Putty connect via ssh to a remote server. How to use SSH? As well as installation and configuration (Linux, Windows, macOS, Android, iOS). Description of operating principles and applications used
You purchased your first VPS, or maybe even a server right away. Surely you have a web panel to administer it. But hard admins always go through the console 😉 Therefore, we need to learn how to do this. In this lesson, we will install the PuTTY program, connect to the server via the SSH protocol, and learn how to determine the occupied and free space on the server.
Putty program for connecting to a server via SSH protocol
Download Putty from the site putty.org For myself, I download the version “For Windows on Intel x86 - PuTTY: putty.exe”
Unpack the archive and launch the program.
This is what the program window looks like after launch. I have already entered the IP address of my server in the “Host Name (or IP address)” field:
Enter the domain or IP address of your server and click the “Open” button. A command prompt window opens. It asks us for a username and password. First, enter your login, then your password. Attention, when entering the password, the characters are not printed on the screen, even the asterisks *** are not printed. Therefore, we enter the password as if blindly. Enter and press Enter. If the password was entered correctly, you will be logged into the server management console. A line with the last login time and information about the operating system is displayed.
Commands in the console
pwd
df
The df command shows the amount of free and used space on the server, across all mounted file systems
du
The du command shows how much space a folder or file takes up.
Example command:
Du -h /home/
This command will show how much space the /home/ directory takes up.
That's all. The first acquaintance with connecting to a server via SSH and the putty program is over. Using this information, you can go to the server and see how much space the data takes up on it.
SSH (Secure Shell) is a network protocol designed for remote server management and data transfer over TCP encrypted connections. Most hosting services, even virtual ones, today provide access via both FTP and SSH. In my opinion, this is great, SSH is much more convenient and safer to use.
Setting up SSH
The setup will take place for a dedicated server, VDS, VPS on Debian, Ubuntu. The configuration file is located here: /etc/ssh/sshd_config.
If you have regular hosting, everything should be configured as it should, go to the section.
By default, the SSHD daemon (which is what we are making changes to) does not need any settings and works fine. We will only make a couple of small changes in order to limit the access of unwanted persons to the server.
As a result of making incorrect changes to the configuration file, you may lose access to the server via ssh, so make sure you have alternative options to access it, for example using the ISPManager control panel.
How to restrict SSH access
All changes are made to /etc/ssh/sshd_config
For the changes to take effect, you must
Change port
Port 9724Now, when authorizing, you need to specify 9724 instead of the standard 22 port.
The method is very simple and effective against most simple hacker bots that knock on standard ports. The main thing here is not to create a conflict with other services and choose a number that is obviously unused.
Disable communication using the old protocol
Here we define that communication is only possible using the v2 protocol
If you are not logged in root, before all console commands you need to add sudo - it stands for Substitute User and DO- replace the user and do (under him). For example, it allows you to execute commands as a superuser root.
Reduce the number of authorization attempts
MaxAuthTries 2Number of password attempts. Default is 6. If the search fails, the communication session is terminated.
Reduce authorization waiting time
LoginGraceTime 30sBy default, an authorization session can last 120 seconds. After this time it ends. 2 minutes for authorization is overkill; all this time the server keeps the connection open, which is very irrational. Half a minute is enough.
Close IP access
Before setting up IP restrictions, make sure that in case of an error in the settings and subsequent ban of your own IP, you will have an alternative way to regain access to the server
If only you need access, the simplest and most reliable way is to block access from everywhere except your IP or, if it is dynamic, then the IP range.
- Open /etc/hosts.allow and add SSHD there: 192.168.1.1
where 192.168.1.1 is your IP. If you have a dynamic IP, define an IP with a subnet mask and write down your subnet instead of the IP, for example:
SSHD: 192.168.0.0/16
- Open /etc/hosts.deny and add there: SSHD: ALL
Another way to restrict access via IP
You can use the following directive:
AllowUsers = *@1.2.3.4
Here we only allow access for IP 1.2.3.4
SSH authorization by keys
It will be much safer, more convenient and correct to set up ssh authorization without a password. For this purpose, key authorization will be used.
So here are the instructions.
On this page we will look at several programs for Windows that can be used to connect to a server running FreeBSD or any Unix-like system that supports connection using the SSH protocol.
The easiest way is to connect from the command line (cmd) using the OpenSSH package.
Installing OpenSSH for Windows and working with it.
Installing the package is quite simple and does not require special knowledge of anything. You can download the distribution from the link below, the size is about 2.5 megabytes.
It’s easy to work with; after installing the package, call the command line (run - cmd) and type the ssh command with the necessary parameters:
C:>ssh [email protected]
In this example, we connect to a server with IP address 192.168.5.39 under the user alex, then the system will ask for a password and then display the shell of the connected server.
When you connect for the first time, the system will ask if you need to remember the connection key, answer “yes”.
To connect via a non-standard port, there is a –p key through which we set the desired connection port, example:
C:>ssh [email protected]–p 31
The simplest and most common client for remote work via the SSH protocol. PuTTY is a free application with open source source code and is distributed under the MIT Open Source license. The original version of PuTTY is written and maintained by Simon Tatham (www.putty.org)
Working with it is just as easy, run PuTTY.exe, in the “Host Name” field enter the server’s IP address and the port on which it “listens”. Click the “Open” button and if the connection is successful, enter your username and password.
