SSH (part 1): A set of SSH programs

2 April 2023 7 minutes Author: Endpool

What is SSH and why is it needed?

SSH is a set of programs that allow you to log into a remote machine to execute commands on it. It is designed to provide secure encrypted communication between two nodes over an unsecured network. X11 connections, arbitrary TCP ports, and UNIX domain sockets can also be forwarded over a secure channel. SSH includes programs that additionally allow you to transfer files over an encrypted connection. SSH includes various security enhancements, including user/host authentication, data encryption, and data integrity, which prevent popular attacks such as sniffing, DNS/IP spoofing, data forgery, connection interception ( connection hijacking), etc. Users of ftp, telnet or rlogin who use a protocol that transmits data in the form of clear text are advised to switch to SSH. SSH support is implemented in all UNIX systems, and most of them include an ssh client and server as standard utilities. You may need an SSH client to work with site files, to view and edit them, and to work with databases.

There are a number of SSH client implementations for non-UNIX OS as well. The protocol gained great popularity after the widespread development of sniffers, as an alternative solution to dangerous telnet for managing important nodes. The SSH protocol is developed on a commercial basis, and there is also a free version, OpenSSH, which is especially popular among web developers. OpenSSH is an open source implementation of the SSH protocol that allows you to encrypt network connections using a set of programs. If you want to have SSH on Linux, you can install OpenSSH, which consists of the OpenSSH server and client packages. The technology works according to the server-client principle. That is, on the remote machine on which you want to run the commands, you need to run an OpenSSH server. You can connect to this server using OpenSSH clients. Both the server and the client can be installed on one computer. Their launch and configuration are performed independently of each other.

SSH utilities

OpenSSH server utilities include:

  • sshd (OpenSSH Daemon) – daemon program for ssh. sshd waits for connections from clients.
  • sftp-server (SFTP server subsystem) is a program that participates in the transfer of files using the SFTP protocol. sftp-server is not intended to be called directly, it is usually automatically invoked by the sshd daemon.

So, on the server, sshd requires the main attention, and the sftp-server program will be launched automatically if necessary.

OpenSSH client utilities include:

  •  ssh (SSH client) is a program for logging into a remote machine and executing commands on that remote machine.
  •  scp — a program for copying files to a remote machine from a local machine, or vice versa – from a local machine to a remote one. An encrypted channel is used during data transmission. sftp is also a program for transferring files over a secure channel. This program is similar to FTP.
  • ssh-keygen – a utility for creating and managing authentication keys. It can also be used to recall keys.

These are the basic programs that most users will need to generate keys, connect to a remote machine, and copy files.

The following utilities are present in the OpenSSH package, but do not require the user to explicitly run or are rarely used:

  • ssh-add – Adds a private key to the authentication agent.
  • ssh-agent — is a private key storage program used for public key authentication (RSA, DSA, ECDSA, Ed25519). ssh-agent is usually started at the start of an X session or logon session, and all other windows or programs are started as clients for the ssh-agent program. By using environment variables, the agent can be found and automatically used for authentication when logging in to other machines using ssh.
  • ssh-keyscan – is a utility for collecting SSH host public keys from multiple hosts. It was designed to help create and verify ssh_known_hosts files. ssh-keyscan provides a minimal interface suitable for use by shell and perl scripts.
  • ssh-keysign — ssh is used to access the local host’s keys and generate the digital signature required during host-based authentication. ssh-keysign is disabled by default and can only be enabled in the global client configuration file /etc/ssh/ssh_config if EnableSSHKeysign is set to “yes”. ssh-keysign is not meant to be invoked by the user, but from ssh.
  • ssh-copy-id – uses locally available keys to authenticate on the remote computer.

How to install OpenSSH?

For some configurations, the OpenSSH service is installed and enabled by default. This generally applies to systems that are difficult to access by any means other than SSH. For example, on VPS hosting (virtual private servers), the installed systems almost always have the SSH service installed and running, even in the minimal configuration, so after deploying a new server, the client just needs to connect using the credentials sent. In images for ARM computers, which often do not have a display, the OpenSSH service is usually already installed and running.

In Debain and derivatives (Kali Linux, Linux Mint, Ubuntu), OpenSSH programs can be installed separately, for example, there are packages for the client and for the server openssh-client and openssh-server.

Or you can install the ssh metapackage, which contains the client and server parts:

In Arch Linux, the OpenSSH client and server are bundled together.

To install OpenSSH on Arch Linux, do:

On other Linux distributions, look for the openssh or ssh package.

OpenSSH service management

The ssh client is launched by the user as needed. The OpenSSH service only needs to be running on the server.

OpenSSH comes with two kinds of systemd service files:

  • sshd.service, which keeps the SSH daemon always active and starts a new process for each incoming connection. This is especially good for systems with a lot of SSH traffic.
  • sshd.socket + [email protected], which spawn SSH daemon instances on demand for each connection. Using this model means that systemd listens on an SSH socket and starts a daemon process just to connect. This is the recommended way to start sshd in almost all cases. Removed from package.

So, if you want to use the first model (the SSH daemon is always active), type the following commands to start the service and add it to startup: They will add the SSH daemon to startup and start it right now.

For the second model (starting SSH only on demand), do the following:

To check the service status:

Or if you’re using a socket:


Note that in different distributions the service may be called ssh or sshd, so in the commands above and below, use the names:






How to check SSH service event log?

SSH events can be divided into events:

  • start and stop this service

  • events related to user connections

You can view SSH logs in different ways, one of the options (remember that in some systems the service is called ssh.service, without the letter d):

For example, to display the last 100 records:

You can also view SSH events using:

To display events related to user connections, other information, including debugging information, can be viewed as follows:

Universal command regardless of service name:

How to see failed SSH login attempts?

If login using a public key is configured, but the password login option is not disabled, then after an incorrect key, you will be able to login with a password.

Such failed password login attempts can be found using the same command:

If password login is configured, then to output failed attempts type the command:

In case of an unsuccessful login attempt due to an incorrect key, at the default verbosity level (LogLevel) (INFO), special messages are not logged. Such unsuccessful attempts can be found under the record “Connection closed by authenticating user”, but this means disconnection at the authentication stage, regardless of the method of authentication – password or key. If you set the verbosity level to VERBOSE, then you can find in the log records of failed login attempts using the public key with the following command:

An example of public key login.

How do I view the log of SSH user connections?

To show the connection when the login was done with a password

To show a public key authentication connection

Information about command line options can be seen using:

Other related articles
Found an error?
If you find an error, take a screenshot and send it to the bot.