2017-04-30 - By Robert Elder
SSH or Secure Shell is a network communication protocol that enables two computers to communicate (c.f http or hypertext transfer protocol, which is the protocol used to transfer hypertext such as web pages) and share data. SSHCONNECTION shows the address of the client, the outgoing port on the client, the address of the server and the incoming port on the server. SSHTTY names the pseudo-terminal device, abbreviated Ppty, on the server used by the connection. For example: SSHCONNECTION='192.168.23 192.168.223.229 22' SSHTTY=/dev/pts/6.
SSH is a network protocol for securely communicating between computers. Often when people refer to 'using SSH', they are referring to using an SSH client to connect to another computer's SSH server in order to remotely run commands on that computer. Any computer is capable of running both an SSH client and a server. For example, SSH would allow you to list files on a remote computer using a command like this:
The above command will attempt to log in to a computer located at IP address 192.168.0.123 using the username 'robert'. Once it logs in, it will attempt to run the command 'ls', and then exit from the SSH session. For this to work, you will either need to type the remote user's password, or have already set up another authentication method.
If you leave off the command at the end, you will now get an interactive session that lets you run as many commands as you want on the remove server until you type 'exit':
You can also use the SSH protocol to copy files between computers in both directions with the 'scp' command:
The first command above will copy a file located at '/tmp/my_file' on your local machine into the directory '/mnt/' on the remote server. The second command will do the same thing, but in the opposite direction.
This is where the utility of SSH really shines. You can use SSH to securely tunnel other services through an SSH connection. For example, you could host a git repo on another old computer in your house instead of using GitHub as your remote backup. You could then clone your repo using a command that looks something like this:
Finally, you can even tunnel traffic on a port by port basis. This lets you do things like make a remote service appear as though it is available locally, or the other way around. An example application of this would be to making a local home web server or database able to accept connections from anywhere by using a proxy server with a known IP address.
There are older less secure alternatives to SSH such as telnet, and FTP. These older protocols are less secure because they send your login credentials over the network in a way that lets anyone read them. SSH is more secure because passwords are only sent after a secure channel has been established. SSH also supports public-key cryptography which has a number of security benefits over traditional password-based authentication.
SSH can work with password authentication, but the more modern way to use SSH makes use of public key cryptography instead of passwords. This is the part of using SSH that can be most confusing for beginners. It's actually not that complicated, and once you've done it a few times it will become natural.
Most people are used to the type of authentication where you specify a username and a password which gets sent to a server. The server then checks if your password matches and if it does you are allowed access. Public key cryptography is a bit different and works by requiring the user to create a 'key pair' which consists of:
- A public key that you can distribute to anyone.
- A private key that should be kept secret by the person who created it.
We won't go into the details of how public key cryptography works (because it requires a lot of math), but you just need to know these details:
- There is a complex mathematical relationship between the public and private key.
- A public key can be used to encrypt messages, but not decrypt them.
- A private key can decrypt messages encrypted with the public key.
On Linux, you can create your own key pair using the following command:
After you run this command, you'll get asked the following questions:
- Enter file in which to save the key (/home/Your_Home/.ssh/id_rsa):
- Enter passphrase (empty for no passphrase):
- Enter same passphrase again:
For the first question, you can specify any file name or even the full file path of where you want the public and private key to be stored. The next two questions that ask for a passphrase are allowing you to set up any passphrase of your choosing to protect the key whenever it is used. This is not mandatory, and you can just press enter if you don't want to use a passphrase every time you use the key.
After you finish the above steps, you'll end up with two files that default to being named 'id_rsa' (the private key), and 'id_rsa.pub' (the public key). Here is an example public key:
And here is its corresponding private key:
Once you've created these two files, the general idea is that you can log into remote computers by distributing the public key to the server you want to log into. The private key will always be kept secret on your machine, and you'll need it every time you want to log into a remote computer.
If you're manually setting up SSH between two computer that you own, you'll need to add your public key into a file located at '~/.ssh/authorized_keys' on the remote machine that you want to log into. This file can contain multiple keys to allow access from multiple people.
One common use case for SSH is to allow access to a GitHub repo. There is nothing special about how SSH keys work with GitHub compared with how SSH keys are used elsewhere. You can create a key pair in a method similar to that described above. Here is the official GitHub documentation of creating key pairs. Note that (as of writing this article) the official GitHub documentation at the link just provided also includes steps to add the key to your authentication agent with 'ssh-agent'. Using 'ssh-agent' isn't necessary in general, but it is one of multiple methods used to specify which key to use when you attempt to make an actual remote connection.
