SSH Tutorial for Linux: Complete Beginner Guide
By the end of this guide, you'll be comfortable using SSH for remote server management, file transfers, port forwarding, and much more. Let's start with the fundamentals and gradually build up to more advanced concepts.
What is SSH and Why Do You Need It?
SSH is a cryptographic network protocol that allows secure remote administration of Linux systems over unsecured networks. It encrypts all traffic, including passwords, making it the standard method for remote server access.
Key Benefits of SSH:
- Security: All traffic is encrypted using strong cryptographic algorithms
- Authentication: Supports both password and key-based authentication
- Flexibility: Can be used for shell access, file transfers, and port forwarding
- Cross-Platform: Works on Linux, macOS, Windows, and mobile devices
- Free: OpenSSH, the most popular SSH implementation, is completely free
Getting Started: SSH Client Installation
Most Linux distributions come with SSH pre-installed, but if you need to install it:
Install OpenSSH Client
# Ubuntu/Debian
sudo apt update
sudo apt install -y openssh-client
# CentOS/RHEL/Fedora
sudo yum install -y openssh-clients
# or on newer systems
sudo dnf install -y openssh-clients
# Arch Linux
sudo pacman -S opensshVerify SSH Installation
# Check SSH version
ssh -V
# Test SSH client
ssh localhostBasic SSH Connection
The most basic SSH command connects you to a remote server:
Syntax
ssh [username]@[hostname_or_ip_address]Example Connections
# Connect with IP address
ssh [email protected]
# Connect with hostname
ssh [email protected]
# Connect to default port (22)
ssh [email protected]
# Connect to custom port
ssh -p 2222 [email protected]First Connection
When you first connect to a server, you'll see this message:
The authenticity of host 'server.example.com (192.168.1.100)' can't be established.
ECDSA key fingerprint is SHA256:AbCdEfGhIjKlMnOpQrStUvWxYz1234567890.
Are you sure you want to continue connecting (yes/no)?Type "yes" to continue. This adds the server's fingerprint to your known hosts file.
SSH Key-Based Authentication
While password authentication works, SSH keys are more secure and convenient. Here's how to set them up:
Generate SSH Keys
# Generate Ed25519 key (recommended)
ssh-keygen -t ed25519 -C "[email protected]"
# Or generate RSA key for compatibility
ssh-keygen -t rsa -b 4096 -C "[email protected]"You'll be prompted for:
- File location: Press Enter to accept default (~/.ssh/id_rsa)
- Passphrase: Enter a strong passphrase (acts as 2FA)
Copy Public Key to Server
Method 1: Using ssh-copy-id (easiest)
ssh-copy-id [email protected]Method 2: Manual copy
# Display public key
cat ~/.ssh/id_rsa.pub
# On server, create .ssh directory
mkdir -p ~/.ssh
chmod 700 ~/.ssh
# Add public key to authorized_keys
echo "your_public_key_content" >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keysTest Key Authentication
# Should connect without password
ssh [email protected]SSH Configuration File
Create an SSH config file to simplify connections and set defaults:
Create SSH Config
# Create config file
nano ~/.ssh/configBasic Config Example
# Default settings for all hosts
Host *
User john
Port 22
ConnectTimeout 10
ServerAliveInterval 60
# Specific server configuration
Host webserver
HostName 192.168.1.100
User admin
Port 2222
IdentityFile ~/.ssh/webserver_key
# GitHub configuration
Host github.com
HostName github.com
User git
IdentityFile ~/.ssh/github_key
IdentitiesOnly yesUse Configured Hosts
# Connect using configured host
ssh webserver
# Connect to GitHub
ssh github.comFile Transfer with SSH
SSH provides secure file transfer capabilities through SCP and SFTP.
SCP (Secure Copy)
# Copy file from local to remote
scp local_file.txt user@server:/remote/path/
# Copy file from remote to local
scp user@server:/remote/file.txt /local/path/
# Copy directory recursively
scp -r local_directory/ user@server:/remote/path/
# Copy with custom port
scp -P 2222 file.txt user@server:/path/SFTP (SSH File Transfer Protocol)
# Start SFTP session
sftp [email protected]
# SFTP commands
sftp> ls # List files
sftp> cd /home/user # Change directory
sftp> get file.txt # Download file
sftp> put local_file.txt # Upload file
sftp> mkdir new_directory # Create directory
sftp> rm old_file.txt # Remove file
sftp> exit # Exit SFTPAdvanced SFTP
# Batch mode with commands
sftp -b commands.txt user@server
# Commands file example
cd /var/www
get index.html
put updated_index.html
ls
exitSSH Port Forwarding
SSH can tunnel other types of traffic through the secure SSH connection.
