Introduction to SSH
SSH (Secure Shell) is a network protocol used to securely connect to a remote server or computer over an unsecured network. SSH provides secure channel over an unsecured network by using a client-server architecture, encrypting the data transmitted.
Basic SSH Commands
Connect to a Server
To connect to a server using SSH:
1
ssh username@server_ip
Connect to a Server on a Specific Port
If the server is listening on a non-default port (default is 22):
1
ssh -p port_number username@server_ip
Execute a Command on a Server
To run a command (e.g., ls) on the server without entering into interactive mode:
1
ssh username@server_ip "command"
Copy a File to a Server (SCP)
To securely copy a file from your local machine to a remote server:
1
scp local_file.txt username@server_ip:/remote/directory/
Copy a File from a Server (SCP)
To copy a file from the remote server to your local machine:
1
scp username@server_ip:/remote/file.txt /local/directory
SSH Keys
Generating SSH Keys
Generate a new SSH key pair (public and private) using:
1
ssh-keygen -t rsa -b 4096
This command generates a new SSH key, using the provided email as a label. -t specifies the type of key to create (here RSA), and -b specifies the number of bits in the key (more bits means more secure).
Copying Public Key to Server
After generating your SSH keys, copy your public key to the remote server for password-less login:
1
ssh-copy-id -i ~/.ssh/mykey.pub username@server_ip
Replace mykey.pub with your public key file if you’re not using the default name or path.
Permissions for SSH Keys
Ensure correct permissions for your SSH keys:
1
2
3
chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_rsa
chmod 644 ~/.ssh/id_rsa.pub
This sets the directory permissions to 700, private key to 600, and public key to 644.
Advanced SSH Usage
SSH Config File
You can create an SSH config file for easier management of multiple SSH connections:
- Create a config file in your SSH directory:
1
touch ~/.ssh/config - Edit the file to add your SSH hosts. For example:
1 2 3 4 5
Host myserver HostName server_ip User username Port port_number IdentityFile ~/.ssh/mykey
SSH Tunneling (Port Forwarding)
SSH tunneling allows you to forward a port on your local machine to a port on the remote server:
- Local Port Forwarding:
1
ssh -L local_port:localhost:remote_port username@server_ipThis forwards a local port to a remote port via the SSH server.
- Remote Port Forwarding:
1
ssh -R remote_port:localhost:local_port username@server_ipThis forwards a remote port to a local port via the SSH server.
SSH Agent Forwarding
SSH agent forwarding allows you to use your local SSH keys on a remote server:
- Start the SSH agent in the background:
1
eval "$(ssh-agent -s)"
- Add your SSH private key to the SSH agent:
1
ssh-add ~/.ssh/id_rsa
- Connect with agent forwarding enabled:
1
ssh -A username@server_ip
Using SSH with Git
For Git operations over SSH, configure Git to use SSH keys:
- Set your Git SSH command:
1
git config --global core.sshCommand 'ssh -i ~/.ssh/id_rsa -o IdentitiesOnly=yes'
- Clone a repository using SSH:
1
git clone ssh://git@server_ip:port/repository.git