The full form of SSH is Secure Shell, which is a protocol that lets you log in to a remote system securely without compromising security. SSH lets you connect and control your, or somebody else’s, computer remotely.
Secure Shell is the most effective and safest way to access your remote machine. Depending on the operating system of your remote machine, you can either use Secure Shell (SSH) or Remote Desktop Protocol (RDP).
However, SSH is for Linux-based machines, and RDP is for Windows-based machines. Both of these protocols use client-server applications to establish a connection remotely. You can manage other computers, virtually transfer files, and do just about anything without physically being there.
In this post, we are going to talk about how to use SSH to connect to a remote Server in Linux or Windows. Although Windows does not come with built-in support for SSH, there are several ways to make it work. Let’s start with it first.
SSH Server in Windows
Since Windows does not have an in-built SSH tool, you will have to use a third-party tool named PuTTY. It will help you connect to the SSH server through an open-sourced medium.
However, Windows 10 users can install an official SSH command on their system. We will get on this later, but first, it’s important to know about SSH servers and how they work.
What is SSH Server?
Secure Shell is also known as Secure Socket Shell that comes with some commands and code that you can run to create a secure connection to a remote system. If you can successfully create a connection, you will see a shell session where you can monitor the server by typing specific commands on your computer.
The SSH server connection is mostly popular among system and network administrators. But you can also learn and apply the commands if you are in need of monitoring your systems remotely.
How Does the SSH Server Work?
You can easily establish a connection between the server and the remote computer if you have figured out the essential components. You will require a client and an identical server-side component. The client is a software program that you can install on your local computer, and it will help you connect the other computer through a remote server.
Your client software will use the remote host data to begin setting up the connection, and once the credentials are verified, it will be able to establish the connection.
The SSH daemon component on the server will respond to the TCP/IP port connection request sent from the client app. If your client sets up the connection successfully, the SSH daemon will respond with the software and protocol version.
The software and protocol will be supported by the SSH daemon so that they start exchanging identification information. Once verifying the credentials, SSH will create another session for another communication. Version 2 is the default SSH protocol version of the SSH server and client communication.
What is RDP?
Earlier, we told you that SSH is for Linux-based machines, and RDP is for Windows-based machines. In this section, we are going to learn more about RDP. If you want to manage and operate your Windows computer remotely, you can use Remote Desktop Protocol (RDP) developed by Microsoft.
RDP client provides you with a graphical interface that you can use to monitor your remote computer as if it is a local one. RDP was previously known as terminal services. It helps you monitor and control remote systems that are connected to a local network or internet connection.
However, you should use a VPN while connecting your PC with RDP because it is not that secure as SSH. You are browsing the internet more publicly than you would do with the SSH connection.
Therefore, it makes you vulnerable. But you can use strong passwords on your Windows Remote Desktop client and change the passwords frequently to eliminate these sorts of security risks.
How Does the Windows Remote Desktop Protocol Work?
The Windows Remote Desktop Protocol is simple, which operates the Windows remote connection. You should enable the connection for Windows Remote Desktop server-side service to grant connection requests.
The connection request comes from port 3389, and it requires the full username for your remote account you are trying to access. After gaining the connection request, you can:
- Manage your computer,
- Transfer files,
- Manage applications or the remote computer from your local computer.
You can basically perform any task on your local computer with the server account. The Remote Desktop client is available by default in Windows, and regardless of what version you are running, it should work. However, the RDP connection is only possible when your computer is running Pro, Enterprise, or Server edition of Windows OS.
How to Enable an SSH Connection?
You will first make sure that the SSH connection client and server component are installed on both of your remote and local machines. You can install OpenSSH on your Linux OS no matter what distribution it is. Ubuntu, for example, does not come with an OpenSSH like an SSH server, so you will have to install one on your own.
How to Install the OpenSSH Client?
Don’t install the same kind of server-client on your computer more than once. Many Linux distributions come with an SSH Client by default. As said earlier, you can install PuTTY on your Windows to access the SSH server.
But for Linux distros, OpenSSH will do. Follow the steps below to make sure the client-server is not already present on your Linux system:
- Step 1: Press CTRL + ALT + T on your keyboard.
- Step 2: Type ssh and press Enter in the terminal.