Local Port Forwarding
Forward a local port to a remote server:
# Forward local port 8080 to remote web server
ssh -L 8080:localhost:80 [email protected]
# Access remote service via local port
# http://localhost:8080
# Forward to different remote host
ssh -L 3306:mysql.internal:3306 [email protected]Remote Port Forwarding
Forward a remote port to your local machine:
# Forward remote port 8080 to local web server
ssh -R 8080:localhost:3000 [email protected]
# Others on remote network can access your local serviceDynamic Port Forwarding (SOCKS Proxy)
# Create SOCKS proxy on port 1080
ssh -D 1080 [email protected]
# Configure browser to use SOCKS proxy
# Proxy: localhost:1080
# Type: SOCKS5SSH Agent for Key Management
SSH agent manages your SSH keys and provides them to SSH clients without needing to enter passphrases repeatedly.
Start SSH Agent
# Start ssh-agent
eval $(ssh-agent -s)
# Add SSH key to agent
ssh-add ~/.ssh/id_rsa
# Enter passphrase once
# Key is now available for all SSH connectionsManage SSH Agent
# List loaded keys
ssh-add -l
# Remove all keys
ssh-add -D
# Remove specific key
ssh-add -d ~/.ssh/id_rsaSSH Agent Forwarding
# Forward agent to remote server
ssh -A [email protected]
# Now you can SSH from server to other servers using your local keysAdvanced SSH Techniques
SSH Tunnels for Web Development
# Forward remote database to local machine
ssh -L 3306:localhost:3306 user@staging-server
# Forward remote Redis to local machine
ssh -L 6379:localhost:6379 user@staging-serverSSH Configuration for Multiple Environments
# ~/.ssh/config
# Development server
Host dev
HostName dev.example.com
User developer
Port 2222
IdentityFile ~/.ssh/dev_key
LocalForward 3000 localhost:3000
# Staging server
Host staging
HostName staging.example.com
User deploy
Port 22
IdentityFile ~/.ssh/staging_key
ForwardAgent yes
# Production server
Host production
HostName prod.example.com
User admin
Port 2222
IdentityFile ~/.ssh/prod_key
PermitLocalCommand yes
LocalCommand echo "Connecting to PRODUCTION - be careful!"SSH Multiplexing for Faster Connections
Reuse existing SSH connections for faster subsequent connections:
# Add to ~/.ssh/config
Host *
ControlMaster auto
ControlPath ~/.ssh/master-%r@%h:%p
ControlPersist 600SSH Escape Sequences
Use SSH escape sequences for session management (default escape character: ~):
# SSH session commands (press Enter then ~)
~? # Show all escape sequences
~. # Terminate connection
~^Z # Suspend SSH session
~# # List forwarded connections
~& # Background SSH session
~C # Open command lineSSH Security Best Practices
Key Security
# Protect SSH keys
chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_rsa
chmod 644 ~/.ssh/id_rsa.pubConnection Security
# Use specific SSH options for security
ssh -o StrictHostKeyChecking=yes \
-o VerifyHostKeyDNS=yes \
-o PreferredAuthentications=publickey \
[email protected]SSH Hardening
On the server side, edit /etc/ssh/sshd_config:
# Disable root login
PermitRootLogin no
# Disable password authentication
PasswordAuthentication no
# Allow only specific users
AllowUsers admin deploy
# Use strong protocols only
Protocol 2
# Limit connection attempts
MaxAuthTries 3
LoginGraceTime 30Troubleshooting Common SSH Issues
Connection Refused
# Check if SSH server is running
sudo systemctl status sshd
# Check if port is open
sudo netstat -tlnp | grep :22
# Check firewall rules
sudo ufw statusPermission Denied
# Check SSH key permissions
ls -la ~/.ssh/
# Check server logs
sudo tail -f /var/log/auth.log
# Test with verbose mode
ssh -vvv [email protected]Host Key Verification Failed
# Remove old host key
ssh-keygen -R server.example.com
# Or remove from known_hosts manually
nano ~/.ssh/known_hostsConnection Timeout
# Test connectivity
ping server.example.com
# Check with telnet
telnet server.example.com 22
# Use longer timeout
ssh -o ConnectTimeout=30 [email protected]SSH Scripts and Automation
Remote Command Execution
# Execute single command
ssh user@server "ls -la /home"
# Execute multiple commands
ssh user@server "cd /var/www && ls -la && pwd"
# Execute script on remote server
ssh user@server 'bash -s' < local_script.sh
SSH for Backup Scripts
#!/bin/bash
# Backup script using SSH
REMOTE_SERVER="[email protected]"
REMOTE_DIR="/backup"
LOCAL_DIR="/data"
# Create remote backup directory
ssh $REMOTE_SERVER "mkdir -p $REMOTE_DIR/$(date +%Y%m%d)"
# Copy files using SCP
scp -r $LOCAL_DIR/* $REMOTE_SERVER:$REMOTE_DIR/$(date +%Y%m%d)/
echo "Backup completed to $REMOTE_SERVER:$REMOTE_DIR/$(date +%Y%m%d)/"
Parallel SSH Operations
# Install pssh for parallel operations
sudo apt install pssh
# Execute command on multiple servers
pssh -h server_list.txt "uptime"
# Copy files to multiple servers
pscp.pssh -h server_list.txt local_file.txt /remote/path/
# Parallel SSH with different users
pssh -h server_list.txt -l root "systemctl restart nginx"
SSH on Different Platforms
Windows SSH Clients
- PowerShell OpenSSH: Built into Windows 10/11
- PuTTY: Popular GUI SSH client
- Windows Terminal: Modern terminal with SSH support
- WSL: Windows Subsystem for Linux
macOS SSH
- Terminal.app: Built-in SSH client
- iTerm2: Enhanced terminal with SSH features
- SSH Agent: Built-in keychain integration
Mobile SSH
- Termius: Cross-platform SSH client
- Prompt: SSH client for iOS
- ConnectBot: SSH client for Android
- JuiceSSH: Android SSH client
SSH Alternatives and Complementary Tools
Mosh (Mobile Shell)
# Install Mosh for better mobile experience
sudo apt install mosh
# Use Mosh instead of SSH
mosh [email protected]
# Benefits:
# - Roaming support (IP changes)
# - Intelligent local echo
# - Automatic reconnection
rsync over SSH
# Efficient file synchronization
rsync -avz -e "ssh" local/ user@server:/remote/
# Delete files that don't exist locally
rsync -avz --delete -e "ssh" local/ user@server:/remote/
# Show progress
rsync -avz --progress -e "ssh" large_file user@server:/path/
Frequently Asked Questions
How do I change my SSH key passphrase?