Once you finish creating the key pair, you can follow the GitHub official documentation on adding the key to your specific repo and account. Note that (as of writing this article), the documentation at this link says to use the program 'xclip', but this isn't necessary. You can simply locate the SSH public key file, open it in a text editor, and copy and paste it.
After you've created the key-pair and added the public key to your GitHub account, you should be able to run an SSH command similar to the following:
For example:
If everything worked, you should see the following:
The above message is not an error and it indicates that you're able to authenticate with the server successfully, but it won't provide you with SSH shell access because GitHub only allows you to communicate with their servers though the git client. If you see this message instead:
That means something didn't work properly. Check to make sure that the path to the private key is correct, and make sure you uploaded the public key correctly. Also make sure you're using the username 'git' otherwise the username will default to the current user on your local machine.
In order to clone or push to the repo, you should use the various git commands that take advantage of the fact that git can clone or push through and SSH tunnel.
With Amazon's EC2 instances, when you are asked to create and download a key pair you get a copy of the private key that lets you access your server. Amazon keeps a copy of the public key file, and whenever you launch a new instance using that key pair, the EC2 instance will be provisioned to have the public key automatically added to the '~/.ssh/authorized_keys' file. This is why you're able to get access to the cloud server without having the physical access you would need to add the initial public key to '~/.ssh/authorized_keys'.
You can find a more detailed guide to SSH with AWS EC2 instances here.
One of the most important productivity boosters when you're using SSH, is to set up a configuration that remembers all of your connection parameters in the file '~/.ssh/config'. If you don't already have one of these files, you can go ahead and create it. The point of this file is that instead of typing this out every time:
You can type this instead:
As long as your '~/.ssh/config' file contains this entry:
This will work in various other places, such as with git or scp:
One final note about the SSH config file: Some internet service providers will close idle connections, and this means that if you open an SSH connection, but don't type anything for a while, your ISP will timeout the connection, and then your terminal window will just become unresponsive when you try to use it again.
You can prevent this from happening, by adding the following to your SSH config file under each host's connection parameters:
As mentioned previously, you can use SSH to log in to another computer remotely, provided that it is running an SSH server, and the proper steps have been taken to set up authentication for incoming users.
Normally when you log into a remote server, if you start a long-running task and then close the terminal, your SSH connection will be closed, but the remote command that you were running will be killed as well. Sometimes, this is not desirable, and you may wish to log in briefly, start a long-running task, then close the window or shut down your local computer. There are a couple ways to solve this problem. Let's look at a simple example:
The first involves using the nohup command which can be done by appending a '&' symbol to the end of any shell command:
The above command will cause the infinite loop to run in the background until it finishes or it is explicitly killed using the 'kill' command. In the meantime you can run other commands or close the SSH connection without killing the remote background job.
Now when the users closes the SSH connection, the command will continue to run on the remote server.
Another method is to use a terminal multiplexer which is a special program that adds more features to your terminal session. A couple popular ones are GNU Screen and tmux. For whatever terminal multiplexer you decide to use, each will have various commands that allow you to create new terminal sessions, and if you launch a command in one of these it can run in the background. Next time you log into the server, you'll be able to start the terminal multiplexer program again and connect to any running terminal sessions you were using previously.
One of the really cool things you can do with SSH is capture information received on one of your local ports and send it through your encrypted SSH tunnel, then forward it somewhere else at the other end of the tunnel. Here an example:
When the above command is run, it will create a normal SSH connection into 'robert-server' using whatever parameters are in the '~/.ssh/config' file. In addition, any traffic that would otherwise be received on the local computer's port 4005 will instead be sent into the tunnel, then on the other end it will be forwarded to IP 127.0.0.1 on port 80. If 'robert-server' was a web-server, then browsing to 127.0.0.1 from the machine that issued the command above would then show whatever page was running on the web server as if it were running locally. You could do the same thing with a database sever which would allow you to connect to a database hosted on the server that might not be externally accessible.
In the next few sections, we'll review some of the most commonly encountered SSH related errors.
This error can be caused if you're trying to connect to a host that doesn't have an SSH server running on it. It may also be the case that you specified the wrong port number. SSH is usually hosted on port 22, but this can be changed to any port by the server administrator.
This type of error occurs if you are trying to connect to an IP or host name that does not exist. You may get this error if your internet or LAN connection is not working.
You will see this error if you have been denied access by the SSH server when using public key authentication. Common causes of this message are not specifying the correct private key when attempting the connection, or not specifying one at all.
