Setting up SSH, network diagnostics using ping, netstat, dig

1. Setting up an SSH Server

Welcome to a hands-on dive into Linux's networking capabilities. Today, it's time to put our skills to the test! You'll learn how to set up an SSH server, connect to it using a client, diagnose the network with the most popular commands, and check port availability. Let's feel like real network engineers!

SSH (Secure Shell) is a tool for secure remote access to a server. It lets you connect to a server, manage it as if you're sitting right in front of it, and transfer files as well.

Step 1: Installing the SSH Server

First, let's install the SSH server. If you're using Ubuntu or Debian, run the following command:

sudo apt update
sudo apt install openssh-server -y

If you have Fedora or CentOS:

sudo yum install -y openssh-server

After installation, make sure the SSH service is running:

sudo systemctl start ssh
sudo systemctl enable ssh  # So SSH starts automatically when the system boots
sudo systemctl status ssh  # Check the service status

If everything went well, you'll see the service is running.

Step 2: Configuring the SSH Server

The SSH server's configuration file is located at:

sudo nano /etc/ssh/sshd_config

Some of the useful parameters:

• PermitRootLogin no — disallow login as the root user.
• PasswordAuthentication yes — enable password authentication.
• PubkeyAuthentication yes — enable key-based authentication.

After making changes, restart SSH:

sudo systemctl restart ssh

Now the server is ready to accept connections.

Step 3: Connecting to the Server via SSH

From another machine (or from your local machine via localhost), try connecting:

ssh your_username@your_server_ip

If you're working locally, replace your_server_ip with 127.0.0.1. Enter your user's password, and you'll find yourself inside the system through the terminal.

---

2. Setting Up Authentication with Keys

Password authentication is convenient, but for security reasons, using SSH keys is the best option.

Step 1: Generating SSH Keys

On your client machine, run the following command:

ssh-keygen

You'll be asked where to save the keys. By default, they will be stored in the ~/.ssh/ directory. Just press Enter.

Step 2: Copying the Key to the Server

Copy the public key to the server:

ssh-copy-id your_username@your_server_ip

Now you'll be able to connect without entering a password:

ssh your_username@your_server_ip

If everything is set up correctly, congrats! Your SSH server is now secured with key-based authentication.

---

3. Network Diagnostics with ping

We’re already familiar with this command. Let’s quickly check the availability of our SSH server.

ping -c 4 your_server_ip

You should see a response from the server. If there’s no response, check if the server is running and properly configured.

---

4. Checking DNS using nslookup and dig

If your server has a domain name, you can check its functionality through DNS. For example:

The nslookup command:

nslookup your-domain.com

You should see the IP address corresponding to your domain.

The dig command:

Now let's try to get the full set of information:

dig your-domain.com

You will see a bunch of data, but what we're interested in is the line with the ANSWER SECTION where the IP address will be specified.

---

5. Analyzing network connections with netstat and ss

The SSH server listens on port 22 by default. Let’s check that using netstat:

sudo netstat -tln | grep 22

Or by using ss, a more modern tool:

sudo ss -tln | grep 22

If you see that port 22 is "LISTEN" (waiting for connections), the server is ready to accept clients.

---

6. Checking Port Availability with nc

The netcat command (or nc) lets you test port availability. Let's try connecting to our SSH server:

nc -zv your_server_ip 22

You should see a message like "Connection to your_server_ip 22 port [tcp/ssh] succeeded!".

If the connection failed, it could mean the port is blocked by a firewall or the server isn't listening on the specified port.

---

7. Practical Task

Let's put everything together in one practical scenario. Here's what you'll need to do:

1. Enable SSH on your machine or virtual environment, like WSL2.
2. Generate keys and set up key-based authorization (disabling passwords).
3. Connect to the server via SSH.
4. Use ping to check the server's availability.
5. Use nslookup and dig to check IP address resolving (if you have a domain name).
6. Check port 22 on the server using netstat, ss, and nc.

---

Now you're ready not only to set up remote access but also to troubleshoot network issues, diagnose the server, and secure it like a real pro! You're already on your way to being called a Linux guru.