Ubuntu SSH: How To Enable Secure Shell in Ubuntu

SSH (Secure SHell) is possibly the best way to remotely access a Unix system – it’s very secure thanks to automatic encryption of all the traffic, and it’s also quite universal because you can do all sorts of things: access remote command line shell, forward graphics session output, establish network tunnels, set up port redirections and even transfer files over the encrypted session.

Today I’m going to show you how to get started with SSH in Ubuntu.

Installing SSH server in Ubuntu

By default, your (desktop) system will have no SSH service enabled, which means you won’t be able to connect to it remotely using SSH protocol (TCP port 22). This makes installing SSH server one of the first post-install steps on your brand new Ubuntu.

The most common SSH implementation is OpenSSH. Although there are alternative implementations (closed source solutions and binary distributions maintained by various Unix and Unix-like OS vendors), OpenSSH is a de-facto standard in the secure transfers and connections industry. That’s exactly what you want to install.

Log in with your standard username and password, and run the following command to install openssh-server.

You should be using the same username that you specified when installing Ubuntu, as it will be the only account with sudo privileges to run commands as root:

ubuntu$ sudo apt-get install openssh-server
[sudo] password for greys:
Reading package lists... Done
Building dependency tree
Reading state information... Done
Suggested packages:
  rssh molly-guard openssh-blacklist openssh-blacklist-extra
The following NEW packages will be installed:
  openssh-server0 upgraded, 1 newly installed, 0 to remove and 75 not upgraded.
Need to get 285kB of archives.
After this operation, 782kB of additional disk space will be used.
Get:1 http://ie.archive.ubuntu.com jaunty/main openssh-server 1:5.1p1-5ubuntu1 [285kB]
Fetched 285kB in 0s (345kB/s)
Preconfiguring packages ...
Selecting previously deselected package openssh-server.
(Reading database ... 101998 files and directories currently installed.)
Unpacking openssh-server (from .../openssh-server_1%3a5.1p1-5ubuntu1_i386.deb) ...
Processing triggers for ufw ...
Processing triggers for man-db ...
Setting up openssh-server (1:5.1p1-5ubuntu1) ...
Creating SSH2 RSA key; this may take some time ...
Creating SSH2 DSA key; this may take some time ... 
* Restarting OpenBSD Secure Shell server sshd                           [ OK ]

Public and Private keys in SSH

As you can see in the sample output above, the installation procedure created 2 sets of keys – SSH2 RSA keypair and SSH2 DSA keypair. The reason for this is that OpenSSH relies heavily on the public and private key (PPK) infrastructure.

The concept behind PPK is pretty cool: SSH allows you to create keypairs. They are generated to the maximum randomness achievable on your system. Keypairs can be created for your server or for your individual uses.

The idea is that public keys are shared with other servers, and they later can be used as a unique identificator to confirm your true identity. When you’re connecting to another server, it uses your public key to encrypt a short message and the secure session will only be established if on your side you have a private key that allows decrypting the message. No other system or user can decrypt the message because only you would have the private key. That’s why it’s called private – don’t ever share it with anyone.

As an additional security measure, when you’re generating personal keypairs you’ll be asked to supply a passphrase so that even if someone steals your private password they won’t be able to use it without knowing your passphrase.

Verifying your SSH server works

While you’re still on your local desktop session, you can use the ps command to confirm that SSH daemon (sshd) is running:

ubuntu$ ps -aef | grep sshd
root     24114     1  0 15:18 ?        00:00:00 /usr/sbin/sshd

Now that you see it’s there, it’s time to try connecting:

ubuntu$ ssh localhost

Since this is the first time you’re trying to connect using SSH, you’ll have to answer yes to the following question:

The authenticity of host 'localhost (::1)' can't be established.RSA key fingerprint is 18:4d:96:b3:0d:25:00:c8:a1:a3:84:5c:9f:1c:0d:a5.Are you sure you want to continue connecting (yes/no)? yes

… you’ll then be prompted for your own password (remember, the system treats such connection request as if you were connecting remotely, so it can’t trust you without confirming your password):

Warning: Permanently added 'localhost' (RSA) to the list of known hosts.greys@localhost's password:

.. and finally you’ll see the usual Ubuntu (Jaunty in this example) banner and prompt:

Linux ubuntu 2.6.28-11-generic #42-Ubuntu SMP Fri Apr 17 01:57:59 UTC 2009 i686

The programs included with the Ubuntu system are free software;the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law.

To access official Ubuntu documentation, please visit:http://help.ubuntu.com

Last login: Fri May 15 15:18:34 2009 from ubuntu

ubuntu$

That’s it, providing you have your networking configured and you know your IP address or hostname, you can start connecting to your Ubuntu box from remote systems, using the same command. Enjoy!

Recommended books:

See also:



Useful Solaris OS tips from my Solaris Blog

As some of you may know already, I’ve recently restarted my activity on another technical blog of mine: Solaris blog.

Solaris blog: http://solaris.reys.net

Solaris blog is the very first blog I started, I was actively posting new material in 2006-2007.  Since then my primary focus had shifted to Linux systems, but I realized that I miss Solaris so much that I still need to play with latest versions and features in Solaris 10 and OpenSolaris.

Today I’d like to offer you a few articles from Solaris blog, let me know if you find them useful:

Most of these topics are fairly technical and expect you to have previous knowledge of Solaris OS, but Unix Tutorial is here to take care of the basics – so ask away and I’ll be glad to help you discover Solaris in my future posts.

See Also



How to Confirm Disks Capacity in Linux

show disk size in Unix is a very popular request visitors use to arrive at my Unix Tutorial pages. Since I never addressed the question of confirming the number of hard drivers available on your system or the task of finding out a disk’s capacity, I’d like to document a quick and easy way of doing just that.