Among the paid programs we can note SSH Explorer And eSH Client.
SSH Explorer (http://www.sshexplorer.com) The SSH client has built-in SFTP support, with a built-in text editor and file viewing panel. It will be useful if you often need to securely transfer files to and from the server.
SSH Explorer for those who have to work remotely with a *nix server using ssh, but are accustomed to working in Windows environment. In my opinion, it is light and quite comfortable.
eSh Client (http://www.ecodesoftware.com) is a multifunctional “shell” program that immediately contains an SSH client, SFTP/FTP and a text editor. Some functionality:
The SSH implementation supports various screen emulation modes (VT100, VT220, VT320 and ANSI)
FTPS: FTP over SSL and TLS provides greater security on the SSL encrypted FTP channel
SCP: SCP transmission is carried out in a simple way in 3 steps
Rexec: Remote execution - another tool in eSh Client
Encryption: DES, AES standards
ESh Client supports local and remote port forwarding (tunneling)
Moreover, eSh Client editor supports many programming languages such as C, Java, PHP, Perl, JSP, HTML, SQL.
- plugin for Firefox for working via SSH.
Connection via SSH is possible on all tariff plans, except for the “Host-Lite” tariff. If you have ordered the Host-Lite tariff plan, upgrade the tariff and you will be able to connect via SSH:
Shared hosting plans do not provide the ability to use Midnight Commander. This opportunity is present.
Depending on the operating system installed on your home computer (not to be confused with the hosting OS), the following are possible: SSH connection options.
Your computer is running Windows OS
To connect via SSH:
Once you connect via SSH, you will be in your hosting home directory. Linux console commands are provided here. Please note: many of these commands cannot be executed on shared hosting (such as installing and removing packages, mounting file systems, etc.), since you do not have root access.
You have a Linux-like OS installed on your computer (Ubuntu, Kubuntu, Fedora, ...)
You can connect via SSH through a terminal already available in the OS.
Done, you are connected via SSH.
Is it possible to create an additional SSH user?
On shared hosting, connecting via SSH is only possible under the main hosting login (type u1234567). You cannot create an additional SSH user.
How to disable SSH access?
To disable SSH access on your hosting, write . In your application, please provide your hosting login (type u1234567), for which you need to disable SSH access.
SSH(English Secure Shell - “safe shell”) - an application-level network protocol that allows remote control operating system and tunneling TCP connections (for example, for file transfers). Similar in functionality to the Telnet and rlogin protocols, but, unlike them, it encrypts all traffic, including transmitted passwords. SSH allows a choice of different encryption algorithms. SSH clients and SSH servers are available for most network operating systems.
SFTP(English SSH File Transfer Protocol) is an application-level protocol designed for copying and performing other operations with files over a reliable and secure connection. The protocol was developed by the IETF as an extension to SSH-2, but SFTP can also be implemented using other session-level protocols.
Where can I get the data to connect to the server via ssh/sftp?
This and other data is sent to you in a letter after the creation and installation of the server. Find such a part in the letter (the data will be different, this is an example)
>> Server access data (SSH)
IP Address: 91.215.152.7
Login: root
Password: 1QyeB49TrR
Port: 3333
This is the data that must be used to connect via ssh and sftp.
Connect via ssh/sftp from Windows
To connect via ssh using putty follow these steps:
Step 1. Download and run putty (putty.exe)
Step 2. Enter the server IP and select the ssh protocol. Be sure to specify the correct port (usually either 3333 or 22).
Step 3. When you first log in, we accept the certificate
Step 4. Enter your login and password
Note
Useful tips for working with putty:
1. To copy text from the PuTTY console, you just need to select the text - it will automatically be copied to the clipboard. To insert text into the console, use the Shift+Insert key combination, or you can simply right-click in the console.
2. Interrupt execution of the current command - Ctrl+C
3. Clear screen - Ctrl+L
4. End the session Ctrl+D or exit at the command line.
Connect via ssh/sftp from Linux or Mac OS
If you use Mac OS or Linux, you can use the standard Terminal application to connect to the server via the ssh protocol. To connect, use the command (ip will be different)
Ssh
The connection process looks like this
Ssh The authenticity of host "91.215.152.7 (91.215.152.7)" can"t be established. RSA key fingerprint is bb:8c:b7:44:14:c6:c1:17:36:c7:ce:ba:08 :40:00:c0. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added "91.215.152.7" (RSA) to the list of known hosts. "s password: [ ~]#
Note: When entering a password, you do not see the characters entered. Because of this, many people feel like nothing is happening. However, it is not.
Connect via sftp using FileZilla
To connect via sftp we recommend using FileZilla. The process of connecting via sftp is not much different from the process of connecting via ftp, except for one thing - you need to force specify the port on which the connection is made, by default it is port 3333, but it can be 22, as well as the sftp:// protocol before IP address in the connection string. Also make sure that the user you are logging in with is allowed SSH access.
After connecting you will need to accept the certificate