This will often happen the first time you connect to an SSH server because each time you attempt to connect to a server, your local client will look for a piece of saved information (usually located in '~/.ssh/known_hosts') that remembers the identify of machines that you trust. It is common to just type 'yes' for non-serious use cases here. If you were extremely concerned about security, you would call up the system administrator of the server you want to connect to and ask them what the 'RSA key fingerprint' of the target server was. You would then manually add this to the '~/.ssh/known_hosts' file and then you would not see this warning.
Sometimes you may see a message like this:
This message is saying that the identity of the SSH server you're connecting to has changed. This might be a concern if someone else decided to set up an SSH server of their own and trick you (possibly by setting up their own DNS server) into logging into their SSH server instead of the one you think you're logging into.
There are a few cases where this message will be expected though: If you are using Amazon EC2, and you connect to a server at a given elastic IP, it will save the RSA key fingerprint of the server and associate it with that elastic IP address. If you later launch a different server and associate it with that same elastic IP, you will get this error, because the entry in the '~/.ssh/known_hosts' file is still associated with the old SSH server's RSA key fingerprint.
Another situation that can cause this, is if you upgrade the version of SSH running on the server. There are a few cases where it will generate a new RSA key fingerprint which will cause the same issue.
If you are confident that this is not a real security issue, you can use this command to remove the offending entry from your '~/.ssh/known_hosts' file:
This occurs when your permissions are too open on your private key file. A solution is explained in guide to SSH with AWS EC2 instances here.
If you're attempting to start an SSH connection that isn't working, there is a handy debug flag you can add when you start SSH:
Here is an example of some of the debug output you might see:
Some of the output will be hard to read, but at least you'll get some keywords that you can search for.
In this article, we've covered some of the broad use cases for SSH, and how to take advantage of them on a Linux platform. We've covered how SSH can be used with GitHub, AWS EC2, or even between computers you have at home. There are also a number of ways you can make use of port forwarding to make remote services appear as though they are being hosted locally. A few common sources of error have also been discussed. This really only scratches the surface of what you can do with SSH, but hopefully this is enough to get you started asking the right questions.
| Join My Mailing ListPrivacy Policy | Why Bother Subscribing?
|
An SSH client is an application using the Secure Shell (SSH) protocol to connect to a remote system or computer. It allows for secure and authenticated SSH connections to be established with SSH servers. SSH clients are typically used to remotely log in to and execute at the command line. They also provide users with a way of securely accessing routers, servers, switches, and other systems.
This guide ranks the top SSH Windows clients available today, with the aim of giving you insight into which tool is best suited to your business needs. It considers cost effectiveness, user friendliness, suitability for business use, and the range and sophistication of each tool’s capabilities. For those who don’t have time to read the full list, I found SolarWinds® Server & Application Monitor (SAM) to be the best of the Windows SSH client tools.
Server & Application Monitor is one of many well-known SolarWinds products in widespread use. The most popular of these is SolarWinds Network Performance Monitor, which has taken the IT software market by storm.
SAM is a useful SSH client for Windows and Linux/Unix, offering an impressive range of advanced features delivered through a user-friendly interface. It’s a versatile tool providing in-depth insights into the overall health of your systems. It offers monitoring capabilities covering Azure IaaS, Cisco UCS, end-to-end files, Exchange server performance, GlassFish performance, HP servers, and more.
SAM features a web-based SSH client allowing users to remotely manage Linux server consoles. This can be done quickly and easily via the Orion® Platform interface. A number of SolarWinds most popular products are built on the Orion Platform, which enables you to extend your IT monitoring solution while maintaining a centralized view. SAM also supports the automated identification of Linux distributions, making the process of configuring distribution-specific monitoring templates simple.
This SSH tool features a Linux/Unix script monitor using SSH to upload scripts to a Linux/Unix server. The script is then run on the server, and the text output and return value are processed. Because this is a predefined SAM component, you can use the Linux/Unix script monitor to execute command line script, which will return statistical data.
The user interface is one of SAM’s most notable benefits, because it’s simple and easy to use. There is no initial learning curve or training required. The dashboard represents data in the form of charts and graphs, making at-a-glance interpretation more accurate. Although suitable for beginners, SAM also benefits from ample SolarWinds assistance, with support technicians available 24/7 and a vast community of loyal SolarWinds users on hand via the THWACK forum.
SAM is suitable for small and large businesses alike and is both scalable and cost effective. A 30-day free trial is available.
PuTTY is one of the most well-known SSH software programs available. This SSH terminal, Windows-specific, is simple and lightweight. It supports telnet, SFTP, rlogin, and SSH client. This SSH program is often used by IT administrators to establish an SSH connection with remote systems, while enabling them to save session logging, session configurations, and screen customizations.