I hope that when someone looks for a way to show disk size, what’s really expected is a command to help you confirm the capacity of a disk in gigabytes.

Using fdisk command in Linux

One of the easiest ways to learn a lot about hard drives installed on your Linux system is to use the fdisk command:suse# fdisk -l

Disk /dev/sda: 145.4 GB, 145492017152 bytes
255 heads, 63 sectors/track, 17688 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1               1         262     2104483+  82  Linux swap / Solaris
/dev/sda2   *         263       17688   139974345   83  Linux

As you can see, there are two sections in the output provided: disk information (capacity and geometry) and disk layout (partitions). The same pattern is repeated if you have more than one disk installed.

What you should look for is the lines starting with “Disk” word: they usually specify the device names for each drive and also provide the capacity in gigabytes. Thus, a time saver would be to grep the necessary information from the command above, this way:

suse# fdisk -l | grep Disk
Disk /dev/sda: 145.4 GB, 145492017152 bytes

On a system with multiple disks, the output will look more useful:

redhat# fdisk -l | grep Disk
Disk /dev/sda: 21.4 GB, 21474836480 bytes
Disk /dev/sdb: 4294 MB, 4294967296 bytes

That’s it – a very simple way for you to determine the number of disks in your system while also confirming the capacity available for your needs. fdisk command is actually a very powerful disks management tool which allows you to manage partitions – create and delete them or modify the type of each partition. I will be sure to revisit this command some other time cause usage above doen’t do this wonderful Unix command any justice.

See also:



How To Confirm if Your CPU is 32bit or 64bit

I had to download a piece of software today for one of the servers which I haven’t used in a while. A question of confirming the 64bit CPU capability came up, and I realized that I never mentioned it here on Unix Tutorial.

Some of you probably remember the uname command which also shows you similar information, but uname confirms the running kernel of your OS and not the CPU capability: if you’re booted into 32bit mode, it will not help you to recognize the 64bit potential of your system.

Obtaining CPU information from /proc/cpuinfo

Most Linux distros will have the special /proc/cpuinfo file which contains a textual description of all the features your processors have. This is a very useful file – depending on your task it may help you identify any features of your processors, as well as confirm the overall number of CPUs your system has installed.

Most commonly, the following information is obtained from /proc/cpuinfo:

  • processor model name and type
  • processor speed in Mhz
  • processor cache size
  • instruction flags supported by CPU

Here’s how the typical output will look:

processor       : 0
vendor_id       : GenuineIntel
cpu family      : 15
model           : 4
model name      :                   Intel(R) Xeon(TM) CPU 3.20GHz
stepping        : 3
cpu MHz         : 3192.320
cache size      : 2048 KB
physical id     : 0
siblings        : 2
core id         : 0
cpu cores       : 1
fpu             : yes
fpu_exception   : yes
cpuid level     : 5
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts
acpi mmx fxsr sse sse2 ss ht tm syscall nx lm pni monitor ds_cpl cid cx16 xtpr
bogomips        : 6388.78
clflush size    : 64
cache_alignment : 128
address sizes   : 36 bits physical, 48 bits virtual
power management:

The same block of information will be shown for each CPU visible to your system. There will be 2 processor instances for each physical CPU if hyper-treading is enabled, and there will be 2 or 4 processor entries for each physical CPU on dual- and quad-core systems configurations.

How to confirm the 64bit capability of your CPU in Linux

Based on /proc/cpuinfo file, it is quite easy to confirm whether your CPU is capable of 64bit or not. All you have to do is look at the flags which tell you what instruction sets your CPU is capable of.

All  the CPUs on your system will have the same type and therefore support the same instruction sets, that’s why in this example the grep command returns 4 similar lines – for the 4 CPU instances found on my system:

newserver# grep flags /proc/cpuinfo
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm syscall nx lm pni monitor ds_cpl cid cx16 xtpr
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm syscall nx lm pni monitor ds_cpl cid cx16 xtpr
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm syscall nx lm pni monitor ds_cpl cid cx16 xtpr
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm syscall nx lm pni monitor ds_cpl cid cx16 xtpr

What you’re looking for is the following flag: lm. It stands for X86_FEATURE_LM, the Long Mode (64bit) support. If you can find the “lm” flag among your CPU flags, this means you’re looking at a 64bit capable processor.

As you can see from the example about, the processors in question are 64bit capable.

And this is how /proc/cpuinfo will look on an older system with only 32bit capable CPUs, there’s no lm flag as you can see:

oldserver# grep flags /proc/cpuinfo
flags           : fpu vme de pse tsc msr pae mce cx8 apic mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm
flags           : fpu vme de pse tsc msr pae mce cx8 apic mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm
flags           : fpu vme de pse tsc msr pae mce cx8 apic mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm
flags           : fpu vme de pse tsc msr pae mce cx8 apic mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm

That’s it, hope this little tip helps you next time you’re puzzled about your CPU capabilities!

See also:



Ubuntu 9.04 Jaunty Jackalope screenshots

I’m finally getting ready to start publishing some tips with screenshots, so today it’s just a humble screenshot tour of my fresh Ubuntu 9.04 install.

Let me know if you struggle with any graphics desktop functionality, and I’ll try my best to help and show it with screenshots.

By the way: I really like one of the new community themes which come with Ubuntu 9.04, it’s called the Dust theme.

[nggallery id=1]



Unix Tutorial Digest – May 5th, 2009

Next batch of Unix-related news, this week it’s just about announcing all the new releases of various distros.

Unix news

Unix-related releases

  • Wine 1.1.20 released – OLE copy/paste improvements, Direct3D code cleanup and traditional bug fixes

See also: