A Comprehensive Guide to Connecting an Ubuntu Control Node to a Managed Node via SSH
SSH (Secure Shell) is a secure protocol that allows you to connect to remote machines over a network. In this guide, we’ll walk through the complete setup to connect one Ubuntu server (Control Node) to another (Managed Node) using SSH. Along the way, we'll provide in-depth explanations of the key configuration files involved: ~/.ssh/config
and /etc/ssh/sshd_config
.
What You’ll Learn
- Setting up SSH on the Control Node and Managed Node.
- Using
hostname -I
to retrieve IP addresses. - Testing network connectivity with a 5-packet ping.
- Establishing an SSH connection.
- Configuring passwordless authentication.
- Descriptions of critical SSH configuration files.
- Security enhancements and troubleshooting tips.
Prerequisites
- Control Node: A primary Ubuntu server or workstation to control and manage other servers.
- Managed Node: A target Ubuntu server you want to access remotely.
-
User Access: Non-root user accounts with
sudo
privileges on both nodes. - Network Connectivity: Both nodes must be on the same network or reachable over the internet.
Step 1: Install OpenSSH
SSH requires OpenSSH software to enable connections. Here's what you need to install:
- Control Node: OpenSSH Client (used to initiate SSH connections).
- Managed Node: OpenSSH Server (used to accept SSH connections).
Install OpenSSH on the Managed Node
- Update the package list:
sudo apt update
- Install the OpenSSH Server:
sudo apt install openssh-server -y
- Verify the SSH service is running:
sudo systemctl status ssh
If inactive, start the service:
sudo systemctl start ssh
Install OpenSSH on the Control Node
- Update the package list:
sudo apt update
- Install the OpenSSH Client:
sudo apt install openssh-client -y
Step 2: Find the Managed Node's IP Address
On the Managed Node, retrieve the IP address using hostname -I
:
- Open a terminal and run:
hostname -I
- This command displays the IP addresses assigned to the network interfaces.
-
Example output:
192.168.1.105
- Note the IP address corresponding to the network the Control Node can access (e.g.,
192.168.1.105
).
- Note the IP address corresponding to the network the Control Node can access (e.g.,
Step 3: Verify Network Connectivity
From the Control Node, test connectivity to the Managed Node using a ping command:
- On the Control Node, run:
ping -c 5 192.168.1.105
- Replace
192.168.1.105
with the Managed Node's IP address. -
The
-c 5
option limits the ping to 5 packets.- Verify the result:
-
Successful output shows:
5 packets transmitted, 5 received, 0% packet loss
Step 4: Establish an SSH Connection
After confirming connectivity, establish an SSH connection from the Control Node to the Managed Node.
- On the Control Node, run:
ssh username@192.168.1.105
- Replace
username
with the username of the account on the Managed Node. -
Replace
192.168.1.105
with the Managed Node's IP address.- Accept the server's host fingerprint:
The authenticity of host '192.168.1.105 (192.168.1.105)' can't be established.
RSA key fingerprint is SHA256:...
Are you sure you want to continue connecting (yes/no)?
Type yes
and press Enter.
- Enter the password for the user account on the Managed Node when prompted.
Step 5: Set Up Passwordless Authentication
For easier and more secure access, configure SSH key-based authentication.
Generate an SSH Key Pair
- On the Control Node, generate an SSH key pair:
ssh-keygen
- Press Enter to accept the default file location (
~/.ssh/id_rsa
). - Optionally, set a passphrase for added security.
Copy the Public Key to the Managed Node
- Use the
ssh-copy-id
command:
ssh-copy-id username@192.168.1.105
- Replace
username
and192.168.1.105
as appropriate. -
Enter the password when prompted.
- Test the connection:
ssh username@192.168.1.105
- You should now log in without entering a password.
Step 6: Understanding SSH Configuration Files
1. ~/.ssh/config
(Control Node)
This file allows you to simplify SSH commands and manage multiple connections.
-
Location:
~/.ssh/config
(in the home directory of the Control Node user). -
Usage:
- Open the file for editing:
nano ~/.ssh/config
- Add an entry for the Managed Node:
Host managed-node HostName 192.168.1.105 User username IdentityFile ~/.ssh/id_rsa
- Save and exit.
-
Benefits:
- Allows you to connect using a simple alias:
ssh managed-node
2. /etc/ssh/sshd_config
(Managed Node)
This file controls the SSH Server configuration.
-
Location:
/etc/ssh/sshd_config
(on the Managed Node). -
Usage:
- Edit the file:
sudo nano /etc/ssh/sshd_config
- Common configurations:
- Disable root login:
PermitRootLogin no
- Change the default SSH port:
Port 2222
- Save and restart SSH:
sudo systemctl restart ssh
-
Connecting After Changing the Port:
- On the Control Node, use the
-p
option:
ssh -p 2222 username@192.168.1.105
- On the Control Node, use the
Step 7: Enhancing Security
-
Restrict Access by IP Address:
- On the Managed Node, allow SSH access only from the Control Node's IP:
sudo ufw allow from 192.168.1.100 to any port 22
-
Set Idle Timeout:
- In
/etc/ssh/sshd_config
, add:
ClientAliveInterval 300 ClientAliveCountMax 0
- Restart SSH:
sudo systemctl restart ssh
- In
Step 8: Troubleshooting Tips
-
SSH Connection Refused:
- Ensure the SSH Server is running:
sudo systemctl start ssh
-
Host Key Verification Failed:
- Remove the old key:
ssh-keygen -R 192.168.1.105
-
Firewall Blocking SSH:
- Allow SSH through the firewall:
sudo ufw allow ssh
Conclusion
By following this guide, you’ve learned how to connect an Ubuntu Control Node to a Managed Node via SSH. We covered everything from installation and configuration to passwordless login, security best practices, and troubleshooting. Now you’re ready to manage your servers effectively!
Top comments (0)