How To Use SSH Command.
This article explains how to use the OpenSSH command-line client (ssh) to login to a remote machine and run commands or perform other operations.
Secure Shell (SSH) is a cryptographic network protocol used for an encrypted connection between a client and a server. The ssh client creates a secure connection to the SSH server on a remote machine. The encrypted connection can be used to execute commands on the server, X11 tunneling, port forwarding, and more.
Installing OpenSSH Client
The OpenSSH client program is called ssh and can be invoked from the terminal. The OpenSSH client package also provides other SSH utilities such as scp and sftp that are installed alongside the ssh command.
Installing OpenSSH Client on Linux
OpenSSH client is preinstalled on most Linux distributions by default. If your system doesn’t have the ssh client installed, you can install it using your distribution package manager.
Installing OpenSSH on Ubuntu and Debian
Installing OpenSSH on CentOS and Fedora
Installing OpenSSH Client on Windows 10
Most Windows users are using Putty to connect to a remote machine over SSH. However, the latest versions of Windows 10 include an OpenSSH client and server. Both packages can be installed via the GUI or PowerShell.
To find the exact name of the OpenSSH package, type the following command:
The command should return something like this:
Once you know the package name install it by running:
On success the output will look something like this:
Installing OpenSSH Client on macOS
macOS ships with the OpenSSH client installed by default.
How to Use the ssh Command
The following requirements must be met to be able to login into a remote machine via SSH:
An SSH server must be running on the remote machine.
The SSH port must be open in the remote machine firewall.
You must know the username and the password of the remote account. The account needs to have proper privileges for remote login.
The basic syntax of the ssh command is as follows:
To use the ssh command, open your Terminal or PowerShell and type ssh followed by the remote hostname:
When you connect to a remote machine through SSH for the first time, you will see a message like below.
Each host has a unique fingerprint that is stored in the ~/.ssh/known_hosts file.
Type yes to store the remote fingerprint, and you’ll be prompted to enter your password.
Once you enter the password, you will be logged into the remote machine.
When the username is not given, the ssh command uses the current system login name.
To log in as a different user, specify the username and the host in the following format:
The username can also be specified with the -l option:
By default, when no port is given, the SSH client will try to connect to the remote server on port 22. On some servers, administrators are changing the default SSH port to add an extra layer of security to the server by reducing the risk of automated attacks.
To connect on a non-default port, use the -p option to specify the port:
If you are experiencing authentication or connection issues, use the -v option to tell ssh to print debugging messages:
To increase the level of verbosity, use -vv or -vvv.
The ssh command accepts a number of options.
For a complete list of all options read the ssh man page by typing man ssh in your terminal.
SSH Config File
If you are connecting to multiple remote systems over SSH on a daily basis, you’ll find that remembering all of the remote IP addresses, different usernames, non-standard ports, and various command-line options is difficult, if not impossible.
The OpenSSH client reads the options set in the per-user configuration file (~/.ssh/config). In this file, you can store different SSH options for each remote machine you connect to.
A sample SSH config is shown below:
When you invoke the ssh client by typing ssh dev, the command will read the ~/.ssh/config file and use the connection details specified for the dev host. In this example, ssh dev is equivalent to the following:
For more information, check the article on SSH config file .
Public Key Authentication
The SSH protocol supports various authentication mechanisms.
The public key-based authentication mechanism allows you to log in to the remote server without having to type your password .
This method works by generating a pair of cryptographic keys that are used for authentication. The private key is stored on the client device, and the public key is transferred to each remote server that you want to log in to. The remote server must be configured to accept key authentication.
If you already don’t have SSH key pair on your local machine, you can generate one by typing:
You will be asked to type a secure passphrase. Whether you want to use a passphrase, it’s up to you.
Once you have your key pair, the public key to the remote server:
Enter the remote user password, and the public key will be appended to the remote user authorized_keys file.
Once the key is uploaded, you can log in to the remote server without being prompted for a password.
By setting a key-based authentication, you can simplify the login process and increase the overall server security.
SSH tunneling or SSH port forwarding is a method of creating an encrypted SSH connection between a client and a server machine through which services ports can be relayed.
SSH forwarding is useful for transporting network data of services that use an unencrypted protocol, such as VNC or FTP, accessing geo-restricted content, or bypassing intermediate firewalls. Basically, you can forward any TCP port and tunnel the traffic over a secure SSH connection.
There are three types of SSH port forwarding:
Local Port Forwarding
Local port forwarding allows you to forward a connection from the client host to the SSH server host and then to the destination host port.
To create a local port forwarding, pass the -L option to the ssh client:
The -f option tells the ssh command to run in the background and -N not to execute a remote command.
Remote Port Forwarding
Remote port forwarding is the opposite of local port forwarding. It forwards a port from the server host to the client host and then to the destination host port.
The -R option tells ssh to create a remote port forwarding:
Dynamic Port Forwarding
Dynamic port forwarding creates a SOCKS proxy server that allows communication across a range of ports.
To create a dynamic port forwarding (SOCKS) pass the -D option to the ssh client:
To connect to a remote server via SSH, use the ssh command followed by the remote username and hostname (ssh username@hostname).
Knowing how to use the ssh command is essential for managing remote servers.