# Change passphrase for existing key
ssh-keygen -p -f ~/.ssh/id_rsa
How do I remove a host from known_hosts?
# Remove specific host
ssh-keygen -R server.example.com
# Or edit known_hosts manually
nano ~/.ssh/known_hosts
How do I copy SSH keys to another machine?
# Copy both private and public keys
scp -r ~/.ssh/* user@newmachine:~/.ssh/
ssh user@newmachine "chmod 700 ~/.ssh && chmod 600 ~/.ssh/id_rsa"
How do I debug SSH connection issues?
# Use verbose mode for debugging
ssh -vvv [email protected]
# Check server configuration
sshd -t
# Monitor logs in real-time
tail -f /var/log/auth.log
Conclusion
# Execute single command
ssh user@server "ls -la /home"
# Execute multiple commands
ssh user@server "cd /var/www && ls -la && pwd"
# Execute script on remote server
ssh user@server 'bash -s' < local_script.sh#!/bin/bash
# Backup script using SSH
REMOTE_SERVER="[email protected]"
REMOTE_DIR="/backup"
LOCAL_DIR="/data"
# Create remote backup directory
ssh $REMOTE_SERVER "mkdir -p $REMOTE_DIR/$(date +%Y%m%d)"
# Copy files using SCP
scp -r $LOCAL_DIR/* $REMOTE_SERVER:$REMOTE_DIR/$(date +%Y%m%d)/
echo "Backup completed to $REMOTE_SERVER:$REMOTE_DIR/$(date +%Y%m%d)/"# Install pssh for parallel operations
sudo apt install pssh
# Execute command on multiple servers
pssh -h server_list.txt "uptime"
# Copy files to multiple servers
pscp.pssh -h server_list.txt local_file.txt /remote/path/
# Parallel SSH with different users
pssh -h server_list.txt -l root "systemctl restart nginx"# Install Mosh for better mobile experience
sudo apt install mosh
# Use Mosh instead of SSH
mosh [email protected]
# Benefits:
# - Roaming support (IP changes)
# - Intelligent local echo
# - Automatic reconnection# Efficient file synchronization
rsync -avz -e "ssh" local/ user@server:/remote/
# Delete files that don't exist locally
rsync -avz --delete -e "ssh" local/ user@server:/remote/
# Show progress
rsync -avz --progress -e "ssh" large_file user@server:/path/# Change passphrase for existing key
ssh-keygen -p -f ~/.ssh/id_rsa# Remove specific host
ssh-keygen -R server.example.com
# Or edit known_hosts manually
nano ~/.ssh/known_hosts# Copy both private and public keys
scp -r ~/.ssh/* user@newmachine:~/.ssh/
ssh user@newmachine "chmod 700 ~/.ssh && chmod 600 ~/.ssh/id_rsa"# Use verbose mode for debugging
ssh -vvv [email protected]
# Check server configuration
sshd -t
# Monitor logs in real-time
tail -f /var/log/auth.logSSH is an incredibly powerful and versatile tool that forms the backbone of remote Linux administration. By mastering the concepts covered in this tutorial, you'll be well-equipped to manage remote servers securely and efficiently.
Remember that SSH security is paramount - always use key-based authentication, keep your keys safe, and follow security best practices. The techniques learned here will serve you well whether you're managing a single server or an entire fleet of Linux systems.
As you become more comfortable with SSH, explore advanced features like multiplexing, bastion hosts, and certificate authorities to further enhance your remote administration capabilities. Happy SSH-ing!
