OpenSSH allows you to connect remotely to other GNU/Linux servers/machines securely. It isn't just a tool for a secure network connection, it also provides a large suite of tools such as a powerful authentication method, sophisticated configuration option, and lots more.
Differences Between OpenSSH and SSH
Before we learn how SSH works, I want you to be aware that OpenSSH is the open-source version of the original SSH software and they both use the same protocol, so, when you are asked about the differences between both, it is basically straightforward...
OpenSSH is the opensource version of the secure shell (SSH) protocol for remotely controlling, or transferring files between machine, while the original SSH is a commercial version and does more than remote controlling/transferring files securely.
Since OpenSSH is the open-source version and the most popular one, that is what you would most likely be using.
How Does SSH Works
SSH provides a secure channel over an unsecured network in a client-server architecture.
Don't get the "client-server" terms confused, the client in most cases is your own PC that you want to use to establish a connection to the server. To use this, you need the ssh client application (I'll show you how to install this in a moment).
On the other hand, the server is the machine you are connecting to, it has a daemon (background task) that listens continuously for connection from the client, for example...
The Client (Your PC) initiates the connection by contacting the server. If you remember, I said the server listen for connection (this is usually the default port 22), and once this connection is initiated, the server responds by sending the client a public cryptography key, once the key is verified, the server identity is added in known_hosts file in ~/.ssh directory on the client machine.
The known_hosts file contains the info about all the verified servers by the client, if a server key has been verified before, it would instead move it to the next phase, which is...
Negotiating parameters and thus open a secure channel for the client. Lastly, the user/the client machines log into the server.
Regardless of the GNU/Linux distro you are using, the Openssh server would have most likely been pre-installed. To confirm the availability, type...
If you have it installed, you would see the following output:
If you don't have it installed, your output would be empty, install it using the following command:
sudo apt install openssh-server
OpenSSH server is only required if you want to allow users to connect remotely to your server, but if you would be connecting to other servers, then you need an SSH client installed.
If the sole purpose of your machine is connecting to other servers, then the only required package is the SSH client, and you can do away with the server package as that is only required if you want others to connect to you.
That said, to get started with using Openssh, you need to confirm if your target machine (the server you want to connect to) has an openssh-server package installed and started.
By default, most distros are automatically configured to start ssh automatically, I'll be using Ubuntu as an example, but this should be the same regardless of your distribution.
To verify the ssh server is running, type the following command:
systemctl status ssh
If OpenSSH server is properly configured, you should see output that tells you that it's active (running):
● ssh.service - OpenBSD Secure Shell server Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled) Active: active (running) since Sun 2020-03-15 20:39:28 UTC; 10min ago Process: 875 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS) Main PID: 1103 (sshd) Tasks: 1 (limit: 2318) CGroup: /system.slice/ssh.service └─1103 /usr/sbin/sshd -D
If for some reason, it's not started, start it with:
sudo systemctl start ssh
And that should start it, in some situation, even if it starts, it won't start automatically on the next server boot, you can make sure it does by running by using the following command:
sudo systemctl enable ssh
Once Openssh is started and running, it listens for connection so as to make it reachable to the client. To list listening ports, you can use the following command:
sudo netstat -tulpn | grep ssh
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1103/sshd tcp6 0 0 :::22 :::* LISTEN 1103/sshd
You can see port 22 is open, by default the server listens for a connection on port 22.
You can modify this part in the /etc/ssh/sshd_config file, go ahead and open it:
sudo nano /etc/ssh/sshd_config
Change the port number to whatever soothes, and save.
Connecting To Server Using SSH
To connect to a server from the client (the machine you want to use to establish the connection to the server), you execute the ssh command followed by the hostname or the IP address of the server you want to connect to, for example:
If for some reason you get an error, this is due to the fact that ssh uses the username you are currently logged in with for the connection by default. So, to specify the user you actually want to connect to, you include the username followed by @ symbol and the IP address or hostname, for example...
In the situation whereby the port of the server has been changed to something other than the default port 22, you can specify the actual port by using the -p parameter, e.g:
ssh -p 449 firstname.lastname@example.org
Once you have initiated the command, you will be able to verify the identity of the server, and if the parameters are able to match one another, you will be connected to the target machine.
Once you are connected, you'll be able to run shell command and have the same user permission you are logged in with, so, you can actually administer the system as if you were right in front of it.
Learn How To Simplify SSH Connection
This is just the basics of how it works in general, it should get you up and running!