What makes PuTTY one of the best SSH Windows client tools is it includes a 32-bit and 64-bit client, and SSH1 and SSH2 protocols. This SSH tool is super easy to use, and while this makes it suitable for beginners, its capabilities could be more sophisticated, versatile, and scalable. Another drawback to this SSH Windows client tool is the “save session” capability doesn’t allow you to save credentials.
PuTTY is free to download.
KiTTY is an open source SSH alternative to PuTTy offering several add-ons. This SSH terminal, Windows only, allows you to make automatic connections to telnet, SSH1, and SSH2 servers.
The process for establishing automatic connections is simple—fill in the “Auto-login password” field in the “Connection/Data” config box, and the password value is fully encrypted. KiTTY also supports port knocking, a method of protecting the SSH port from attack.
Another benefit of KiTTY is it can be used with the Internet Explorer browser. Integrating KiTTY with Internet Explorer, or any other browser, is a straightforward process. Just download the kitty_ssh_handler.reg file and correct it to write the full path to the file kitty.exe on your system. Then run it to update the registry.
Sftp Client Meaning
You can download KiTTY here.
Solar-PuTTY is one of many free tools by SolarWinds. This SSH Windows client tool allows you to manage remote sessions professionally and efficiently, with access to a generous range of utilities. You can manage multiple sessions simultaneously, via a single console featuring a tabbed interface.
The tabbed interface makes switching between multiple sessions easy, and the browser-like dashboard provides you with a familiar way of accessing sessions. These functionalities save time and simplify the process of session management. Solar-PuTTY also lets you save private keys or credentials to any session, enabling fast and easy login.
Other time-saving capabilities include script automation and Windows Search integration, which helps you find your saved sessions quickly. This SSH Windows program doesn’t require any installation, and the interface is user friendly, meaning you can manage remote sessions right away. The layout of the tool is intuitive, so you won’t have to spend hours learning feature locations.
This tool supports SCP, SSH, telnet, and SFTP. It features auto-reconnecting and graphical SFTP file transfer capabilities, and support for post-connection scripts. Many of the features of Solar-PuTTY aren’t offered by the original PuTTY program. This Windows SSH client tool is also more accessible and easier to use than the original PuTTY. You can download it here.
MobaXterm specializes in remote computing but is nonetheless a highly versatile tool. Through one Windows application, this SSH tool provides a range of capabilities specifically designed to make the lives of IT administrators and programmers easier. The drive behind MobaXterm is to simplify remote management.
MobaXterm covers all the key remote network tools, including X11, SSH, RDP, VNC, MOSH, FTP, and more. It also supports Unix commands including bash, cat, ls, sed, awk, grep, and rsync. All of these are accessible via a single, portable .exe file, which functions on an out-of-the-box basis, so you can get started right away. The tabbed terminal with SSH is based on the PuTTY format and uses anti-aliased fonts while boasting macro support.
This tool offers an embedded X server, which is fully configured according to X.Org. It supports Display being exported to local Windows from remote Unix, features X11 forwarding capabilities with SSH for secure transportation, and can be extended with multiple add-ons and plugins.
There are many benefits to this all-in-one remote management solution. For one, all your remote applications will be seamlessly displayed on your Windows desktop via the embedded X server. Moreover, when you use SSH to make a connection with a remote server, a graphical SFTP browser will appear automatically, so your remote files can be edited directly.
MobaXterm provides you with all your network tools through a single application. It’s packaged as a single executable, so it’s portable and lightweight, and can be initiated from a USB stick. The main pitfall is the initial learning curve—the program is likely to seem complicated to a beginner.
Both a free edition and a professional edition of MobaXterm are available. The free version is fairly limited, but the paid edition allows you to modify profile script, customize your startup message and logo, remove screensavers and games you aren’t using, take advantage of an unlimited number of sessions, and much more. Both editions are available for download here.
Best SSH Windows Client Tool
If you’re in the market for the best SSH Windows client tool, you cannot do better than SolarWinds SAM. This program is extremely advanced, but entirely user friendly. It’s well supported, scalable, and suitable for enterprise-grade requirements. As an all-in-one application and server monitoring software, SAM offers a range of powerful capabilities of value to any IT administrator.
What Is A Ssh Client
A number of features set SAM apart from the other tools on this list. These include the web-based SSH client, the ability to integrate multiple SolarWinds tools while maintaining a unified experience, and the Linux/Unix script monitor.
Ssh Client Meaning
With no initial training or experience required, SAM is a fantastic SSH tool for beginners and experts alike. It stands as one of the most advanced SSH programs available and is provided by a company with a long reputation of dependability and innovation. Enter your details here to access the 30-day free trial.