Network administrators rely on Secure Shell (SSH) every day to establish secure connections over unsecured networks. The only requirement is that the computer you wish to control must be running an SSH server service. The most popular SSH service on Linux is OpenSSH.
The SSH protocol also supports port forwarding, which allows you to tunnel connections for other applications, and SSH lets web admins upload files to a web server using secure SFTP and SCP connections.
SSH typically requires a terminal window. However, as you increase the number of servers and services managed through SSH connections, you also increase the risk. In such cases, it is better not to use the same usernames and passwords for all remote systems.
For convenient access, you can instead use a graphical SSH front end that lets you store the connection data of the individual terminal devices so that manual authentication is not required. SSH graphical user interfaces (GUIs) are a valuable aid, especially if you have to maintain groups of servers on the intranet. Linux has a long history with SSH front ends. This article takes a look at Ásbrú Connection Manager, EasySSH, and PuTTY. For other options through the years, see the box entitled "Not in the Running."
|Not in the Running
|While many graphical SSH front ends have been created for Linux over the years, many of them have not been maintained for a long time. In addition to KSSH, which was developed for the KDE desktop, these include the ssh-gui and secpanel tools. While most distributions have banned ssh-gui and KSSH from their package sources by now, secpanel can still be found in the repos of Debian, Ubuntu, Fedora, and various BSD systems. However, like KSSH and ssh-gui, secpanel has not seen any updates for years, so we refrained from reviewing it.
Ásbrú Connection Manager
Ásbrú Connection Manager, a long-established free software tool, is licensed under GPLv3. The project's website provides detailed information about the installation. The routine seamlessly integrates the application into the menu structure of the existing working environment, allowing you to conveniently call Ásbrú Connection Manager with a mouse click.
The capabilities of Ásbrú Connection Manager go well beyond managing and establishing SSH connections. You can execute random commands not only when activating a configured connection, but also after terminating a session. KeePassX integration also enables management of the stored authentication data. Thanks to modern encryption methods, there are no security worries involved with this. The Ásbrú Connection Manager is also suitable for use across a proxy server and has Wake-on-LAN capabilities. Written in Perl, Ásbrú Connection Manager provides a modern tabbed interface that lets users maintain multiple connections simultaneously if needed.
At first glance, the program window's design appears to be a little unconventional and confusing (Figure 1). After launching the software, you will find a large display area for information and statistical data in the right pane. On the left, the Ásbrú Connection Manager lists the individual configured connections one below the other. At the very bottom of the window, several buttons provide quick access to the most important functions. At the top left, there are five more buttons for managing the connection entries. In addition, in the desktop environment's system tray, you will find a small icon with a network connector symbol. You can use this to control the program during a session.
The vertical pane on the left is where you create individual connections and groups. After right-clicking on the default My Connections option and then selecting Add Group in the context menu that appears, you first need to create and name a group in a separate dialog. Another right-click on the newly created group lets you add individual connections. In the context menu that opens, select the Add Connection entry and assign a meaningful name for the connection. A comprehensive settings window then appears where you can enter the parameters for opening the connection in the Connection Details tab (Figure 2).
Choose between different protocols in the Method: selection field. The graphical client can work simultaneously with a wide variety of protocols, regardless of whether the other side transmits graphical content or just a prompt. Flexible deployment in heterogeneous environments is therefore possible at any time with Ásbrú Connection Manager. In addition, there is the option to choose between conventional authentication with a username and password and using a cryptographic key pair.
After completing the basic configuration for the particular connection in the Advanced Parameters tab, you can specify commands to be executed before or after the connection is established, if necessary. Once you have set all the options, complete the entry by clicking the Save and Close button bottom right in the window.
You can now open a new tab by double-clicking on the corresponding entry on the left side of the connection bar. The Connection Manager will either open the connection automatically or you will have to enter an administrator password in a separate dialog if the connection requires specific authorizations. If this is a terminal connection, the terminal appears in its own tab in the large window pane on the right (Figure 3).
Each click on one of the preconfigured connections opens a new tab, so you can manage multiple services simultaneously by simply switching the active tab. Because the tool labels the tabs with the cleartext names you assigned during the configuration step, the individual connections can easily be identified. A tab with a green text indicates an open connection, while red text notifies you that the connection attempt failed. If your connection attempt has failed, right-click on the machine in the connection list on the left and select Edit connection from the context menu. You can then edit the configuration in the same dialog used for entering a connection.
In the Info tab on the very left in the main window pane, you will also see some statistical information for the existing connections.
Pressing the Preferences button bottom center in the program window lets you set basic options that are valid for all tabs. In different categories in the Preferences dialog, you can configure the appearance of the application and the displayed terminals, the network settings, and the size of the windows (Figure 4). You also can customize individual functions of the local shell if needed.
KeePass Integration in the left sidebar lets you to integrate the KeePassX password manager with Connection Manager so that you can access its database while working. Like in the connection settings dialog, you finish your work in the Preferences dialog by clicking on the Save and Close button located bottom right.
Network Settings lets you modify the global network settings. If necessary, you can specify a jump server that supports an automated connection via the SSH console to the individual servers on the intranet. The jump server acts much like a proxy and has the role of an intermediary between the client and the individual SSH servers.
Various keyboard mappings are predefined in Ásbrú Connection Manager for fast function calls. You can adjust them to suit your needs via Keybindings.
Once you have completed all the settings, click Save and Close to finish your work. If you want to make changes to the configuration later, you can reach the settings dialogs for the selected connection by pressing the button with the pencil icon in the top left corner of the program window.
To execute commands automatically, click the Scripts button bottom left in the program window. In the Scripts Manager that opens, create Perl scripts and modify them if needed. The developers provide documentation on the available commands and their usage directly in the window (Figure 5).
One of Ásbrú Connection Manager's particularly convenient features is its ability to group several similar servers in clusters. You then can execute the same commands simultaneously on all the servers in the cluster. You can manage the cluster shell in the Cluster Management dialog, which can be accessed by pressing the Clusters button bottom left in the main window. You can then combine the individual servers from the existing infrastructure (Figure 6).
The EasySSH project, which was launched only a few years ago, sets out to manage SSH connections in the simplest possible way.
So far, only a few distributions actually have the software in their repositories (e.g., Debian, Ubuntu, and Solus). On other Linux derivatives, you need to install EasySSH as a Flatpak, which you can pick up from the project's GitHub page. You can install it with the code in the first two lines of Listing 1. Then start the software in the terminal with the command from the last line of Listing 1.
Listing 1: Install and Start EasySSH
$ flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo $ flatpak install flathub com.github.muriloventuroso.easyssh $ flatpak run com.github.muriloventuroso.easyssh
After the call, a three-part window opens (Figure 7). The titlebar contains some controls, while a column on the left side of the window shows the target system entries. If necessary, you can divide the entries into groups to improve the overview. On the right, a large area remains free for the remote computer systems' terminals that you want to open.
To configure an initial connection to a remote SSH server, either press the Add connection button in the middle of the large pane or press the plus button in the top left corner of the titlebar. A settings dialog then appears on the right, where you can select the name of the server, its IP address, and the port. You specify the authentication data in the same dialog box. After clicking Advanced, you can configure some additional settings relating to the terminal's appearance.
After adding a new connection, you can launch it by pressing Connect. EasySSH now displays the terminal of the connected SSH server in the right window pane. At the same time, a tab appears above the large right pane. If you need to manage multiple SSH servers, you can enable additional simultaneous SSH connections; EasySSH manages these in separate tabs. This means that you can quickly switch from one server to the next without having to close and reopen connections each time.
Select the Settings entry in the hamburger menu top right to adjust EasySSH's configuration. I recommend enabling the slider for data encryption.
EasySSH not only supports username and password-based authentication but also asymmetric keys. Using a key pair with a public and a private key significantly enhances security. You can add an existing SSH key to the application by checking the Change password to key file box in the connection settings dialog. Then, in the file manager that appears, select the required
.pub public key file. This is then used in combination with the private key to authenticate the current user.
EasySSH does have a serious vulnerability: It saves all the connection data in plain text (Figure 8). The
hosts.json file contains all the access credentials including unencrypted passwords, IP addresses, and ports. In this respect, EasySSH can only be used in truly secure environments where access by unauthorized third parties can be ruled out.
PuTTY, from the Windows world, is one of the older graphical SSH front ends with more than 20 years of development. Most distributions include it in their package sources.
After starting the application, you are first taken to a configuration window where you can create a new connection. A sidebar on the left of the dialog offers numerous settings for the appearance, the terminal displayed in the application, the protocol function configuration, and the connections (Figure 9).
PuTTY not only supports SSH-based access but also insecure protocols such as Telnet and rlogin. Like EasySSH and Ásbrú˙ Connection Manager, PuTTY supports X11 forwarding: This means that you can use graphical applications on remote servers in addition to text-based ones. Once you have made the necessary settings for the target server, click Open to start the SSH session. PuTTY now opens an X terminal where you can enter the authentication data for the SSH server.
To avoid having to manually enter regularly-used connection parameters at the beginning of each session, you can save the settings you have made in profiles that you can call up again later (Figure 10). Use the first settings page, under Saved Sessions, to assign a name for the connection to be saved, then press the Save button to save the connection. The individual connections are listed in the corresponding window segment below, where you can select an entry and load it into the configuration dialog by pressing Load. Then open the session by pressing Open at the bottom of the window.
In addition to simple credentials, PuTTY also supports authentication via asymmetric encryption. You can enter the keys for the key exchange procedure in the corresponding configuration window dialogs. PuTTY additionally provides a key generator, which you run as a CLI application in the terminal on Linux. When done, integrate the generated keys into the application. Note that PuTTY uses a proprietary key format; the keys generated here cannot be used in other applications.
The graphical SSH front ends discussed in this article all do their jobs without problems, but there are significant differences in the features each front end offers (see Table 1). PuTTY shows its age visually as well as in terms of the functions it offers: You will not find tabs for open connections or integrated virtual terminal windows. In addition, accessing remote systems with hopelessly antiquated protocols such as rlogin or Telnet also seems obsolete.
|Ásbrú Connection Manager
|Multiple simultaneous connections
|Built-in virtual terminals
|Authentication via key pair
Table 1: Graphical SSH Front End Features
EasySSH lets users establish connections very quickly and without detours via detailed settings dialogs, but – as a Flatpak application – it is very slow. More importantly, EasySSH has a significant security hole caused by storing the connection data without encryption in plain text on the client, effectively inviting attackers to steal the access credentials.
Ásbrú Connection Manager offers the most balanced and state-of-art, graphical SSH front end. Its modern interface and ability to work with clusters makes Ásbrú Connection Manager the tool of choice for professional use.
This article originally appeared in Linux Magazine and is reprinted here with permission.
Want to read more? Check out the latest edition of Linux Magazine.