Getting to Know Linux
I have recently undertaken to learn how to develop on the Linux platform. I grew up in the Windows worldly concern, and decided it was meter to expand my horizons. After all, the huge bulk of the web runs on some form of Linux, and some of nowadays ’ s most in-demand web application development occurs in Ruby on Rails, which is most at home on a Linux machine .
What I have found so far is that there is a whole set to like about this foreign newfangled OS, and the underlying philosophies and tools which form the core of the Linux experience .
One of the very first gear things I wanted to do was learn how to access a Linux box remotely from my Windows desktop. The first base footfall in this action was understanding how to set up a batten Shell ( SSH ) connection. At first base, it might seem this is a little excess, since my Linux machine sits about 9 feet away from my Windows development box. however, this is a necessary first step in order to finally be able to :
- Spin up a Linux VM instance on a IAAS/cloud service such as Amazon EC2 and/or Windows Azure, and control/access/utilize it from my windows desktop.
- Set up and manage a hosted Linux server for deployment of web applications/sites
- Understand remote access in a Linux environment
Of path, on top of those items in the list above, this was besides a good drill to get me start doing utilitarian things with my new Linux machine !
Minor Linux Familiarity Required
We will need to perform some Linux commands via the Bash Command Line Interface ( CLI ), both on our Linux machine, and through our distant connection once we get it set up. If, like myself, you are newfangled to Linux, you may want to review some Bash basics. While the posts linked to below are parts of a series on using Git version restraint, each of the comply focus on basic Bash commands used to navigate and manipulate files in a Linux system .
Review Basic Bash Navigation :
Setting Up the Linux Machine
I am using Linux Mint for my first forays into the Linux universe. mint is built atop Ubuntu, and features a friendly GUI for those of us just getting started. however, for me, the GUI is chiefly for those “ oh sh*t, I don ’ metric ton know what to do ” moments. One of my independent purposes in setting up this car was to utilize the Bash terminal vitamin a much as possible, and master this aspect of this new platform. In fact, we are going to perform this entire drill using the Bash end when interacting with the Linux corner .
For this post, I am dealing with a local Linux machine, on my home network behind a router. In another station, I will discuss exposing the machine to the outside earth via the internet .
Installing OpenSSH on your Linux Machine
Having recently installed a newly Mint OS, the first thing we have to do is install an SSH server. Your linux Distro may or may not come pre-configured with OpenSSH, which I understand is the SSH server of choice in Linux-land .
Linux distro ’ randomness based on Debian-flavored Linux use the
apt-get install newSotwareTitle to find and download software packages, and/or confirm and update existing installations if they are already present on your machine. sol, let ’ s habit
apt-get to download OpenSSH on our Linux machine ( note – this stake assumes you have super-user/administrative permissions on your Linux machine ) :
Open the Bash end on your Linux machine, and type the pursue command and hit embark. Since you are using
sudo to perform this military action, be ready to enter your password anterior to execution :
Install OpenSSH Server
$ sudo apt-get install openssh-server
In my encase, OpenSSH was already present on the arrangement, so my terminal output looks like this :
If your machine did not have OpenSSH Server installed, the terminal will ask that you confirm installation/update of any count of packages. Type “ Y ” and hit embark. You will then see the terminal window populate with the actions taken and packages added .
now, we could do some of the SSH server shape right now at our Bash terminal. however, alternatively, I am going to move over to the Windows side, and do the rest of the configure from there, by way of an SSH connection .
The Most Common SSH Client for Windows – PuTTY (no, that is not a typo)
Use of the SSH protocol is less common in the Windows universe then in Linux. however, the most popular SSH client for use on a windowpane machine is PuTTY, an open generator concluding copycat which can act as a node for SSH, Telnet, and other protocols. To get started setting up your SSH client on Windows, visit the PuTTY download page, download and install putty on your machine. The easiest way to go is to download the putty-0.62-installer.exe software, which includes everything required for our purposes :
once the download completes, run the installer .
