How to use SSH command.

How To Use SSH Command.

This article explains how to use the OpenSSH command-line client (ssh) to login to a remote machine and run commands or perform other operations.

Secure Shell (SSH) is a cryptographic network protocol used for an encrypted connection between a client and a server. The ssh client creates a secure connection to the SSH server on a remote machine. The encrypted connection can be used to execute commands on the server, X11 tunneling, port forwarding, and more.

 

Installing OpenSSH Client

The OpenSSH client program is called ssh and can be invoked from the terminal. The OpenSSH client package also provides other SSH utilities such as scp and sftp that are installed alongside the ssh command.

 

Installing OpenSSH Client on Linux

OpenSSH client is preinstalled on most Linux distributions by default. If your system doesn’t have the ssh client installed, you can install it using your distribution package manager.

 

Installing OpenSSH on Ubuntu and Debian

sudo apt updatesudo apt install openssh-client

 

Installing OpenSSH on CentOS and Fedora

sudo dnf install openssh-clients

 

Installing OpenSSH Client on Windows 10

Most Windows users are using Putty to connect to a remote machine over SSH. However, the latest versions of Windows 10 include an OpenSSH client and server. Both packages can be installed via the GUI or PowerShell.

To find the exact name of the OpenSSH package, type the following command:

Get-WindowsCapability -Online | ? Name -like 'OpenSSH*'

 

The command should return something like this:

Name  : OpenSSH.Client~~~~75.220
State : NotPresent
Name  : OpenSSH.Server~~~~113.196
State : NotPresent

Once you know the package name install it by running:

Add-WindowsCapability -Online -Name OpenSSH.Server~~~~72.220

 

On success the output will look something like this:

Path          :
Online        : True
RestartNeeded : False

 

Installing OpenSSH Client on macOS

macOS ships with the OpenSSH client installed by default.

 

How to Use the ssh Command

The following requirements must be met to be able to login into a remote machine via SSH:

  • An SSH server must be running on the remote machine.

  • The SSH port must be open in the remote machine firewall.

  • You must know the username and the password of the remote account. The account needs to have proper privileges for remote login.

The basic syntax of the ssh command is as follows:

ssh [OPTIONS] [USER@]:HOST

 

To use the ssh command, open your Terminal or PowerShell and type ssh followed by the remote hostname:

ssh ssh.nexonhost.com

When you connect to a remote machine through SSH for the first time, you will see a message like below.

The authenticity of host 'ssh.nexonhost.com (3.10.0-1160.81.1.)' can't be established.
ECDSA key fingerprint is SHA256:Vybt22mVXuNuB5unE++yowF7lgA/9/2bLSiO3qmYWBY.
Are you sure you want to continue connecting (yes/no)?

Each host has a unique fingerprint that is stored in the ~/.ssh/known_hosts file.

Type yes to store the remote fingerprint, and you’ll be prompted to enter your password.

Warning: Permanently added 'ssh.nexonhost.com' (ECDSA) to the list of known hosts.

dev@ssh.linuxize.com's password:

Once you enter the password, you will be logged into the remote machine.

When the username is not given, the ssh command uses the current system login name.

 

To log in as a different user, specify the username and the host in the following format:

ssh username@hostname

The username can also be specified with the -l option:

ssh -l username hostname

By default, when no port is given, the SSH client will try to connect to the remote server on port 22. On some servers, administrators are changing the default SSH port to add an extra layer of security to the server by reducing the risk of automated attacks.

To connect on a non-default port, use the -p option to specify the port:

ssh -p 5522 username@hostname

If you are experiencing authentication or connection issues, use the -v option to tell ssh to print debugging messages:

ssh -v username@hostname

To increase the level of verbosity, use -vv or -vvv.

The ssh command accepts a number of options.

For a complete list of all options read the ssh man page by typing man ssh in your terminal.

 

SSH Config File

If you are connecting to multiple remote systems over SSH on a daily basis, you’ll find that remembering all of the remote IP addresses, different usernames, non-standard ports, and various command-line options is difficult, if not impossible.

The OpenSSH client reads the options set in the per-user configuration file (~/.ssh/config). In this file, you can store different SSH options for each remote machine you connect to.

A sample SSH config is shown below:

Host dev
    HostName dev.linuxize.com
    User mike
    Port 4422

 

When you invoke the ssh client by typing ssh dev, the command will read the ~/.ssh/config file and use the connection details specified for the dev host. In this example, ssh dev is equivalent to the following:

ssh -p 4422 mike@dev.linuxize.com

For more information, check the article on SSH config file .

 

Public Key Authentication

The SSH protocol supports various authentication mechanisms.

The public key-based authentication mechanism allows you to log in to the remote server without having to type your password .

This method works by generating a pair of cryptographic keys that are used for authentication. The private key is stored on the client device, and the public key is transferred to each remote server that you want to log in to. The remote server must be configured to accept key authentication.

If you already don’t have SSH key pair on your local machine, you can generate one by typing:

ssh-keygen -t rsa -b 4096 -C "your_email@domain.com"

You will be asked to type a secure passphrase. Whether you want to use a passphrase, it’s up to you.

Once you have your key pair, the public key to the remote server:

ssh--id username@hostname

Enter the remote user password, and the public key will be appended to the remote user authorized_keys file.

Once the key is uploaded, you can log in to the remote server without being prompted for a password.

By setting a key-based authentication, you can simplify the login process and increase the overall server security.

 

Port Forwarding

SSH tunneling or SSH port forwarding is a method of creating an encrypted SSH connection between a client and a server machine through which services ports can be relayed.

SSH forwarding is useful for transporting network data of services that use an unencrypted protocol, such as VNC or FTP, accessing geo-restricted content, or bypassing intermediate firewalls. Basically, you can forward any TCP port and tunnel the traffic over a secure SSH connection.

There are three types of SSH port forwarding:

 

Local Port Forwarding

Local port forwarding allows you to forward a connection from the client host to the SSH server host and then to the destination host port.

To create a local port forwarding, pass the -L option to the ssh client:

ssh -L [LOCAL_IP:]LOCAL_PORT:DESTINATION_HOST:DESTINATION_PORT -N -f username@hostname

The -f option tells the ssh command to run in the background and -N not to execute a remote command.

 

Remote Port Forwarding

Remote port forwarding is the opposite of local port forwarding. It forwards a port from the server host to the client host and then to the destination host port.

 

The -R option tells ssh to create a remote port forwarding:

ssh -R [REMOTE:]REMOTE_PORT:DESTINATION:DESTINATION_PORT -N -f username@hostname

 

Dynamic Port Forwarding

Dynamic port forwarding creates a SOCKS proxy server that allows communication across a range of ports.

To create a dynamic port forwarding (SOCKS) pass the -D option to the ssh client:

ssh -D [LOCAL_IP:]LOCAL_PORT  -N -f username@hostname

 

Conclusion

To connect to a remote server via SSH, use the ssh command followed by the remote username and hostname (ssh username@hostname).

Knowing how to use the ssh command is essential for managing remote servers.