Cloud Native / Edge / IoT / Security

Dr. Torq: Go Remote with ssh

18 Feb 2020 9:52am, by

In a networked cloud native world, we might have Linux machines operating in some far-flung location, miles away from our physical reach. Or, we could have a bunch of machines wired into our local network sitting in the same room. Either way, it’s great to be able to log into those networked devices to do upgrades, maintenance, diagnostics, run programs and so on.

The ssh (Secure Shell) command-line utility has been around for a long time. It lets you access remote Linux systems, over the network in a secure fashion. Most times you’ll use it as a standard text-based serial terminal. This is nice because even with sluggish internet connections, your command-line session is simple and uncomplicated.

Of course, you’ll want to observe standard security techniques to thwart hackers even though the ssh client is secure. I normally use it behind a firewall or on networks not exposed to the internet. For me, the program is tremendously effective at accessing servers, edge devices and multiple local “headless” machines — machines without a keyboard or screen are called headless. ssh makes it easy to talk to them. My current Linux devices either run Xubuntu (on my notebook) or Raspbian Linux (on the Pi).

Installing ssh

Many Linux distributions come with the ssh server and client programs installed by default. If not, use a regular graphical program manager (on the desktop), like synaptic, to install the applications. Alternatively, since my tutorials cover Linux command-line usage, you can use apt install, in a terminal window.

rob% sudo apt update
rob% sudo apt install openssh-server
rob% sudo apt install openssh-client

The ssh server should start by itself after installation. If not, use the service command.

rob% sudo service ssh start

Having a working ssh server lets others log into your machine. If you are running any firewall software on your device, you can open port 22 (the ssh default), to allow access. Although I have the ssh server installed on my daily driver Linux notebook, it’s typically not running. I engage it only when needed.

You don’t need any special firewall rules or a server running to log into other machines using ssh. My Raspberry Pi-based headless gadgets usually have ssh running so I can operate them remotely over my local network.

Using ssh

Any program usable in a terminal, on the remote Linux machine can also be used over the network, with ssh.

For example, say I want to edit a text file on one of my headless Raspberry Pi gadgets. I’d simply log into the Pi with the following command from my Linux notebook. Of course, you’ll need to know the remote device’s IP address and ensure that the ssh server is up and running.

rob-notebook% ssh pi@192.168.1.104

Logging into a remote Linux box over ssh

Once logged into the remote system, vi can be used to open and modify the text document. Anything you do in a terminal on the remote machine can be done using ssh over the network.

It gets better.

Any program on the remote machine will run using ssh. Obviously, the program has to be installed to work. Also, remember that you need the correct permissions to run certain programs. sudo works with ssh too, if set up.

Type “ls” and you’ll get a standard listing of the files in the current directory. Type “df -h” and you’ll get a listing of the partitions and storage devices. You can even string commands together into scripts.

Long time readers might remember me using ssh to watch real-time data stream from my Internet of Things (IoT) gadgets using the cat command. I’d remotely log into the gizmo using ssh and read the data from the sensor hooked up to the USB port. The Raspberry Pi and sensor might be in another room or even outside connected over wifi. The typical command line (executed over ssh on the IoT device) would look like the following while sitting at my Linux notebook.

pi% cat /dev/ttyUSB0

Using cat to stream data from the USB port on the PI over ssh from the Linux notebook

What About GUI Programs?

It is possible to be at your Linux notebook and run the Chromium browser remotely on your Raspberry Pi. Just add the “-X” option to ssh. Taking advantage of the Linux X-Window capabilities, the browser window will seamlessly appear on your notebook screen, even though the application is running on the Pi. Why would you do that? I don’t know, but it would work just fine.

rob-notebook% ssh -X pi@192.168.2.101

Then just run your commands as usual. In this case, you’d start the Chromium browser.

pi% chromium-browser

A somewhat more practical example might be to use a webcam application on the Pi to get a video feed from a camera. I like the luvcview application because it is lightweight and runs reliably on different versions of Linux. This is a good example because video requires a decent number of machine resources with a lot of data throughput. ssh works great without issues. Here’s the command line over ssh.

pi% luvcview -s 320x240 -d /dev/video0

Using luvcview remotely over an ssh connection

Be aware that using a normal streaming server would give much better video performance. As you increase the resolution the video lag will get progressively slower, especially on wifi. Using 100 Mb/s wired Ethernet is noticeably faster than wifi, but still not quite up to par with dedicated video streaming programs. My intention was to show that ssh puts you “virtually” on the remote machine, even for a fairly demanding job like streaming a video feed.

Going Further

One last thing that hardly anybody ever mentions is copy and paste with ssh. That’s right! You can highlight text on the remote machine’s terminal (window), right click your mouse, select the “copy” item, place your cursor anywhere on your notebook’s screen and paste the text into that location. I use it all the time to copy code snippets and data back and forth between machines.

Seems trivial right? Rest assured, it’s a huge time saver, once you start using the technique.

You now have the basics to log into a remote Linux box, using ssh. Be sure to take a look at the “ssh –help” and “man ssh” screens for listings of its many options.

Contact Rob “drtorq” Reilly for consultation, speaking engagements and commissioned projects at doc@drtorq.com or 407-718-3274.

Image by mohamed Hassan from Pixabay

A newsletter digest of the week’s most important stories & analyses.

View / Add Comments

Please stay on topic and be respectful of others. Review our Terms of Use.