How to access remote systems over Meshnet using SSH
Discover the best practices for accessing remote systems securely over Meshnet using SSH, including key-based authentication.
Introduction
With the advancement of technology, remote system management has become crucial in today's digital landscape. Secure Shell (SSH) is a popular choice when it comes to accessing remote servers, desktop computers, and devices like Raspberry Pi due to its flexibility and efficiency. While the client-server architecture of SSH makes communication between devices secure, it is not completely risk free, especially if you rely on password authentication.
Used in conjunction with Meshnet, the SSH method can be as safe as physically accessing the server. Not only does Meshnet save time and travel costs, allowing you to connect directly to your remote device, but it also protects your SSH connection. Using an SSH key pair to authenticate your identity provides an additional layer of security by reducing the risk of password-based attacks.
This article explains what an SSH connection is, how it can be established via Meshnet, and how you can generate an SSH key pair to additionally protect the connection.
What is SSH?
SSH is a command-line access method that lets you log in to another computer, execute commands, and transfer files between computers.
Being a lightweight protocol, SSH is typically used for remote server administration and is especially prevalent in the Linux infrastructure.
Using SSH on Linux, Windows, and macOS
While SSH is mostly used for controlling Linux machines, both Windows and macOS can also be accessed using this method. All three operating systems employ an open-source implementation of SSH tools called OpenSSH server.
Enable SSH access
To make your device accessible via SSH, you need to install and enable the OpenSSH server software.
To install SSH server on Linux:
Open the terminal and install the SSH server by running this command:
sudo apt update && sudo apt install openssh-serverOnce the installation is complete, confirm that the SSH service is running by checking its status. The output should tell you that the service is active. Run the following command:
sudo systemctl status sshTo prevent the firewall from blocking your remote connection, open the SSH port by typing:
sudo ufw allow ssh
You can now connect to your Linux system via SSH from any remote device over Meshnet.
To enable SSH on Windows, complete the following steps:
Open Settings and select System > Optional features.
Click View features.
In the search field, type in
OpenSSH, select the OpenSSH Server checkbox, and click Next.
Click Add.
Once the installation is finished, open PowerShell as an administrator by pressing the Windows
key + R, typing in powershell, and pressing Ctrl + Shift + Enter.Run the following command to start the OpenSSH server process:
Start-Service sshdEnsure the SSH service is enabled each time you reboot your computer using this command:
Set-Service -Name sshd -StartupType 'Automatic'
You can now connect to your Windows machine via SSH from any remote device over Meshnet.
To connect to your Mac using SSH, you need to enable remote login in your system settings.
Choose the Apple menu
> System settings > General, and click Sharing.Under Advanced, turn on the Remote login toggle.
If needed, select the Info
and turn on the Allow full disk access for remote users option.Optionally, specify which users can log in.
You can now connect to your Mac via SSH from any remote device over Meshnet.
Connect to your remote computer through SSH
Before attempting to connect, ensure you have the correct username for the remote computer account.
Tip
To view your username, run the following command in Command Prompt (on Windows) or Terminal (on Linux or macOS):
whoamiTo access your remote system via SSH from a desktop device:
Open Command Prompt (on Windows) or Terminal (on Linux or macOS).
Enter the following command, where
<username>is your remote PC account name and<server>is the Nord name or Meshnet IP of the computer you want to access:ssh <username>@<server>Example
or
The first time you connect, you will be asked to verify the authenticity of the server. This message is displayed to make sure you’re connecting to the correct remote server. Type
yesto continue, as shown:
Enter the password for the specified username.
You should now be connected to your remote device using SSH.
To access your remote system via SSH from an Android device:
Download and install the ConnectBot SSH client from the Google Play Store.
Open ConnectBot.
Tap the plus (+) button to add a host device.
Under Protocol, enter the following information, where
<username>is your remote PC account name and<server>is the Nord name or Meshnet IP of the computer you want to access.<username>@<server>Example
Tap the plus (+) button in the upper-right corner.
Select the newly added host device to initiate a connection.
Enter the password for the specified username.
You should now be connected to your remote device using SSH.
To access your remote system via SSH from an iOS device:
Download and install the WebSSH application from the Apple App Store.
Open WebSSH.
To add a new host device, tap the empty area of the main screen or the plus button in the upper-right corner.
Specify the following information:
In the Host field, enter the Nord name or Meshnet IP of the remote PC.
In the User field, enter the account name of the remote computer.
In the Password field, enter the authentication password of the user account.
Example
Tap the check mark button in the upper-right corner.
From the main application screen, tap the newly added device to initiate a connection.
Tap Continue to confirm the host key fingerprint.
You should now be connected to your remote device using SSH.
Configuring SSH keys
An SSH key is a cryptographic key that is used for user authentication while establishing an SSH connection. It increases the security of SSH connections and allows for efficient automation, as it doesn't require human intervention for authentication.
Generate an SSH key
To use key-based authentication, you first need to generate a key pair on the device from which you will be making an SSH connection.
