Monday 23 December 2019

How to connect to Linux computer remotely via SSH


It is possible to access the terminal of the Linux machine in the same local network. All we need to know is:

  • account name we want to log in remotely
  • computer's IP address or hostname 


ssh connection


We can do this out of the box if we perform connection from Linux or Mac computer.

From Linux machine, via host name (nvidia-nano in this example; and nvidia as account name):

ssh nvidia@nvidia-nano
The authenticity of host 'nvidia-nano (192.168.0.12)' can't be established.
ECDSA key fingerprint is SHA256:AeGD/zmVkabo...ab3jLsqBUPjZfirAo.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'nvidia-nano' (ECDSA) to the list of known hosts.
nvidia@nvidia-nano's password: 
Welcome to Ubuntu 18.04.3 LTS (GNU/Linux 4.9.140-tegra aarch64)

 * Documentation:  https://help.ubuntu.com

 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

 * Overheard at KubeCon: "microk8s.status just blew my mind".


     https://microk8s.io/docs/commands#microk8s.status

This system has been minimized by removing packages and content that are
not required on a system that users do not log into.

To restore this content, you can run the 'unminimize' command.


1 package can be updated.

0 updates are security updates.

Last login: Fri Dec 20 16:39:47 2019 from 192.168.0.30



We can run ifconfig on remote machine (directly) in order to determine its IP address. Once we know it, the ssh command would be e.g.:

$ ssh nvidia@192.168.0.12


If we use the wrong IP address, we might get the following error:

$ ssh nvidia@192.168.0.12
ssh: connect to host 192.168.0.12 port 22: No route to host


It is possible to find out the IP address of the computer in local network via nmap tool which scans local network for connected devices. We need to know local network's address and mask:

$ nmap -sn 192.168.0.0/24
Starting Nmap 7.80 ( https://nmap.org ) at 2019-12-07 23:36 GMT
Illegal character(s) in hostname -- replacing with '*'
Illegal character(s) in hostname -- replacing with '*'
Nmap scan report for xxxRouter (192.168.0.1)
Host is up (0.015s latency).
Nmap scan report for ***MobilePhone_01*** (192.168.0.20)
Host is up (0.016s latency).
Nmap scan report for nvidia-nano (192.168.0.23)
Host is up (0.10s latency).
Nmap scan report for ***AndroidPhone*** (192.168.0.15)
Host is up (0.100s latency).
Nmap scan report for ***iPhone*** (192.168.0.53)
Host is up (0.012s latency).
Nmap scan report for ***user-laptop1*** (192.168.0.61)
...
Nmap done: 256 IP addresses (7 hosts up) scanned in 3.59 seconds


To run applications that use dialogs (windows) we need to enable X forwarding by passing -X argument to ssh:

$ ssh -X user@host 
...
user@host: $ gedit


The example above will run gedit on a remote host but will open gedit window on the local host (from which we connect to remote). 

To execute command immediately upon connection, we can pass that command with -C ssh argument:

$ ssh -X user@host -C gedit


This is useful when we need to copy the content of some file to the local file:

ssh -i "my_private_key.pem" user@host -C "sudo cat /path/to/file"  > ~/Documents/file

To close SSH connection we can use command exit:

nvidia@nvidia-nano:~$ exit
logout
Connection to nvidia-nano closed.


Troubleshooting


% ssh bojan@18.123.121.82
The authenticity of host '18.123.121.82 (18.123.121.82)' can't be established.
ED25519 key fingerprint is SHA256:G8GbrRLh5LvWevLXLRARgz9HrQzPbLIC33p1IAD5fUI.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '18.123.121.82' (ED25519) to the list of known hosts.
bojan@18.123.121.82: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

The error above means that the public key for this user is not found in ~/.ssh/authorized_keys directory. 

Fix:

Use the ssh-copy-id command to append the public key in the local ~/.ssh/id_rsa.pub file to the ~/.ssh/authorized_keys file on the remote system, for example: ssh-copy-id bojan@18.123.121.82. (This assumes that user bojan has already been created on the remote system, /home/bojan directory exists and user bojan can ssh to remote host via username and password).


No comments: