Cyberithub

Best way to Connect Using SSH Command to Remote Linux(RedHat/CentOS 7) Server

by
Advertisements

In this tutorial, I will take you through different ways through which you can login to Remote Linux Server using ssh command. As per SSH Man Page, ssh (SSH client) is a program for logging into a remote machine and for executing commands on a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP ports can also be forwarded over the secure channel.

Best way to Connect Using SSH Command to Remote Linux(RedHat/CentOS 7) Server 1

Connect Server using SSH Command

Also Read: 40 Best Examples of Find Command in Linux

1. SSH Connect through IP

In this example, we will see how to connect remote server using IP Address. We need to make sure remote server is reachable and a route is available to reach the remote machine.

test@node1:~$ ssh 192.168.0.104
The authenticity of host '192.168.0.104 (192.168.0.104)' can't be established.
ECDSA key fingerprint is SHA256:rKY2GCoUgEgQQorr7ixAuObb4odA+4eyTz9A52FSJug.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.104' (ECDSA) to the list of known hosts.
Enter passphrase for key '/home/test/.ssh/id_rsa':
Last login: Fri Jan 17 11:28:59 2020 from fe80::a00:27ff:fe2a:1652%enp0s3
[test@node2 ~]$

2. SSH Connect through Hostname

In the above example, we have used an IP address to ssh to remote machine. It is also possible to connect using hostname. It's just requires an entry in /etc/hosts file or you might choose to publish your hostname through DNS record. Either way it is fine.

In this example, I will create an entry in /etc/hosts file for host node2 so that it can resolve to an ip address while trying to connect through ssh.

[test@node1 ~]$ echo "192.168.0.104 node2" | sudo tee -a /etc/hosts

Above entry will help recognize node2 when we fire our ssh command to reach out to the destination machine.

We should now be able to SSH using the host's name:

test@node1:~$ ssh node2
The authenticity of host 'node2 (192.168.0.104)' can't be established.
ECDSA key fingerprint is SHA256:rKY2GCoUgEgQQorr7ixAuObb4odA+4eyTz9A52FSJug.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'node2' (ECDSA) to the list of known hosts.
Enter passphrase for key '/home/test/.ssh/id_rsa':
Last login: Fri Jan 17 11:28:59 2020 from bc80::f77:45gg:bc89:b4d6%enp0s3
[test@node2 ~]$

Note that we once again had to accept the fingerprint of the host we're connecting to.

3. SSH Connect to a different user

If you want to connect to remote Machine using different user then you need to mention that user name along with the ssh command. Here I am using a User example to connect to the remote Server. This can be done in two ways as shown below.

The first way to do this is by using ssh example@node2 command.

[test@node1 ~]$ ssh example@node2

And the second way is to do by using ssh node2 -l example command.

[test@node1 ~]$ ssh node2 -l example

4. SSH Connect to a Custom port

You might have seen a scenario where you can't use port 22 to connect through ssh command. This might be possible due to various reasons.

Sometimes due to security reason, you might decide to use some other port instead of default port 22 for example, 3000:

[test@node1 ~]$ ssh node2 -p3000

NOTE:

Here we should ensure that port 3000 is configured for ssh connections on remote Server before even try connecting it or it will fail.

5. SSH Connect to an IPv6 address

IPv6 addresses are gaining momentum over IPv4 Addresses. People started using IPv6 addresses from past few years and it is expected to play a vital role in addressing mechanism when IPv4 addresses are completely exhausted.

For this example, we're going to find the IPv6 address of node2 and connect to that. First, we need to connect to node2 and run the ip addr sh command:

[root@node2 ~]# ip addr sh
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 08:00:27:78:93:72 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.104/24 brd 192.168.0.255 scope global noprefixroute dynamic enp0s3
valid_lft 6695sec preferred_lft 6695sec
inet6 fe80::cc8e:623:39bb:e465/64 scope link noprefixroute
valid_lft forever preferred_lft forever

You can check the IPv6 Address above. Now let's try to connect to node2 using its IPv6 address as shown below:

root@node1:~# ssh fe80::cc8e:623:39bb:e465%enp0s3
The authenticity of host 'fe80::cc8e:623:39bb:e465%enp0s3 (fe80::cc8e:623:39bb:e465%enp0s3)' can't be established.
ECDSA key fingerprint is SHA256:rKY2GCoUgEgQQorr7ixAuObb4odA+4eyTz9A52FSJug.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'fe80::cc8e:623:39bb:e465%enp0s3' (ECDSA) to the list of known hosts.
root@fe80::cc8e:623:39bb:e465%enp0s3's password:
Last login: Fri Jan 17 09:00:58 2020 from node1

IPv4 is basically a 32-bit numeric IP address whereas IPv6 is a 128 bit alpha numeric IP Address. Due to its increased number of bits it can be allocated to larger number of people which means we can expect IPv6 is going to stay here for little longer period of time.

6. SSH Connect to Run a Command

Now a days, we are using automation almost everywhere to perform a single task on multiple machines simultaneously. For that, you need to remotely run ssh command using a single script in multiple machines and get the output. This can further be enhanced with ssh passwordless authentication. You can check Passwordless ssh login using ssh keygen in 6 Easy Steps to know more about ssh passwordless authentication.

In this example, we will run cat /etc/hostname command on remote server to check the hostname of that Server from source machine node1:

[test@node1 ~]$ ssh 192.168.0.104 "cat /etc/hostname"
Enter passphrase for key '/home/test/.ssh/id_rsa':
node2
[test@node1 ~]$

7. X11 forwarding through SSH

You can also enable X11 Forwarding using ssh command. X11 Forwarding usually used to run applications on Graphical User Interface. Even though you are executing commands to launch GUI apps remotely but it will look like you are doing it in your local system using X11 Forwarding Option.

With this note, you can now check below command which will connect remote Server using -X Option:

[test@node1 ~]$ ssh node2 -X
X11 forwarding should be enabled with caution. Users with the ability to bypass file permissions on the remote host (for the user's X authorization database) can access the local X11 display through the forwarded connection. An attacker may then be able to perform activities such as keystroke monitoring.

Also Read: How to Run Systemd service as specific User and Group in Linux

Leave a Comment