- Step 3: In case the client is present, the response will look like the below code:
usage: ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
[-D [bind_address:]port] [-E log_file] [-e escape_char]
[-F configfile] [-I pkcs11] [-i identity_file]
[-J [user@]host[:port]] [-L address] [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port] [-Q query_option] [-R address] [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]]
If you receive the above-mentioned output from your Linux system, your computer is already helpful for connecting a remote system. If not, install the OpenSSH client immediately. Here is how to do it:
- Step 1: Run the sudo apt-get install openssh-client command on the terminal.
- Step 2: Provide the superuser password when prompted.
- Step 3: Hit the Enter button to complete the installation.
Now you can easily access any remote computer with the SSH connection, and of course, you should have the host username or IP address.
How to Install the OpenSSH Server?
Your computer needs to have the server part installed to be able to accept SSH connections. You can check if the OpenSSH server is available on your Linux system or not. Try to connect to the localhost by following the steps below:
- Step 1: Open the terminal on the server computer by pressing CTRL + ALT + T.
- Step 2: Then type ssh localhost and hit the Enter button.
- Step 3: If your system does not have the SSH server installed, then it should look like the following:
username@host:~$ ssh localhost
ssh: connect to host localhost port 22: Connection refused username@host:~$
If that’s the case, install the OpenSSH server on your computer. Here is how to do it using the terminal:
- Step 1: Run the sudo apt-get install openssh-server ii command.
- Step 2: Type your superuser password when required.
- Step 3: A disk space prompt will appear. You can press Enter or Y to begin the installation.
The files will be downloaded and installed on your system, and you can check if the server is running or not by entering the command below:
sudo service ssh status
The terminal will give you a response that will look like the below code if the SSH service is running:
username@host:-$ sudo service ssh status
- ssh.service – OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enab
Active: active (running) since Fr 2018-03-12 10:53:44 CET; 1min 22s ago Process: 1174 ExecReload=/bin/kill -HUP $MAINPID (code=exited, status=0/SUCCES
Main PID: 3165 (sshd)
You can run the ssh localhost command on your terminal prompt again to check if the server is running or not. It will look like this when you run the command for the first time:
username@host:~$ ssh localhost
The authenticity of host ‘localhost (127.0.0.1)’ can’t be established. ECDSA key fingerprint is SHA256:9jqmhko9Yo1EQAS1QeNy9xKceHFG5F8W6kp7EX9U3Rs. Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘localhost’ (ECDSA) to the list of known hosts.
When done, press either Enter or Y to continue. If you want, you can change the default port for SSH connections in the terminal prompt by running the simple command given below:
sudo nano /etc/ssh/sshd_config
Every time you make a change to the SSH service, you will have to restart it, and running the sudo service ssh restart command will help you to restart the service.
How to Connect Through SSH?
After having the SSH client and server on your computer, you can use both of them to establish a secure connection. All you need to do is run several commands on the terminal. Start by running the following command on your terminal:
Your username should match the server you are trying to connect to, and you can type ssh host_ip_address and then press Enter. Next, you need to do the following:
- Step 1: When that’s done, type your password and press Enter again. You won’t be able to see what you are typing, so, be careful with the words and numbers.
- Step 2: Your machine will ask you if you want to connect to the server continuously if you are doing this for the first time. You can type Yes and hit Enter.
- Step 3: The ECDSA key fingerprint will be added, and you will be connected to the remote server.
Use the private IP address to connect to the remote computer in the same network. Otherwise, you will have to use the public IP address, which is not safe all the time.
Recheck the TCP port OpenSSH and see if the port settings are correct or not. If you have not changed any configuration, the default port is 22. This is how the connection request of the OpenSSH client should look like:
username@machine:~$ ssh email@example.com –p7654 firstname.lastname@example.org’s password:
The authenticity of host ‘22.214.171.124 (126.96.36.199)’ can’t be established. ECDSA key fingerprint is SHA256:9lyrpzo5Yo1EQAS2QeHy9xKceHFH8F8W6kp7EX2O3Ps. Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘ 188.8.131.52’ (ECDSA) to the list of known hosts.
If you have the following points cleared, then you can manage and control your remote system from your local computer:
- Entered the correct IP address of the remote machine.
- No antivirus or firewall is blocking the port SSH daemon request.
- You are using the right username and passwords.
- You have installed the right SSH software.
Improve SSH Connection Security
After building a successful connection between the 2 remote computers, make sure that their security is top-notch so that you can operate the duo without compromising on your personal and sensitive data.
