Transcript
  • Servers and Tools

The Server Software

From the class:  SSH

So far we've talked an awful lot about the SSH client, but what about the piece of software that's running on the server? Let's ssh into the machine take a look at it.

If I use ps to take a look at all the processes that are running on the machine, one of those processes will be the sshd process. The d-- here it is, down here in the middle-- the d stands for daemon, so sshd. This is a software program that is going to be listening on port 22 or port 2222, and it's going to be the program that accepts incoming connections from clients, and manages those connections over the SSH protocol. So this is the piece of software that's running on the server.

Now, this piece of software starts up automatically when we start up the Ubuntu server, so we don't have to start it up ourselves, and it's configurable by a configuration file that's stored in the et cetera folder, so the etc folder in ssh. So go to change directories into etc ssh, and there's a file in here called sshd_config, and that's going to be the configuration file that is how SSH configures itself to run.

So let's take a look at some of the options of that. Now, cmather is not actually a pseudo user, I don't believe. Let's just doublecheck-- sshd_config. Ah, nope.

So what we'll have to do is to go back in there as the regular vagrant user, so just exit out, and type vagrant ssh, and if you want to, you can add cmather to the pseudo group, like we did in the Users and Groups class, but for now I'm just going to-- to make this simple-- log in as vagrant. And we'll change back into the etc ssh folder, take a look again, and this time I should be able to edit this file. We'll have to use pseudo, because it's owned by the root, and we're going to be opening it up as the vagrant user, but this time vagrant does actually have pseudo privileges. So I'll say pseudo vi sshd_config. Here we go.

Now, notice there's just a bunch of options here. The options start with capital letters and then they have the option values, and the first option here is the port that the ssh server is going to be listening on. In this case, it's 22.

And you might be wondering why we've been using 2222, this is because Vagrant does some fancy port mapping, but if you were on a regular server that's hosted on Amazon, for instance, it's most likely going to be on port 22.

Then there's a couple other options, like which protocol we're going to use of ssh, where the different keys are, and some other things here. You can research these options yourself, but one I want to draw your attention to is whether or not we allow password authentication. So let's scroll down a bit. You see here, it says password authentication yes. Most of the time you don't want that, so you don't want your users sending passwords over the wire, not because it's insecure, but because we don't want other random users to be able to try to log in using passwords, so that part is insecure.

In other words, the passwords are encrypted when they're sent over the wire, but we don't want to give random users the ability to brute force try a bunch of different passwords, so best just to turn this off completely, and we can change this answer to no, and that will turn off password authentication.

Once you've made a change to that file, you'll have to restart the SSH service, and to do that, you can type pseudo service ssh restart, and this is going to restart the SSH service.

And if you want to get a status for this service to see whether or not it's running, you can type service ssh status, and that'll tell you the process ID for sshd, and whether or not it's active and running or not.

So this service is provided by the OpenSSH program that's installed automatically on Ubuntu. It's the same service that we have on our Mac, but you might have to install OpenSSH yourself if your distribution of Linux or of Unix doesn't have it, but I just wanted to show you in this video that it's a program that's installed on this machine that's running and listening, typically on port 22, and it's configurable by playing around with the configuration file in etc ssh.