Use PuTTYGen to Create a Public/Private Key Pair for Your Windows Client Machine
SSH utilizes Key-based authority to ensure the security of a connection. A bare description of how this works ( From Wikipedia ) :
SSH uses public-key cryptanalysis to authenticate the distant calculator and allow it to authenticate the user, if necessary. [ 1 ] Anyone can produce a equal pair of different keys ( public and individual ). The public key is placed on all computers that must allow access to the owner of the equal individual cardinal ( the owner keeps the private samara secret ). While authentication is based on the individual key, the key itself is never transferred through the network during authentication .
[ Read More ]
For our purposes, we will use the Handy PuTTYGen utility installed with our PuTTY box to create our keys. loose PuTTYGen ( Start Menu — > PuTTY ( Folder ) — > PuTTYGen ( application ) ) and you should see the following :
PuTTYGen, Ready to Create a Public/Private Key Pair:
Leave the settings at their defaults, and click the “ Generate ” release. PuTTYGen will request that you move your cursor about in the big empty area in order to ad some “ randomness ” to the march ( and in fact will pause genesis until you DO ) :
When key generation is complete, you will be presented with some extra settings to complete before saving your keys :
complete the keep up Items in the Generator Form as follows :
- Key Comment can technically be anything you like, but convention is to use your email address
- The Key Passphrase is not required, but is strongly recommended as an additional level of security, just in case anyone were to get hold of your private key. Use a reasonably strong (but easy to remember) pass word here.
once you have completed these items, it is time to save your keys. First, I would create a directory ( booklet ) in your Windows User Folder named “ SSH Keys ” in which to store your individual keys. then, click the “ save private key ” button and save the key there .
NOTE : Don ’ deoxythymidine monophosphate use the “ Save Public Key ” feature. OpenSSH expects the public keystone in a slightly different format than PuTTYGen provides, so alternatively, we are going to copy the key as presented in the PuTTYGen window straight into our authorized_keys file once we log into our Linux machine .
ALSO NOTE : It is not necessary to save the populace keystone which corresponds to the secret key we just made, because we can use the PuTTYGen “ Load ” clitoris to load our secret samara, which will then besides load the proper public key data second into the Public Key Window for copying once again .
Leave the PuTTYGen Window open, and let ‘s configure PuTTY for our first login .
Configure PuTTY for the Initial Login
The first time we log in to our Linux machine, we will use homely honest-to-god password authentication, so that we can pass our populace SSH key directly over the ( relatively ) dependable connection, and keep off exposing it in a direction which might result in person else getting ahold of it. This is besides good practice in a number of different ways .
Open the PuTTY lotion ( Start Menu — > PuTTY ( booklet ) — > PuTTY ( lotion ) )
Enter the IP Address of your Linux Machine:
As you can see in the video above, enter the IP Address of the Server machine ( your Linux box ). If you don’t know what the IP address of your Linux machine is, follow this liaison :
Leave the port specification as the default value of 22 ( this is the standard port used for SSH logins ). While there are potential security reasons to change this later, for immediately it will do .
next, in the tree menu to the leave, select the Connection/Data node and enter your exploiter name you use to log in to the Linux machine ( REMINDER – we are assuming your user visibility includes super-user permissions ) :
Enter your User Name in the Connection/Data node form:
Leave the rest of the settings at their default option values ( as shown above ). now, go binding to the Session node, and enter a name for this configuration in the “ Saved Sessions ” space, then click “ Save. In my shell, I saved this session configuration using the IP address, and a brief description of the configuration :
First Remote Login to your Linux computer with Password Authentication
Ok, with those details tended to, click on the “ open ” push button. This first time we log in, you will likely be presented with a warning dialogue telling you that there are no keys cached for the server you are attempting to connect to, and do you wish to cache them nowadays :
Since we know this machine is on your LAN, go ahead and click “ Yes. ” You should be presented with a terminal window that looks like this :
next, enter the password you use to log in to your Linux machine and score figure ( note that in the terminal hera, the cursor does not move, nor are standard obfuscated password placeholders used – in other words, as you type your password, it will appear as if nothing is happening ). Your terminal should now resemble this :
Congratulations – you have immediately logged into your Linux terminal from your Windows calculator. however, we are not however using SSH, and in fact, this method is not a very plug room to remotely access another machine. future, we need to set up our key-based authentication. Once we have confirmed all is well with that, we will disable the Username/Password-based authentication we are using now in party favor of the much stronger key-based security .