Moreover, when you leave the machines with the default settings, they attract hackers. You can consider the following points to improve your SSH connection security:
- Try to modify your default TCP port with SSH daemon communicating and accepting the connection request. For example, if the port is 22, change it to a higher value that will not be easy to guess.
- For the passwordless SSH login, use the SSH key pairs and authorize them. They are safer and faster than the password.
- Disable the password-based logins after making sure that the authentication keys are working fine. This is the safest path you can take to ensure that no one is going to hack the server and steal your data.
- Disable the root access to your server.
In case the root access is needed, you can use TCP wrappers and restrict access to a particular IP address or hostname. Simply edit the /etc/hosts.allow and etc/hosts.deny files, and configure which host accounts can connect with the TCP wrappers.
Also, note that allowing access to SSH to one host will deny access from other hosts. And you should deny the access before granting access to a separate host. You can add the below commands in the etc/hosts.deny line to deny access to all the hosts:
sshd : ALL
ALL : ALL
Add a line to the etc/hosts.allow for the SSH service, such as this: sshd : 10.10.0.5, LOCAL. You can add an IP address, IP range, or a hostname here.
Always remember to keep your usernames and passwords safe to stay away from hackers. You can use a service like Fail2ban that helps you keep control over your server so that no one breaks into it.
How does Virtual Network Computing Work with SSH?
You can encrypt your connection using SSH tunneling if you are working with Virtual Network Computing on your system. You can run the $ ssh -L 5901:localhost:5901 -N -f -l username hostname_or_IP command on your Linux machine’s terminal to tunnel the VNC connection over SSH. More about it is detailed as follows:
- The ssh command will start the Client program on the local computer and will initiate a secure connection to the SSH server on your remote machine.
- The L 5901:localhost:5901 command will forward the local port on the local machine to the host and port of the remote machine. We have used 5901 as a local port that has been forwarded to the remote server.
- N does not execute any remote command. It only instructs to forward the ports on the server.
- F delivers the SSH to the background after putting the password, and it works before the command line.
- L username refers to the username that you need to log in to the server.
- hostname_or_IP refers to the VNC server of the remote system, and an example of a hostname can be anything like yourserver.anddomain.com.
How to Use PuTTY on Windows to Connect to a Remote Server?
If you are trying to establish a connection to your remote Windows machine, you need to install PuTTY on both local and remote computers. Following are the steps to do so:
- Step 1: Download PuTTY on both of your machines. You can download the putty.exe or installer. The installer will contain all the related utilities, but the .exe file can work as a portable application.
- Step 2: Type the SSH server hostname or IP address in the Hostname (or IP address) field. Make sure that the Port box matches the port number that the SSH server needs.
- Step 3: Click on Open, and it will start to connect and if asked, provide your username and password.
They will try to send you a security alert the very first time you try to connect to a server. When this happens, click OK. If the same warning appears again in the future, it means that the server’s encryption key fingerprint is incorrect or you have entered something different.
Either you have changed it in the administrator mode, or someone from the SSH server has changed it to trick you. Always keep a record of to whom you are sharing your username and password. And if possible, try to change the password from time to time.
How to Enable an RDP Connection?
We have talked about the Windows Remote Desktop server service earlier, now it’s time to learn how to enable it. The RDP client is already present on Windows and is ready to use.
Also, it does not need any other setup before you can connect it to another machine. Check out the below points before you try to remotely connect to the server through the internet and not the local network:
- Port forwarding: Ensure that you have correctly forwarded the ports to the remote computer’s IP address.
You also need to make sure that the traffic in the default TCP port for Remote Desktop Protocol is transferring to the IP of the server where you are trying to build a desktop connection remotely. Right now, your Windows server is in the most vulnerable state.
- Try to use a VPN: Using a VPN on a client computer will help you access all the services in the local connection.
- Firewall settings: Confirm that the firewall that you are using for your remote machine is not blocking your Remote Desktop connection.
After considering these important points, we can move on to enable remote access in Windows and Windows server versions. This is how to do it, step-by-step:
Step 1: Allow Remote Connections
Open the Computer Information on your system where you want to allow remote connections. Then follow the steps below:
- Step 1: Right-click on This Computer or My Computer, depending on the version of Windows you are running and click on Properties.
- Step 2: From the left side of the Window, click on Remote settings.
- Step 3: Then click on “Allow remote connections to this computer.” This step should automatically put the Remote Desktop Firewall in the exception list. But you can manually check the box that reads “Allow connections only from computers running Remote Desktop with Network Level Authentication (recommended)” to make sure it is safe.
