SSH Part1 - Improve productivity using SSH Server

on Networking

Understanding how SSH works

The motive of this article, ironically started from a deep frustration towards WSL2. Windows Subsystem for Linux (WSL) itself is a great tool that gives developers on Windows PC an easy access to Linux distributions like Debian without having to use traditional methods like VMs or dualboot setup. I own two computers currently, a Linux Desktop for Machine Learning purposes, and another Windows laptop that I use to study and work outside of home. Regardless of the topic, I would always be using Linux when working or studying.

And two of the most common ways to run Linux commands on Windows without setting up VMs or dualboot are:

  • A. Set up WSL
  • B. Use Gitbash

WSL2 runs on actual Linux kernel and therefore is often more preferred than running Git Bash. But the biggest problem is that WSL2 is slow. Common operations such as tox build, pip install, or even simple git operations are at least couple order of magnitude slower. File I/O seems particularly lagging, most likely due to the way Windows emulates Linux file system on WSL. If your machine’s computing power is lower, it becomes even more unbearable. This is a well known problem that has been addressed for years by the community, yet it has never been fully solved. I need to constantly build the project for my work, and the slowdown pretty drops the productivity to zero. So I concluded that the easiest and fastest solution to this problem, is to set up my home Linux PC as an SSH sever, and do all the computation there remotely.

Setting up SSH sever

openssh
OpenSSH encrypts all traffic to eliminate eavesdropping, connection hijacking, and other attacks.

In this post, I will be using OpenSSH, widely used connectivity tool for remote login with the SSH protocol. The general process of setting things up is actually very simple. My PC will serve as a openssh-server here, and my laptop will serve as the oppenssh-client. Assuming you have some sort of Linux distribution, refer to the code below:

# update system packages.
$ sudo apt-get upgrade

# install both server and client.
$ sudo apt-get install openssh-client
$ sudo apt-get install openssh-server

Starting and stopping OpenSSH server is dead simple.

# start openssh server
$ sudo service ssh start

# stop openssh server
$ sudo systemctl stop ssh

# restart openssh server
$ sudo service ssh restart

Once your server is up and running, you should be able to see:


#check the output
$ ps -A | grep sshd

#similarily, you can run:
$ sudo service ssh status

You should see some terminal output, like 00:00:00 sshd. If you don’t, check your server is running properly again. The server is running, and it should be ready to accept client requests for connections. How does SSH server accept or reject connections? Of course by defining set of SSH keys that can connect.

Try connecting to your own server.

$ ssh localhost

If you get a permission error, most likely it means your key has not been added to set of authorized keys. Ensure you have already generated the SSH keys first (you should know the file name of the pub file), and then run below:

$ cat ~/.ssh/id_ed25519.pub >> ~/.ssh/authorized_keys

Now the localhost call should pass without any issues. And by adding other PC’s SSH keys like above, any client will be able to connect to the server as long as the server is up and running.

Connect to SSH Server from Client

All the specific configurations (password, port, security settings) for ssh server can be found under the config file

$ nano /etc/ssh/sshd_config

Make sure to edit above if you have to.

Now we have successfully configured SSH server. Now if a remote client PC is trying to connect to server, there are couple information that it needs, like user_name and ip address (also password if you choose to login via password). If you don’t already know, run below from the server side.

#user name
whoami

#ip address (many ways)
$ ip a
$ ip addr | grep inet
$ ip route

Understanding IP addresses

Commands like ip a return bunch of information related to Internet Protocol (IP). This can be quite confusing at first (at least for me), so it’s important to understand what they mean.

As we all know, IP address is the unique identifier assigned to a device or domain that connects to the internet. It’s indeed similar to how our mailing addresses behave. Common terms like IPv4 and IPv6 signify the versions of IP addreses. IPv4 is the older address version introduced in 1983, with fewer permutations compared to IPv6.

openssh
Inet represents IPv4 (32 bit)

Because IPv4 has not been completely replaced by IPv6 yet, both versions are used. Apart from length of bytes, IPv6 have additional advantages like speed, security, and etc.

openssh
Inet6 represents IPv6 (128 bit)

Public IP vs Private IP

What is the difference b/w private IP and public IP? A public IP (external, global IP) can be directly accessed over internet and is assigned to your network router by your internet service provider (ISP). Your personal device also has a private IP that remains hidden when you connect to the internet through your router’s public IP.

openssh
Think of private address as your home address, and public address as general postal code.

A private address is the address that your network router assigns to your device. Router will assign a unique private IP address for each device. Private IP address cannot be seen online. Your device talks to the router from private IP address, and the router then communicates to the internet via the public address. When your device accesses the internet, the private address is converted to public IP address first via Network Address Translation (NAT). This is mainly because when IPv4 was first created in the 80’s, the developers have not expected the explosive growth of internet, and expected 4 billion combination is more than sufficient. In the modern world, this limit is clearly not enough to include both private addresses and public addresses. IPv6 offers astronomical number of permutations, so when it becomes the norm, NAT or private addresses will no longer be used.

NAT
Network address translation for IPv4.

NAT is used to convert private address to public, and also public address to private. This assures that you get information that you have requested, and nothing gets delivered to incorrect addresses.

Anyways, with the server side IPv4 address (inet), you can easily establish ssh connection:

$ ssh chophilip21@172.xx.xxx.xxx -p xxxx

You should be able to SSH into the PC, at least within the same network. There is another important hurdle to overcome to truly access remote PC. That will be discussed in part 2 of the article.