Skip to main content

SSH

SSH (Secure Shell) is a cryptographic network protocol for securely accessing and managing remote systems over an unsecured network. SSH provides encrypted communication, secure file transfer, and tunneling capabilities, making it a fundamental tool for system administrators and developers.

🌟 Key Concepts​

  • Authentication: SSH supports password-based and key-based authentication.
  • Encryption: All data sent over SSH is encrypted for confidentiality.
  • Port Forwarding: SSH can tunnel network connections securely.
  • SCP/SFTP: Secure file transfer protocols built on SSH.

πŸ› οΈ Common SSH Commands​

ssh user@host                   # Connect to a remote host
ssh -p 2222 user@host           # Connect using a custom port
ssh -i ~/.ssh/id_rsa user@host  # Use a specific private key
ssh -X user@host                # Enable X11 forwarding (GUI apps)
ssh -L 8080:localhost:80 user@host  # Local port forwarding
ssh -R 2222:localhost:22 user@host  # Remote port forwarding
ssh-copy-id user@host           # Copy your public key to the server for key-based login

πŸ”‘ SSH Key Management​

ssh-keygen                      # Generate a new SSH key pair
cat ~/.ssh/id_rsa.pub           # Show your public key
ssh-add ~/.ssh/id_rsa           # Add private key to SSH agent
eval "$(ssh-agent -s)"          # Start the SSH agent

πŸ“¦ Secure File Transfer​

scp file.txt user@host:/path/   # Copy file to remote host
scp user@host:/path/file.txt .  # Copy file from remote host
scp -r dir/ user@host:/path/    # Copy directory recursively
sftp user@host                  # Start interactive SFTP session

βš™οΈ SSH Configuration​

Config file: ~/.ssh/config

Host myserver
    HostName example.com
    User myuser
    Port 2222
    IdentityFile ~/.ssh/id_ed25519
    ForwardAgent yes

πŸ›‘οΈ Security Tips​

  • Use SSH keys instead of passwords for authentication.
  • Disable root login via SSH (PermitRootLogin no in /etc/ssh/sshd_config).
  • Change the default SSH port to reduce automated attacks.
  • Use Fail2Ban or similar tools to block brute-force attempts.
  • Regularly update OpenSSH and your system.

πŸ“š Useful Links​

πŸ“ Notes​

  • SSH is available by default on most Unix-like systems.
  • Public keys are stored in ~/.ssh/authorized_keys on the server.
  • Use ssh -v for verbose/debug output if you have connection issues.