- Step 4: Click OK to close the tab.
Step 2: Add Users to the Remote Users List
You can add users to your Remote Users list if you want them to operate the machine. This will include users other than the Administrators, and they can easily access the computer.
In case you are an administrator, your account is already on the list. But if you are a user asking for Administrator access, you can ask the admin to perform the following steps. Or you can perform them on your own if you are trying to include users on the list:
- Step 1: Click on ‘Select Users…’ from the Remote settings list above.
- Step 2: Click Add in the Remote Desktop Users box.
- Step 3: The Select Users box will reappear. You can click on Locations to select the location you want to search.
- Step 4: Type the name of a user in the Enter the Object Names to Select field and click on Check Names.
- Step 5: Select the right user account and click OK.
- Step 6: Click on OK and close the System Properties window.
After performing these steps, your users can remotely control and connect the computer in question. Follow the section below to learn how to effectively handle the Remove Desktop Connection client.
How to Use the Remove Desktop Connection Client?
You can easily use the Remove Desktop Connection Client because there is no configuration needed. The steps below will help you figure the application out in all Windows versions:
Step 1: Open the Desktop Connection Unit
On your local Windows computer, find the Remote Desktop Connection application. Alternatively, press the Windows button and type “Remote Desktop Connection” in the search field without the quotes.
Locate the app or go to the Windows Accessories folder to find the app. You can press the Windows key and R together on your keyboard and type “mstsc” in the search field without the quotes. Then hit Enter and run the Remote Desktop client.
Step 2: Enter the Remote Hosts IP Address or Name
After opening the client, you will find a place to enter the name or IP address of the remote machine in question. In the Computer field, you can type the IP address and click on Connect. You should type the private or public IP address of the remote computer.
Have a look at the different scenarios below that may require you to put a private or public IP address:
- If your local computer and the remote computer are connected to the same Local Area Network, you will have to provide the private IP address of the Remote Desktop Connection.
- If you have turned on your VPN on the local computer while accessing the remote host, use the private IP address to connect to the Remote Desktop.
- You could use the public IP address if the local and remote computers are connecting with each other over the internet without a VPN.
Step 3: Finding IP Address and Host Name
Use these easy methods to find the private and public IP addresses and hostnames. These are the quickest of ways among all the ways available:
- Press Windows + R together and search for cmd on the search field.
- Type ipconfig in the command prompt window and hit Enter.
- You can find your computer’s private IP address under the IPv4 Address line.
- Go to your browser and search for “what is my IP” without the quotes and hit Enter.
- At the top of the Google search page, they will show your IP address.
- You can go to www.whatismyip.com where you will find your private and public IP address.
To find your computer’s name, follow the steps below:
- Right-click on This PC or My Computer.
- Click on Properties
- Check out your full device name under the “Computer name, domain, and workgroup settings tab”
Step 4: Finally Building the Connection
When you hit connect in the last step of the Enter the Remote Hosts IP Address or Name section, you will get a pop-up window on-screen. When you see that, do the following:
- Enter the password for the username provided, or select another account with a different username and password.
- Click OK, and they will give you a security certificate warning.
- Click on Yes.
Two users cannot use the same machine at the same time, even if you are accessing it remotely. You will have to request the other user to disconnect before you can access it.
How to Secure an RDP Connection?
Here are the basic things to keep in mind when you are establishing an RDP connection with your local and remote machines:
- Use a built-in Windows VPN or a trusted third-party VPN server only. This will make your Windows server and services more secure.
- Turn on the two-factor authentication function using a third-party tool like Duo Security. It will protect your RDP sessions with two-factor authentication login on your Windows.
- Change the default “Not configured” option on the encryption level. You can configure the encryption level using the Local Group Policy editor to build strong 128-bit encryption. This encryption will protect the data your host and client computer exchange through the server.
- Instruct the built-in firewall system on your computer to configure how it restricts specific ports and IP addresses during the remote data transfer. You can access this from the Control Panel.
These practices will help you to secure your RDP remote connection so that no one outside your user list and on the server can access anything on your remote system.
The steps given in this post will help users of Linux and Windows systems. No matter what version of Windows or Linux you are running, you should be able to use SSH and RDP to connect to a remote server. Although there are many other ways you can get the job done, these are the most reliable ways available.
People are also reading: