🔗 Accessing Linux System: SSH Clients & Remote Access
xuống đọc chỗ preference cho đỡ tốn time nếu muốn
🎯 Overview
Truy cập Linux system từ xa là kỹ năng quan trọng cho DevOps engineers. Bài này sẽ hướng dẫn:
- Cài đặt và sử dụng PuTTY
- So sánh các SSH clients khác nhau
- Best practices cho remote access
🖥️ SSH (Secure Shell) Fundamentals
SSH là gì? SSH Architecture: 🔧 Installing PuTTY (Windows)
Method 1: Official Download # 1. Visit PuTTY official website
https :// www . putty . org /
# 2. Download PuTTY installer
# Choose: putty-64bit-X.XX-installer.msi
# 3. Run installer as Administrator
Right-click → "Run as administrator"
# 4. Follow installation wizard
- Accept license
- Choose installation directory : C :\ Program Files \ PuTTY \
- Select components : Full installation
- Create desktop shortcut : Yes
Method 2: Chocolatey (Package Manager) # Install Chocolatey first (if not installed)
Set-ExecutionPolicy Bypass -Scope Process -Force
iex (( New-Object System . Net . WebClient ). DownloadString ( 'https://community.chocolatey.org/install.ps1' ))
# Install PuTTY via Chocolatey
choco install putty -y
# Verify installation
putty - -version
Method 3: Windows Package Manager (winget) # Check if winget is available
winget - -version
# Install PuTTY
winget install - -id = PuTTY . PuTTY -e
# Verify installation
where putty
Method 4: Portable Version # Download portable version
# No installation required
# Just download putty.exe and run directly
# Create folder structure:
C :\ Tools \ PuTTY \
├── putty . exe
├── puttygen . exe
├── pageant . exe
└── pscp . exe
⚙️ PuTTY Configuration
Basic SSH Connection Setup: Advanced PuTTY Settings: Saving Connection Profiles: 🔑 SSH Key Authentication with PuTTY
Generate SSH Key Pair: Deploy Public Key to Linux Server: # On Linux server
-p ~/.ssh
700 ~/.ssh
# Add public key to authorized_keys
~/.ssh/authorized_keys
# Paste the public key from PuTTYgen
# Set correct permissions
600 ~/.ssh/authorized_keys
lelongc:lelongc ~/.ssh/authorized_keys
🌐 SSH Clients Comparison
Windows SSH Clients:
Client
Free
GUI
Features
Best For
PuTTY ✅
✅
Basic, Reliable
Beginners
Windows Terminal ✅
✅
Modern, Tabs
Windows 10/11
MobaXterm 🔄
✅
X11, SFTP, Plugins
Advanced users
SecureCRT ❌
✅
Professional, Scripts
Enterprise
Bitvise SSH Client ✅
✅
File transfer, Tunneling
File management
WSL ✅
🔄
Native Linux
Developers
macOS SSH Clients:
Client
Cost
Type
Features
Rating
Terminal (built-in) Free
CLI
Native SSH
⭐⭐⭐⭐⭐
iTerm2 Free
CLI+
Tabs, Split panes
⭐⭐⭐⭐⭐
SSH Config Free
CLI
Config management
⭐⭐⭐⭐
Royal TSX $40
GUI
Multi-protocol
⭐⭐⭐⭐
Termius $10/mo
GUI
Cloud sync
⭐⭐⭐⭐
Linux SSH Clients:
Client
Type
Package
Features
OpenSSH CLI
openssh-client
Standard, Powerful
GNOME Terminal GUI
gnome-terminal
GTK-based
Konsole GUI
konsole
KDE terminal
Terminator GUI
terminator
Split terminals
Remmina GUI
remmina
Multi-protocol
Windows 10/11 Modern Approach: Windows Terminal + OpenSSH: # 1. Install Windows Terminal (Microsoft Store)
# 2. Enable OpenSSH Client
Add-WindowsCapability -Online -Name OpenSSH . Client ~~~~ 0 . 0 . 1 . 0
# 3. Generate SSH key
ssh-keygen -t rsa -b 4096 -C "lelongc@windows"
# 4. Copy public key to server
type $env:USERPROFILE \. ssh \ id_rsa . pub | ssh lelongc @server "cat >> ~/.ssh/authorized_keys"
# 5. Connect via SSH
ssh lelongc @192 . 168 . 1 . 100
Windows Terminal Configuration: {
"name" : "Linux Server" ,
"commandline" : "ssh lelongc@192.168.1.100" ,
"icon" : "🐧" ,
"tabTitle" : "Production Server" ,
"startingDirectory" : "%USERPROFILE%"
}
macOS Setup: # 1. Open Terminal (built-in)
# 2. Generate SSH key
-t rsa -b 4096 -C "lelongc@mac"
# 3. Add key to SSH agent
~/.ssh/id_rsa
# 4. Copy key to server
lelongc@192.168.1.100
# 5. Create SSH config
~/.ssh/config
# SSH Config example:
production
HostName 192 .168.1.100
User lelongc
Port 22
IdentityFile ~/.ssh/id_rsa
ForwardAgent yes
# 6. Connect using alias
production
Linux Setup: # 1. Install SSH client (usually pre-installed)
apt update
apt install openssh-client
# 2. Generate SSH key
-t rsa -b 4096 -C "lelongc@linux"
# 3. Copy key to server
lelongc@192.168.1.100
# 4. Test connection
lelongc@192.168.1.100
🔧 Advanced SSH Configuration
SSH Config File (~/.ssh/config): # Global settings
*
ServerAliveInterval 60
ServerAliveCountMax 3
Compression yes
ControlMaster auto
ControlPath ~/.ssh/master-%r@%h:%p
ControlPersist 5m
# Production servers
prod-web
HostName 10 .0.1.10
User lelongc
Port 22
IdentityFile ~/.ssh/prod_rsa
ForwardAgent yes
LocalForward 8080 localhost:80
prod-db
HostName 10 .0.1.20
User dbadmin
Port 2222
IdentityFile ~/.ssh/prod_rsa
ProxyJump prod-web
# Development servers
dev-*
User lelongc
Port 22
IdentityFile ~/.ssh/dev_rsa
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
dev-web
HostName 192 .168.1.100
dev-db
HostName 192 .168.1.101
SSH Tunneling Examples: # Local port forwarding (access remote service locally)
-L 8080 :localhost:80 lelongc@webserver
# Now access http://localhost:8080 → remote:80
# Remote port forwarding (expose local service remotely)
-R 9090 :localhost:3000 lelongc@jumpserver
# Remote users access jumpserver:9090 → local:3000
# Dynamic port forwarding (SOCKS proxy)
-D 1080 lelongc@server
# Configure browser to use localhost:1080 as SOCKS proxy
# X11 forwarding (run GUI apps remotely)
-X lelongc@server
# Opens Firefox on remote server, displays locally
🛡️ Security Best Practices
SSH Server Hardening: # Edit SSH daemon config
nano /etc/ssh/sshd_config
# Security settings:
2222 # Change default port
no # Disable root login
no # Key-only authentication
yes # Enable key auth
3 # Limit login attempts
300 # 5-minute timeout
2 # Max missed heartbeats
lelongc # Whitelist users
root # Blacklist users
2 # SSH version 2 only
# Restart SSH service
systemctl restart sshd
Client Security: # SSH client security
# ~/.ssh/config
*
HashKnownHosts yes # Hash known hosts
VerifyHostKeyDNS yes # Verify via DNS
StrictHostKeyChecking ask # Confirm new hosts
UserKnownHostsFile ~/.ssh/known_hosts
VisualHostKey yes # Show ASCII art fingerprint
# Key permissions
700 ~/.ssh # SSH directory
600 ~/.ssh/id_rsa # Private key
644 ~/.ssh/id_rsa.pub # Public key
600 ~/.ssh/authorized_keys # Authorized keys
600 ~/.ssh/config # SSH config
🚀 Quick Reference for lelongc
PuTTY Quick Start: Modern Windows (Recommended): # Install Windows Terminal + OpenSSH
winget install Microsoft . WindowsTerminal
ssh lelongc @server
Key Commands: # Generate key
-t rsa -b 4096
# Copy key to server
user@server
# Connect with tunnel
-L 8080 :localhost:80 user@server
# Config file location
# Linux/Mac
\. ssh\c onfig # Windows
Troubleshooting: # Test connection
-vvv user@server
# Check SSH service
systemctl status sshd
# Verify key permissions
-la ~/.ssh/
💡 Pro Tips for lelongc
Productivity Hacks: # SSH aliases in ~/.bashrc
alias prod = 'ssh production'
alias dev = 'ssh development'
alias stage = 'ssh staging'
# SSH connection sharing (faster subsequent connections)
auto
~/.ssh/master-%r@%h:%p
5m
# Jump through bastion host
-J bastion.company.com internal.server.com
Common Issues & Solutions:
Problem
Solution
"Permission denied"
Check key permissions chmod 600 ~/.ssh/id_rsa
"Connection refused"
Verify SSH service: sudo systemctl status sshd
"Host key verification failed"
Remove old key: ssh-keygen -R hostname
"Too many authentication failures"
Use -o IdentitiesOnly=yes
"Connection timeout"
Check firewall/port forwarding
File Transfer with SSH: # SCP (Secure Copy)
file.txt user@server:/path/to/destination
-r folder/ user@server:/path/to/destination
# SFTP (interactive)
user@server
localfile.txt
remotefile.txt
exit
# Rsync over SSH (efficient)
-avz -e ssh folder/ user@server:/backup/
Remember: SSH là cửa ngõ chính để quản lý Linux servers.