What is SSH and How Does It Work?
SSH (Secure Shell) is a powerful tool that lets you securely connect to another computer over a network. Imagine you have a computer in the moon and need to access a server in another city or country.
Instead of physically going there, SSH allows you to control that server remotely, as if you were sitting right in front of it.
With SSH, you can:
- Run programs on the remote computer.
- Manage files and fix issues from afar.
- Securely transfer files between your local computer and the remote one.
The best part? SSH is encrypted—it secures everything you send, meaning no one can intercept or read your data.
Even if someone tries to hack the connection, all they’ll see is scrambled information.
In simple terms, SSH creates a safe bridge between your computer and a remote server, allowing you to work just like you’re sitting right there, no matter how far away the machine is.
Table of Contents
Understanding the Basics of SSH Commands
Here’s a quick breakdown of how SSH commands work:
ssh [options] [user@]hostname [command]
- user@: (Optional) Username on the remote machine. If you don’t specify it, SSH uses your local username.
- hostname: IP address or domain name of the remote server.
- command: (Optional) The specific command you want to run on the remote server.
Examples:
- Basic Connection To connect to a remote server:
ssh user@remote-server - Specifying a Custom Port If your server uses a non-standard port (other than 22):
ssh -p 2222 user@remote-server - Running a Command Remotely You can run a single command on the remote server and get the result back:
ssh user@remote-server 'ls -l /var/www' - Passwordless Login (Using SSH Keys) To avoid typing your password every time, set up SSH keys for authentication:
- Generate a Key Pair:
ssh-keygen -t ed25519 - Copy the Key to the Server:
ssh-copy-id user@remote-server
Now, you can log in without entering a password.
See also: Mastering the Linux Command Line — Your Complete Free Training Guide
- Generate a Key Pair:
- Simplifying Connections with SSH Config File You can make connecting to frequently used servers easier by configuring them in
~/.ssh/config:Host myserver
HostName 192.168.1.10
User user
Port 2222
IdentityFile ~/.ssh/mykeyNow, to connect, you just type:
ssh myserver
Advanced SSH Features and How to Use Them
- SSH Tunneling (Port Forwarding) SSH lets you securely access services behind firewalls using port forwarding. Here are three types:
- Local Port Forwarding (Access Remote Services Locally): Forward port 8080 on your local machine to port 80 on the remote server:
ssh -L 8080:localhost:80 user@remote-serverNow, visit
http://localhost:8080to access the remote web service. - Remote Port Forwarding (Expose Local Services Remotely): Forward port 8080 on the remote server to port 3000 on your local machine:
ssh -R 8080:localhost:3000 user@remote-server - Dynamic Port Forwarding (SOCKS Proxy): Create a SOCKS proxy to route your browser traffic through the remote machine:
ssh -D 8080 user@remote-serverThen, set your browser to use
localhost:8080as a SOCKS proxy.
- Local Port Forwarding (Access Remote Services Locally): Forward port 8080 on your local machine to port 80 on the remote server:
- SSH Multiplexing (Faster Connections) SSH multiplexing allows you to reuse an existing connection for multiple sessions, which speeds up new connections to the same server. Add the following to
~/.ssh/config:Host *
ControlMaster auto
ControlPath ~/.ssh/controlmasters/%r@%h:%p
ControlPersist 10mAfter the first connection, subsequent connections will be much faster.
- X11 Forwarding (Running GUI Apps Over SSH) With X11 forwarding, you can run graphical applications on the remote server and have their GUI displayed locally:
ssh -X user@remote-serverAfter connecting, you can launch apps like
firefoxand see the GUI on your local machine. - SSH Agent Forwarding (Use Local SSH Keys Remotely) If you need to access another server from the remote server using your local SSH key, you can forward your SSH agent:
ssh -A user@remote-serverThis lets the remote server use your local SSH keys without copying them.
- ProxyJump (Connecting Through a Jump Host) If you need to connect to a server through a jump host, use the
-Joption:
ssh -J jump-server user@final-server
This first connects to jump-server, then from there to final-server.
- SSH Escape Sequences (Manage SSH Sessions) While connected via SSH, you can use escape sequences for advanced control:
- Close the session: Type
~.to immediately disconnect. - Open a new local shell: Type
~Cto open a local shell during the SSH session.
Troubleshooting and Security Enhancements
- Verbose Mode (Debugging SSH) For troubleshooting connection issues, use the
-voption:
ssh -v user@remote-server
For more detailed output, use -vvv:
ssh -vvv user@remote-server
- Disabling Password Authentication (For Better Security) To enhance security, disable password authentication on the remote server by editing
/etc/ssh/sshd_config:
PasswordAuthentication no
Then restart the SSH service:
sudo systemctl restart sshd
- SSH Jump Host with Different Identity Files If you need to specify separate identity files for the jump host and final destination:
ssh -J user1@jump-server -i ~/.ssh/jump-server-key -i ~/.ssh/final-server-key user2@final-server
- SSH Force Command (Limit User Actions) You can force a user to run a specific command every time they log in via SSH. For example, if you want them to only be able to run
/usr/bin/uptime:
Add this to the remote server’s ~/.ssh/authorized_keys:
command="/usr/bin/uptime" ssh-rsa AAAA... user@local
Conclusion
SSH is a robust and versatile tool for securely connecting to remote servers.
Whether you’re just logging in to manage files, setting up secure tunnels, or running graphical apps, SSH offers everything you need for remote administration and secure communication.