Add Your Public Key to the Linux Machine
Your Linux system stores public SSH key for node machines in a directory within your Linux home exploiter folder ( the .ssh directory ), in the authorized_keys file. Your following step depends upon whether there is already an .ssh directory on your machine, and whether or not there is already an authorized_keys file portray. We can find this out promptly enough by attempting to navigate into a directory named .ssh from within our dwelling folder ( our terminal should have opened within our dwelling booklet .
If you are not familiar with navigation and basic file manipulation in Bash ( the Linux concluding ), have a agile expect at these two articles I wrote. The articles are separate of a series on using Git, but these two focus on basic Bash shell commands useful for charge and directory seafaring :
first, let ’ s undertake to navigate into the .ssh directory on our distant Linux box. Type the following into the end window ( note – the “
$ ‘ ” symbol is not typed – this is the command “
prompt ” and indicates that the terminal is ready for command stimulation ) :
$ cd .ssh
If there is not already a directory named .ssh in your user folder, your terminal window should look like this :
If this is the case, we need to create a new .ssh directory. Type the comply :
$ mkdir .ssh
now your terminal should look like this :
now let ’ s hear navigating into the new directory :
That ’ randomness more like it ! Next, since there was no .ssh directory to begin with, we besides need to create our authorized keys file. We are going to create a new file, and add our modern public key all in one fell swoop. Go to the PuTTYGen window ( even open on your Windows desktop ), and choice and copy the entire public cardinal visible in the space labeled “ Public key for pasting into OpenSSH authorized_keys file ” :
now we will use the resound control to create the new authorized_keys file, and insert the Public key for our Windows car. The syntax of our echo control is as follows :
echo YourPublicKey >> authorized_keys
This command will append
YourPublicKey to the file authorized_keys. If the file does not exist, it will be created ( ours doesn ’ t exist even. If yours DOES, don ’ thyroxine do this this manner ) .
first, type the echo command into the Linux remote terminal like this :
then, if you right click your mouse pointer at the end cursor, the contents of your clipboard ( containing your newly created populace key for your Windows machine ) will mechanically paste into the current line.
then add the
>> authorized_keys to the end, and hit the Enter key :
now that we have added our populace key to the Linux machine, let ‘s end our PuTTY session, and see if we can log back in using Public/Private key authentication. If this works, we will then modify our OpenSSH waiter configuration on the Linux box to ONLY allow this type of mandate. Go rear to the Putty window, and close it. This will end the session .
Configure PuTTY for Public/Private Key Authorization
nowadays, open PuTTY again, and in the tree control to the bequeath, load your previously saved session shape, select the Connection/SSH/Auth node. Browse to find your private key you created using PuTTYGen, and select it for use. Leave the rest of the settings at their default option values for now :
future, return to the Session shape node, and type a new identify for this modified shape. As previously, I used the IP address, in conjunction with brief configuration details. then suction stop “ Save ” :
Connect to Linux/OpenSSH Server using Public/Private Key Authorization
Ok, let ’ s try connecting now, using our newfangled shape. Click on the Open button on the PuTTY interface. You should see something like this :
Notice that this prison term, PuTTY tells us it is attempting to log in using public key authentication, and prompts us for the password we associated with our key when we created it. Enter the password you used when creating the key ( again, the cursor will remain however while you do this ), and hit Enter :
Congratulations ! You have now logged in to your Linux machine using Public/Private key authentication. While we are connected remotely, let ’ s tidy up a few idle ends .
Set Permissions on Keys File to Owner/Read-Only
immediately that we know our keys are working properly, let ’ s protect the authorized_keys file on our Linux machine so that we don ’ triiodothyronine incidentally modify or delete it. Navigate into the .ssh directory, and type the succeed command into the Bash terminal :
chmod 400 authorized_keys
This sets the permissions on our authorized_keys file so that the stream user, and only the current drug user has read-only permissions, and no one else can even access the file ( that specific user can make the file writeable for themselves again by using
chmod 700 ) .
