Matt Moore

C++

Linux » Managing a Server Remotely

Aug 24, 2014

Most people manage their Linux servers using a program known as Secure Shell (SSH). SSH is a client-server application. When set up, you can connect to a server running SSH and control the entire server from the command line.

To install SSH on Ubuntu Server 14.04, log into your server and enter the following commands:

$ sudo apt-get update
$ sudo apt-get install openssh-server

This will install the SSH server. By default SSH will run on port 22, but you can change that port or add other ports for it to listen on. For example, if you wanted to run it on ports 22 and 443, you could modify the file on your server located at /etc/ssh/sshd_config. I use vim to edit files, so I would do this:

$ sudo vim /etc/ssh/sshd_config

Then find the line that looks like this:

Port 22

Add another line below Port 22 like this:

Port 22
Port 443

After making changes to the config file, you'll need to restart the SSH service:

$ sudo service ssh restart

Of course, your router/firewall will need to allow whatever ports you want accessible. There are lots of other options in the config file, but I won't get into them now. Perhaps another time.

Special Uses

SSH has the ability to do lots of things. One such interesting ability is to forward traffic between networks. Perhaps you're out and about on a public network (or a friend's home network, but you don't want your friend to spy on your traffic). Let's say you get on this public network and decide to browse to a few different sites, but decide you don't want people to spy on your traffic. Or say you want to access a web site (perhaps a Plex Media Server that you want to get to via your browser while you're away from home) that is only available to local clients. Perhaps you want to check your Gmail account, but you're at a coffee shop and Gmail is blocked.

You can run what is called a SOCKS proxy over SSH. Assuming your server's IP address (or domain name, if you have one) isn't blocked, you can actually connect using SSH to your server, and reroute traffic onto your laptop through a local SOCKS server. Then you configure your browser to use that SOCKS proxy. If you do this using SSH certificates (that are password protected), you will then be able to get access to all your sites in a secure and private manner. Here's how this all works:

  1. First, once you have an SSH server running, and your SSH ports are opened on your router/firewall correctly, you'll need run the SSH client with the following options: ```shell $ ssh -p 22 -D 1080 username@IP-or-domain-name ```

    The -p option specifies the port to connect to the SSH server on. It could be whatever port you the server is listening on. I could have specified it as 443. The -D option specifies the local port you want the SOCKS proxy port you want to create as a listener on your laptop.

  2. Next, we'll configure Firefox to use this SOCKS proxy. In Firefox, go to Options/Advanced/Network.
  3. In the Connection section, click Settings.
  4. Select the SOCKS option, then enter "localhost" as the SOCKS host, and 1080 as the port. Make certain that you check the "Remote DNS" box. Your screen should look similar to the following:
  5. Click OK. You can now use Firefox with your SOCKS proxy.

It is extremely important to use the Remote DNS checkbox. If you don't, then whatever network you're connected to can see what your DNS requests are. If you go to google.com, for instance, the network you're on can see that you're making a request to google.com. The actual pages from google.com will come through your encrypted connection, but your outbound requests will not make use of it. By checking the checkbox, Firefox will send all your requests directly through the SOCKS proxy and make the DNS request on the other end with the SSH server's DNS servers.