s a method that uses a single secret key for encryption and decryption of the final message by both the sender and the receiver.
Sometimes symmetric or shared key encryption involves two keys, one calculated from the other for added security.
Asymmetric Encryption
This type of encryption uses two separate keys, one for encryption at the source and one for decryption at the destination. They’re also known as public and private keys, and unlike the symmetric method, there are a few more steps involved.
Only the correct recipient with the public key can decrypt the final message, but it doesn’t encrypt the whole SSH session.
Hashing Encryption
Cryptographic hash functions are another method for encrypting and decrypting messages through secure SSH connections. It uses hashing to validate if packets are coming from the correct source.
This is done with the help of Hash-based Message Authentication Codes or HMACs, ensuring that the transmitted data is not manipulated.
Where Is SSH Used?
The primary use of SSH is to help users log in to remote computers and servers over the internet using encryption.
SSH is not only limited to remote computers and networks. It’s also used to safely log in to local devices like the popular Raspberry Pi and various network types like FTP servers using the infamous port 22. FTP clients like FileZilla use SSH to log into remote servers online safely.
The SSH Clients
To access a remote computer over the internet with SSH, you will need an SSH client.
There are many SSH clients, but PuTTY is probably the most popular client that supports both SSH and telnet and works on many platforms. WinSCP is another popular tool to check, and both have excellent documentation that can help your “how to ssh” endeavours.
What if You Can’t SSH Into a Server?
If you cannot ssh into a server entirely, you have to check a few things apart from ensuring you have the right credentials.
- Check if the SSH service is up and running. For local servers, you can try restarting the service using the command sudo service ssh restart.
- Check whether your SSH port is installed on the system. One of the most popular tools is OpenSSH, and you can install it on your server using the sudo apt install openssh-server command on Unix systems.
- Check if the SSH port is closed and not accepting connections. This is a common problem, and you have to check your firewall settings or configure your SSH daemon to not block that specific port.
If all of the above fails, contact your hosting provider or server administrator for more help than try to troubleshoot the issues by yourself.
Common SSH Errors And How to Troubleshoot Them
While performing several administration and maintenance tasks with SSH, you might encounter connection and log-in errors. These can be visible from your client’s debug screen, so ensure you read it regularly and thoroughly when working with remote SSH connections.
Let’s go through the most common issues you might face when connecting through a secure SSH.
Connection Timeout
Connection timeout happens when a user tries to connect with the server, but the latter fails to respond in time.
You should have a look at these as a starting point.
- Check your internet connection.
- Check your firewall inbound connection rules.
- Ensure your username is correct.
- Ensure your host’s IP address is valid.
- Check that the port number is accepting ssh connections.
- Ensure your server is operational.
Connection Refused
This is a more straightforward error, but it can still cause many headaches among administrators. Connection refused means that the server responds to the user’s request but refuses the connection.
Check these solutions as a starting point.
- Ensure the host’s IP address is valid.
- Ensure your user’s password is correct.
- Check your firewall inbound connection rules.
- Check that the port number is accepting ssh connections.
Access Denied
This means that the attempt to log in was unsuccessful. It happens mainly because the user’s credentials are incorrect instead of the next error.
Check the following:
- Ensure the host’s IP address is valid.
- Ensure your username is correct.
- Ensure your user password is correct.
Permission Denied
Permission denied states that the user that tries to log in is not authorized to log in.
This is fixable through the ssh config file, although if you’re not the system administrator, then this screen is all you’ll get. Consider informing your administrator if you do want access in that case.
How Can I Test My SSH?
When you have set up your SSH, it’s time to see if it’s working properly. While there are online tools you can use to check whether a specific ssh port is open and accepting connections are convenient, there are a few commands you try from your system.
Users also test their ssh connections with the help of some of the ssh clients described above.
Usually, testing your ssh means connecting to the host with the given credentials from the client of choice. The username, password, host IP address and port number are the data you’ll need to do so.
On the server-side and Unix systems, you can check if the ssh service is running by typing this command: sudo service ssh status. If it’s running, a message saying running means everything is good to go.
If not, you’ll need to start the service by typing sudo service ssh start or sudo systemctl start ssh if you’re on Ubuntu Linux 16.04 LTS and above.