Edit the OpenSSH Configuration File to Disable Password Authentication
immediately that we have a work key-based authentication schema, we have no more need for the less-then-secure password-only security we used previously. In fact, our future mistreat will be to edit the OpenSSH shape file on our Linux machine to NOT allow that, and to ONLY accept key-based authentication .
beginning, let ’ s make a accompaniment copy of the configuration file. Type
cd to navigate back to your home directory ( entering compact disk with no options or destination path returns you to the home directory by nonpayment ), then create a folder in your home directory to store backups like this :
$ mkdir ssh_config_backup
then, use the follow command to make a copy of the configuration file in the new directory we equitable created ( note : Since we are using
sudo, we will be prompted for the exploiter password we use on the Linux machine ) :
$ sudo cp /etc/ssh/sshd_config ~/ssh_config_backup
adjacent, we will open the sshd_config file using
vi in terminal mode. Type the surveil :
$ sudo vi /etc/ssh/sshd_config
again, you will be promoted for your password on the Linux machine. You should see something like this after hitting the Enter key :
A few things to note :
- I recognize it is difficult to see the dark blue text here. It will be easier to read on your actual screen
- Notice that we are no longer in the Bash terminal per se, but instead looking at the text of the sshd_config file within the terminal.
- At the moment, you cannot edit anything –
viis in command mode.
We will use a few ( very few ) basic
vi commands to get this done. The Commands we need to edit this document are :
- Use the up/down/left/right arrow keys to navigate within the document, and to position your cursor within a line of text.
viis in Command Mode, type
i) to enter Insert mode.
viis in Insert mode, press the Esc key to return to Command Mode.
- When you are finished editing, type :wq (colon then lowercase w the lowercase q) to save and exit the document, returning to the Bash Terminal proper.
now, using your down arrow winder, move down the text file a ways until you find this channel :
We want to change it to :
The hashish symbol at the begin of this cable means that it has been “ commented out ” ( meaning it is ignored when the OpenSSH server refers to this file during configuration ). In addition, note its prize is set to yes :
first, type small letter
i to enter Insert modality, and delete the hash symbol. then, use your right arrow key to move to the end of the line, and change the
no. now press the Esc key to return to Command mode .
You would think this would be the end of it. however, at least in my current Linux Mint system, we besides have to disable the Password Authentication Modules ( PAM ) fortune of the config file ( this is normally the last agate line in the file ). To do this, use your down arrow key to navigate through the text file until you find the follow line :
We want to change it to :
Your screen should look like this :
Use your Right-Arrow key to move to the end of that line, and type I to enter Insert Mode. Change the
no, then press the Esc cardinal to return to Command Mode :
immediately, once safely back in Command mode, type the follow :
As you type, this command will appear at the bottom of the six screen .
once you hit embark, the modified file will be saved, and you will be returned to the Bash terminal :
Restart the SSH Server
As a final examination step, we need to re-start the SSH Server on the Linux machine in order that the shape changes we precisely made a reflected in the military service. Type the follow instruction into the terminal and stumble enter :
$ sudo service ssh restart
Ok, nowadays exit the current PuTTY school term by closing the PuTTY window. Let ’ s see if we have succeeded in denying access for those seeking to login using simpleton password authentication. Re-open PuTTY, and load your original session shape, which we set up without the key-based authentication using only our exploiter name, and undertake to log in. If we have done everything correctly, you should be greeted with THIS unpleasant artifact :
hopefully, this has helped some of you get started using OpenSSH and PuTTY to connect to your Linux machine from a Windows box remotely. Of course, this is of circumscribed utility when like me, your two machines are in the lapp board. In a future post, I will discuss using SSH to connect to your Linux machine from the internet at large, and in conjunction with VNC to create a very fasten Remote Desktop Connection .
additionally, I began exploring this because my future goal is to utilize cloud services such as Amazon EC2 and Windows Azure. In that context, I want to be able to spin up a cloud-hosted virtual Machine ( VM ) and perform this character of administrative stuff.
Read more: Best Free Karaoke Software for Windows
Please feel dislodge to leave constructive feedback, and particularly, to bust me where I have made a mistake or am propagating bad data. Comments are greatly appreciate !
John on Google CodeProject