How to connect to an OpenSSH server using the Linux Terminal

Home > Search > How-to
  by

Ensure the OpenSSH server is configured to allow SSH connections from PC's in the subnet:

  • On the OpenSSH server, ensure iptables is configured to allow SSH connections from PC's in the subnet.
  • On the OpenSSH server, ensure the /etc/hosts.allow and /etc/hosts.deny files are configured to allow SSH connections from PC's in the subnet.
  • On the OpenSSH server, ensure the SSH daemon is active and running.
[User1@server1 ~]# systemctl status sshd

 

 


How to connect

From another PC in the subnet, use the ssh user@hostname command to connect to the OpenSSH server.

  • Replace user with a user on the OpenSSH server
  • Replace hostname with the hostname or IP address of the OpenSSH server

 


Known hosts

Regardless if you are using a password or a public / private key pair for authentication, if the hostname of the SSH server (server1 in this example) is not listed in the /etc/ssh/ssh_known_hosts or /home/john.doe/.ssh/known_hosts file on the client (client1 in this example), a prompt will appear stating The authenticity of host 'server1 (::1)' can't be established. If you are certain you are connecting to a trusted OpenSSH server, type yes and press enter.

In this example, SSH is used to connect to server1 as root.

[john.doe@client1 ~]# ssh root@server1.example.com
The authenticity of host 'server1 (192.168.0.5)' can't be established
DSA key fingerprint is BB37 83F2 5E3A 7A4C 6C84  F047 D97B DD4E 38BB 2082
Are you sure you want to continue connecting (yes/no)?

 

A message appears stating Permanently added 'server1' (DSA) to the list of known hosts is displayed. 

Warning: Permanently added 'server1' (DSA) to the list of known hosts.

 

The prior message means that hostname server1 was added to the /home/john.doe/.ssh/known_hosts file on the client (client1 in this example). Viewing the  /home/john.doe/.ssh/known_hosts file will display the hostname of the OpenSSH server, following by additional data.

[john.doe@client1 ~]# cat /home/john.doe/.ssh/known_hosts
server1 dsa-sha2-nistp256 AAAAASKVndklvjMAPALKJnasdasldfkjaAAODHFAKa=

 

Once the hostname of server1 has been added to /home/john.doe/.ssh/known_hosts, the next time john.doe connects to server1, the prior prompts will no longer appear, because the client know trusts the server. 

However, let's say there are numerous user accounts on the client machine. When jane.doe connects to server1, jane.doe will get the prior prompts. The same will be true for jack.doe, james.doe, and so on. When there are numerous users on the client machine that will be connecting to the server, it is preferable to add server1 to the /etc/ssh/ssh_known_hosts file. The /etc/ssh/ssh_known_hosts file is a system-wide file that applies to all users on the system. The paste command can be used to copy the contents of the /home/john.doe/.ssh/known_hosts file into the /etc/ssh/ssh_known_hosts file. 

[john.doe@client1 ~]# paste -s -d '\N' /home/john.doe/.ssh/known_hosts >> /etc/ssh/ssh_known_hosts
server1 dsa-sha2-nistp256 AAAAASKVndklvjMAPALKJnasdasldfkjaAAODHFAKa=

 


Password authentication

If the OpenSSH server is configured to use password authentication, there will be a prompt to enter the password.

[john.doe@client1 ~]# ssh root@server1.example.com
root@server1 password: 

 

After entering the password, you will be connected to the OpenSSH server. Once connected, the hostname command can be used to verify that you are connected to the OpenSSH server. The hostname of the OpenSSH server should be displayed (server1 in this example).

[john.doe@client1 ~]# hostname
server1

 

As long as the password entered is valid, the connection should be successful, and the last login date and time should be displayed. Also included will be the hostname of the host machine (server1.example.com in this example). 

Last login: Thu Jan 26 13:05:01 2017 from server1.example.com

 


Public / private key pair authenticaiton

If you do not specify the private key that should be used, by default, SSH will attempt certain default private keys. The ssh command with the -v (verbose) option will display the default private keys. Ssh-keygen can be used to create the private key. The private key must be located at /root/.ssh/ on the client, and the public key must be in the /root/.ssh/authorized_keys file on the OpenSSH server.

[john.doe@client1 ~]# ssh -v root@server1.example.com
. . .
debug1: Trying private key: /root/.ssh/id_rsa
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Trying private key: /root/.ssh/id_ecdsa
debug1: Trying private key: /root/.ssh/id_ed25519

 

Or, the -i option followed by your private key can be used.

~]# ssh -i myPrivate.key root@server1.example.com

 

If the public / private key pair has a passphrase, there will next be a prompt to enter the passphrase of the public / private key pair. Ssh-agent can be used so that you do not need to type the passphrase.

Enter passphrase for key '/root/.ssh/id_dsa':

 

Once the correct passphrase has been entered, you will be connected to the OpenSSH server. The hostname command can be used to verify that you are connected to the OpenSSH server. The hostname of the OpenSSH server should be displayed (server2 in this example).

[root@server1 ~]# hostname
server1

 

Use the exit command to disconnect from the SSH server.

[root@server1 ~]# exit

 



Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.




Please enter in the box below so that we can be sure you are a human.




Comments