What is SSH?
Secure Shell (SSH) is a powerful tool that can be used to command your web server remotely. In other words, instead of having to physically operate your server, you can use SSH to execute commands on the server from the comfort of your home computer. As such, SSH can be used to control and modify your web server across the Internet, regardless of where you and your server are located. It is thus possible to lease a Thailand dedicated server all the way across the world and operate it as you would a physical server in your possession.
One of the greatest advantages of SSH is its use of encryption to transmit information. Earlier protocols such as Telnet did not encrypt the connection, putting your information at risk of being tapped on by a third party. This security issue is eliminated in the SSH protocol, which uses three different encryption technologies to secure your data – symmetrical encryption, asymmetrical encryption and hashing.
Getting SSH Permissions
Of course, even with advanced encryption, it could still be possible for someone else to log in to SSH as long as they have your login information. Thus, there are measures in place to prevent just anyone from gaining access to shell commands on your server. To get started with SSH on your dedicated server in Thailand, you first need to ensure that your hosting account has been granted SSH access and that your IP address is allowed through the server’s firewall. You may be able to verify SSH permission through your cPanel if the option is there. If not, try contacting your web host provider to see if they can enable SSH access for you.
Most servers will have a firewall in place as a security measure, blocking remote access from any IP address not in their whitelist. As such, you may need to add your IP address to the whitelist, which can be done through your cPanel. If you are on a dynamic IP or plan to log in from a different network later on, you will also have to whitelist the relevant IP addresses. A connection from an IP address not in the whitelist will be denied access by the host server.
Launching Your SSH Client
If you are using a macOS or Linux terminal, simply launch a terminal window to use SSH. Windows users can do the same with PowerShell if you have OpenSSH available. Alternatively, you can opt to use a third-party SSH client such as PuTTY, which is a popular free and open-source software.
You will need a hostname, username and password to log in to SSH. Generally, the hostname should be your server’s IP address, and the username and password your cPanel login information. You may also have access to the root user, which is the system administrator and has all permissions on the server. Different web hosts may have different configurations though, so be sure to check the details for SSH access on your host. SSH runs on port 22 by default, but this can be changed on your server.
The command to begin SSH follows the format “ssh user@host”, where “ssh” is the signal that you are inputting an SSH command, “user” is your username and “host” is the domain or IP address of the server you are logging into. Upon connection, PuTTY may open a security alert box prompting you to confirm that you trust the host. Double check that the hostname matches that of your server, then accept and continue.
Next, you will then be prompted for the password. Don’t worry if nothing appears on the screen when you type the password, as the password is hidden by default for security reasons. Once you are done, simply hit enter and the server will attempt to log you in. The host will confirm that your account has been granted SSH access, your IP is in the whitelist and your password is correct.
SSH Key Pairs
An alternative to using a password for authentication is to generate a key pair, consisting of one private and one public key. This can be done through your cPanel. The keys are saved in a file that can be stored locally on a disk and sent to the server for authentication. SSH key pairs are generally believed to be more secure than a password, because passwords can still be brute-forced but it is much harder to obtain both keys without the file.