Run the following command in Command Prompt (on Windows) or Terminal (on Linux or macOS):
ssh-keygenPress Enter to keep the default file location.
For additional security, you can choose a custom password. Otherwise, press Enter.
A pair of keys (private and public) will be generated with the same id_rsa name. However, the public key can be distinguished from the private key by its file extension, which is .pub.
Copy your public SSH key to a remote device
To use SSH keys for authentication, you need to copy the public key of your device to the device you will be accessing. For example, if you are using Windows and want to connect to a Linux server, you need to copy the public SSH key of the Windows device to the Linux machine.
When establishing an SSH connection, the public key is matched with the private key to authorize the connection.
Allow SSH key authentication on Windows
To connect to a Windows device using an SSH key, you must first enable public key authentication. Otherwise, you will be asked to enter the SSH password even after sharing the public key.
On the remote device that you will be accessing, take the following steps:
Open PowerShell as an administrator.
Navigate to the
sshfolder by using thecdcommand:cd C:\ProgramData\sshRun the following command to create a new
administrators_authorized_keysfile which will store the public keys of the connecting devices:New-Item -ItemType File -Name administrators_authorized_keysUpdate the permissions to the newly created file with the following command:
icacls administrators_authorized_keys /inheritance:r /grant "Administrators:F" /grant "SYSTEM:F"Run the command below to open the
sshd_configfile:notepad sshd_configLocate and uncomment the
PubkeyAuthentication yesline by removing the hash (#) symbol at the start.
Press Ctrl + S to save changes and exit Notepad.
To exchange the SSH public key, follow these steps on the device from which you want to establish an SSH connection:
Open PowerShell.
Depending on the device that you will be accessing, run the following appropriate commands, where
<username>is the username of the remote device's account and<server>is the remote device’s Nord name or Meshnet IP.If you're copying your SSH key to a Linux or a macOS device, use this command:
type $env:userprofile\.ssh\id_rsa.pub | ssh <username>@<server> "cat >> .ssh/authorized_keys"Example
type $env:userprofile\.ssh\id_rsa.pub | ssh [email protected] "cat >> .ssh/authorized_keys"If you're copying your SSH key to a Windows device, use the following three commands:
$PublicKey = Get-Content "$env:userprofile\.ssh\id_rsa.pub" $CopyKey= "echo $PublicKey >> %programdata%\ssh\administrators_authorized_keys" ssh <username>@<server> $CopyKeyExample
$PublicKey = Get-Content "$env:userprofile\.ssh\id_rsa.pub" $CopyKey = "echo $PublicKey >> %programdata%\.ssh\administrators_authorized_keys" ssh [email protected] $CopyKey
If prompted, type in yes and press Enter to confirm the key fingerprint.
Enter the remote device’s account password and press Enter.
To exchange the SSH public key, follow these steps on the device from which you want to establish an SSH connection:
Open Terminal.
Run the following command, where
<username>is the username of the remote device's account and<server>is the remote device’s Nord name or Meshnet IP:ssh-copy-id <username>@<server>Example
ssh-copy-id [email protected]If prompted, type in
yesand press Enter to confirm the key fingerprint.
Enter the remote device’s account password and press Enter.
You will see a message that the key has been added.
Once the SSH key exchange is complete, you can use the same format to establish an SSH connection to the remote device:
ssh <username>@<server>However, you will not be prompted to enter a password unless you choose a passphrase while generating the SSH key. And now you can securely access your remote device via SSH over Meshnet.
(Showcase) SSH connection using Visual Studio Code
A tool that is often used by beginners and novices alike for SSH connection is Visual Studio Code (VS Code). At its core, VS Code is an integrated development environment (IDE). However, with the help of a vast marketplace, it can be used as a powerful tool for remote server management.
Install VS Code
You can download VS Code for Windows, macOS, and Linux from the VS Code downloads page. Choose the file appropriate for your operating system and install the app.
Install the SSH extension
Once you have installed VS Code, you need to install an extension that will allow you to establish SSH connections to remote devices.
Launch VS Code.
From the left sidebar, select Extensions.
In the search field, type in
Remote - SSHand select the corresponding option.
Click Install.
Add a new SSH host device
Next, create a new entry in your system's SSH configuration file for the remote device you want to access directly from the VS Code app. This saved information enables VS Code to display all configured host devices, allowing you to quickly connect to any of them.
From the left sidebar, select the Remote explorer tab.
Next to SSH, click New remote.
In the text field, type in the command to access the remote device using SSH. Example
See the Connect to your remote computer through SSH section above for more details.
Select in which SSH configuration file the connection should be saved.
VS Code should prompt a notification that the host has been added.
Establish the SSH connection
Finally, you can connect to the added host device using the Remote - SSH extension.
In the Remote explorer tab, under SSH, locate your newly added connection.
Click Connect in current window.
Select the operating system of the remote device and, if prompted, click Continue to confirm the device fingerprint.
Enter the password of the remote user account and press Enter.
The first connection may take some time, while the relevant packages are installed. After that, you can control the remote device's CLI and navigate its directories using VS Code.
Last updated
Was this helpful?