How to SSH on Linux from Android
How to SSH on Linux from Android
Like it’s mentioned in the title, we’re going to setup an SSH connection to our Linux server from an Android phone. Meaning that with this setup, we’ll be able to access our Linux servers, from an SSH Android client app from within the LAN network and also remote servers – like cloud servers. Also, we’ll cover the steps of creating the SSH keys and installing those on our server as well. In order to set this all up, you already need to have an access to the server you wish to enable SSH access.
SSH setup on the server
Like stated earlier, first you need to already have access to your Linux server and also be able to use the terminal as well. Another important piece for this setup is that your server has an SSH server installed. On some distros, SSH server comes installed by default. But, if you don’t have an SSH server installed, you can install OpenSSH server for an example. Commands to install OpenSSH server on Debian/Ubuntu based distros:
sudo apt update && sudo apt upgrade -y sudo apt install openssh-server
Verify that the SSH service has started and is running:
sudo systemctl status ssh.service
Output for SSH service status:
If the service is not running, then run these commands to start the service and also to enable the auto start on system startup:
sudo systemctl enable ssh sudo systemctl start ssh
Another important part of this setup is that if you have a firewall installed on your server. You then need to configure the firewall to allow the SSH traffic on it. An example, if you use the ufw firewall on the server then you need to run this command to allow the SSH connection from your Android phone or any other SSH client:
sudo ufw allow ssh
SSH Android client setup
Once the SSH server is installed and the service is running, you can already use the SSH connection and remote in on your linux servers within the LAN network and cloud servers as well. By default, SSH service on the server sets up the authentication with the user name and password. If you plan only accessing the server within the LAN network, this could suffice for you. If you need to add SSH keys from your Android as well, the continue reading.
My Android SSH client app of choice is JuiceSSH. It’s first of all, free to download from the Play store, it has plenty of features, supports all SSH encryptions, it has a built in keyboard for special functions and keyboard shortcuts, and it does not limit number of connections. For this tutorial, we’ll be using the JuiceSSH as an example. Other Android SSH clients works pretty much the same, if you prefer others.
Settting up the connection and user account
When you start the app, open the first option – Connections(manage your connections).
Under connections – all your connections to the servers are stored. We’re going to create a new one but before that we need to setup an identity, aka the user account for the SSH connection. Swipe left to the identities tab.
Nickname is optional. Under username, set the user account you’re going to use to connect and login on your server. Of course, username needs to match an existing account on your server such as – root. Set password is also optional. If you don’t want to be prompted for the password each time you want to connect, set it and the app will save the password. Private key will be covered in the next paragraph.
Once you created the user for the app, return to the connections tab and create a new connection. Nickname again is optional, but can be useful if you have more than one server to connect. Type is of course SSH. Address is the IP address of your server, if it’s from LAN network, then you need to type in the local IP address of your server. For this case scenario it’s a good option to set a static IP address on your server.
But, if you want to connect to a cloud server, then you need to add the public IP address of your server. And for last, you need to choose the identity or user account you’re going to use to access the server. After that, you need to be able to connect to your server. So, so far this SSH connection setup will work on and you can connect but this is without SSH key on your Android phone.
If you want to add more secure connection to your server and install SSH keys, especially if you need to connect to a remote cloud server, then please continue reading. It is highly recommended to add SSH keys to your remote servers.
Generating SSH keys
Please note, be careful with the next steps, otherwise, you could end up locking your self out of the server. On the JuiceSSH app we need to generate the SSH keys for the account we are going to use.
In the app navigate the identities tab again, hold the finger on the identity for which you want to generate the ssh keys, until the popup menu shows up and select the option edit.
Then, click on the – UPDATE/CLEAR button right next to the Private key label. But, if you’re creating a new identity/user for the first time – then the button will say – SET right next to the Private key label.
Once you get the keys menu, navigate to the generate tab. Key format choose RSA. Key strength choose at least 2048bit or better 4096bit. Passphrase is optional but it’s an extra layer of security, so it won’t hurt to add that as well if you want. Click OK when you finish and save the change. It’ll take a minute for the keys to generate.
Next step, while still in the app – hold the finger again on the identity and this time select the option the – Export the public key and copy it. Take a good note of it and save it.
JuiceSSH will now use newly generated every time for that account.
Installing SSH keys
Now onto to the server again. Now we need to add that new public key we just created and copied it. Open the terminal and navigate to the user’s .ssh folder and edit the authorized keys file. If the file does not exist, then create it. You can do both with this command:
sudo nano .ssh/authorized_keys
In this file paste in your key, save the file and exit.
Next, we are going to change the SSH server configuration. In there, we need to tell the server the use authorized_keys file and to read our SSH keys.
PLEASE NOTE AGAIN
Usually, what is a suggested option and more secure is to disable the default password login option(in order to prevent brute force attacks on our server) and to enable to login only with the SSH keys. Before finishing the configuration, review everything you’ve done and be cautious in order not to lock yourself out of the server. Of course it’s not end of the world if you get locked out, it can just get a bit more inconvenient to correct the changes. With servers on LAN you access them directly/psychically and correct the changes and now Cloud providers, provide their users in the dashboard with a virtual terminal with a direct access to your server and with that you can correct the changes as well. But, if you don’t have this type of scenario and only have option to remote in to your remote server via SSH, be careful.
SSH server configuration
Now navigate to the SSH server configuration and make the changes like shown below:
Command for the SSH server config:
sudo nano /etc/ssh/sshd_config
Then search and uncomment the following options and edited to look like this:
PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 PasswordAuthentication no
After you made the changes, save the configuration and restart the SSH service for the changes to apply.
sudo systemctl restart ssh
After that, you should be able to login via SSH connection to your linux server from your Android phone using SSH keys.
Here are couple of pictures on how the successful ssh connection looks like:
This was the setup process for SSH connection to a linux server for your Android phone. With this setup, you should be able to connect to your servers via SSH from your Android.
Thank you very much for your time…