A complete guide to installing, configuring, and using SSH (Secure Shell) for secure remote access between Linux systems. Covers both server and client usage, key authentication, config files, port changes, security tips, and automation.
sudo apt update
sudo apt install openssh-server
sudo dnf install openssh-server
sudo systemctl start ssh
sudo systemctl enable ssh
sudo systemctl status ssh
On some systems, service is called sshd:
sudo systemctl start sshd
/etc/ssh/sshd_config
Common options:
| Option | Description |
|---|---|
Port |
Default is 22 |
PermitRootLogin |
no/yes/prohibit-password |
PasswordAuthentication |
yes/no |
AllowUsers |
Restrict which users can log in |
PubkeyAuthentication |
yes |
PermitEmptyPasswords |
no |
/etc/ssh/ssh_config # Global config
~/.ssh/config # Per-user config
Example client config:
Host myserver
HostName 192.168.1.50
User john
Port 2222
ssh username@hostname
Examples:
ssh user@192.168.1.10
ssh user@example.com
Specify port:
ssh -p 2222 user@host
| Option | Description |
|---|---|
-p |
Specify port |
-i |
Identity file (private key) |
-L |
Local port forwarding |
-R |
Remote port forwarding |
-X |
Enable X11 forwarding |
-v |
Verbose output (debugging) |
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
Creates:
~/.ssh/id_rsa (private key)~/.ssh/id_rsa.pub (public key)ssh-copy-id user@server_ip
Or manually append:
cat ~/.ssh/id_rsa.pub | ssh user@host 'cat >> ~/.ssh/authorized_keys'
In /etc/ssh/sshd_config:
PasswordAuthentication no
PermitRootLogin no
Then restart SSH:
sudo systemctl restart ssh
Edit /etc/ssh/sshd_config:
Port 2222
Then:
sudo ufw allow 2222/tcp # or firewall-cmd for RHEL
sudo systemctl restart ssh
AllowUsers surya das admin
PermitRootLogin no
fail2ban to block brute-force attempts.ssh -L 8080:localhost:80 user@remote
Access localhost:8080 → forwards to remote port 80.
ssh -R 9090:localhost:22 user@remote
Remote side can access your local port 22 via port 9090.
ssh -D 1080 user@remote
Use localhost:1080 as a SOCKS proxy in your browser.
scp:scp file.txt user@remote:/home/user/
scp -r dir/ user@remote:/home/user/
sshfs:sshfs user@remote:/home/user/ /mnt/remote
rsync over SSH:rsync -avz -e ssh myfolder/ user@remote:/backup/
~/.ssh/config for pre-configured aliasesexpect or sshpass if absolutely needed (less secure)sshpass -p 'mypassword' ssh user@host
⚠️ Not recommended for production use.
telnet host 22
nc -zv host 22
ssh -v user@host
sudo systemctl restart ssh
journalctl -u ssh
cat /var/log/auth.log # Debian/Ubuntu
cat /var/log/secure # RHEL/CentOS
| Task | Command Example |
|---|---|
| Connect to SSH server | ssh user@host |
| Use alternate port | ssh -p 2222 user@host |
| Copy file to remote | scp file user@host:/path/ |
| Sync folders via SSH | rsync -avz -e ssh dir/ user@host:/path/ |
| Mount remote dir | sshfs user@host:/dir /mnt/mountpoint |
| Generate SSH key | ssh-keygen -t rsa |
| Copy SSH key to server | ssh-copy-id user@host |
| Forward local port | ssh -L 8080:localhost:80 user@host |
| Debug SSH connection | ssh -v user@host |
| Restart SSH service | sudo systemctl restart ssh |
✅ SSH is essential for remote system administration. By securing and automating SSH properly, you ensure safe and efficient management of Linux systems over networks.