SSH

SSH (Secure Shell) is a cryptographic network protocol that provides secure command-line access to remote servers, encrypted file transfers, and port tunneling on Linux, macOS, and Windows.

What SSH Does and When to Use It

SSH establishes an encrypted connection between a client and a remote server over TCP port 22. System administrators use SSH to manage remote Linux servers, execute commands, edit configuration files, and restart services. Developers use SSH to deploy code, access development servers, and create secure tunnels to internal services.

SSH replaces the insecure Telnet and rsh protocols that transmitted credentials and data in plaintext. All SSH traffic — including passwords, commands, and file contents — is encrypted using AES, ChaCha20, or other symmetric ciphers negotiated during the handshake.

SSH is not a file synchronization tool — use Rsyncover SSH for incremental file transfers. SSH is not a VPN — it tunnels specific ports, not all network traffic. For full network-layer VPN tunneling, use WireGuard or OpenVPN.

How to Install SSH

=== "Ubuntu / Debian"

The SSH client is preinstalled. Install the SSH server to accept incoming connections:

```bash
sudo apt install openssh-server
sudo systemctl enable ssh
sudo systemctl start ssh
```

=== "macOS"

The SSH client is preinstalled. Enable the SSH server in System Preferences → Sharing → Remote Login.

=== "Windows"

Windows 10+ includes an OpenSSH client. Install via Settings → Apps → Optional Features → OpenSSH Client.

Core Concepts of SSH

SSH Key Pairs: Public and Private Keys

SSH key-based authentication uses a pair of cryptographic keys. The private key stays on the client machine and must never be shared. The public key is copied to the server's ~/.ssh/authorized_keys file. During authentication, the server challenges the client to prove it holds the matching private key without transmitting it. Key-based authentication is more secure than password authentication and can be enforced by disabling password login.

SSH Config File for Connection Shortcuts

The SSH config file at ~/.ssh/config stores connection parameters — hostname, port, username, and identity file — for named aliases. Instead of typing ssh -i ~/.ssh/prod_key -p 2222 admin@203.0.113.50, define an alias and type ssh production. See How to use SSH config for multiple servers.

SSH Agent and Key Forwarding

The SSH agent ( ssh-agent) caches decrypted private keys in memory so the passphrase is entered once per session. Agent forwarding ( -A flag) allows the remote server to use the client's cached keys for onward SSH connections — useful for jumping through bastion hosts.

Common Tasks with SSH

How to Connect to a Remote Server with SSH

ssh user@203.0.113.50

How to Connect on a Non-Standard Port with SSH

ssh -p 2222 user@203.0.113.50

How to Copy a File to a Remote Server with SCP over SSH

scp localfile.txt user@203.0.113.50:/remote/path/

For detailed instructions, see How to copy files over SSH with SCP.

SSH Troubleshooting

Related Tools and Guides

Rsyncuses SSH as its default transport for encrypted remote file transfers. SCPcopies files over SSH but lacks rsync's incremental transfer. UFWmanages firewall rules that control SSH access on Ubuntu servers.