SSH is a network protocol for securely logging into a remote machine and executing commands. It is designed and created to provide the best security when accessing another computer remotely. Whenever data is sent by a computer to the network, ssh will automatically encrypt it.
To use SSH, the destination machine should have an SSH server application installed because SSH is a client-server model. An SSH server, by default, listens on the standard TCP port 22. SSH client is by default available on all Linux distributions.
In this tutorial, we learn SSH Command in Linux with usage examples.
Prerequisites
An SSH client
An SSH server
IP address or name of the remote server
1. How to SSH to a Remote Server
A remote server is connected using an IP address or the name of the host. To connect ssh using an IP address, use the following command:
ssh [ IP ADDRESS]
To connect to ssh using the name, use the following command:
ssh [ HOSTNAME ]
For example, to connect to a remote host using IP address 192.168.239.133, the command would be following.
ssh 192.168.239.133
When you first connect to a host, a message appears asking if you want to continue connecting. Type yes, then enter the password for your remote host.
2. SSH with username
SSH uses the current user of the remote server when trying to connect. To connect to ssh with username, use the following syntax.
ssh [USERNAME]@[HOSTNAME/IP ADDRESS]
For example, to connect to the remote host with IP address 192.168.239.134 with a username named kali, use the following command.
The SSH server listens to TCP port 22 by default but if you wish to change it, you need to specify the port in the command.
To connect to a remote host using a different port number, use the -p flag as shown in the following syntax.
ssh [ IP ADDRESS/HOSTNAME ] -p [ PORT NUMBER ]
For example, to connect to the remote host with an IP address of 192.168.239.134 using port number 223, use the following command.
ssh 192.168.239.134 -p 223
4. SSH without password
In three simple steps, you can connect to your remote host using ssh without a password. The three steps required to log in to a remote server without entering a password are as follows.
Generate SSH key
To generate SSH keys, ssh-keygen is used which creates the public and private keys. These key pairs are used to authenticate between clients and servers.
To create a pair of keys, enter the following command on the client machine.
ssh-keygen -t rsa
Enter the location and paraphrase, or press enter to use the default settings.
Copy public SSH key
You need to copy the public SSH key to a remote server to use the key pair. To copy the public SSH key to the remote server, use the following syntax on the host machine.
ssh-copy-id [USERNAME]@[HOSTNAME/IP ADDRESS]
To copy the SSH key from IP address 192.168.239.134, use the following command.
The -b option is used to bind an IP address to an SSH connection. The IP address will be used as the source address of the SSH connection. This is used when a client has more than two IP addresses and you might not know which IP address is used to create a connection to the SSH server.
For example, run the following command to connect to the remote host on port 3306 of kali user with IP 192.168.239.134 from the localhost 192.168.239.133 on port 3336.
The -R option is used along with the SSH command to enable remote port forwarding. This means you can forward a port on the remote server to a port on your local machine, which is then forwarded to a port on the destination machine.
The basic syntax for remote port forwarding is the following.
The command will make ssh listen to the ssh server in port 3336, and tunnel all traffic to 3000 port.
ssh -C -D
The -D option enables dynamic port forwarding. The usual SOCKS port is 1001, however, any port number can be used; nevertheless, some programs will only work on the 1001 port.
The basic syntax for dynamic forwarding is as follows.
If you use ssh -o "batchmode=yes," the command will run successfully on the remote machine if passwordless connectivity is enabled, otherwise, it will return an error.
Some of the most important command-line options are shown in the following table.
Options
Description
-A
It enables the authentication agent connection to be forwarded.
-a
It disables the authentication agent connection to be forwarded.
-b
It is used to bind source addresses.
-C
It is used for data compression.
-c cipher_spec
It selects the cipher specification for encrypting the session.
-D
It is responsible for dynamic application-level port forwarding.
-E log_file
It appends debug logs to log_file instead of standard error.
-F config file
It specifies a per-user configuration file.
-g
It allows remote hosts to connect to local forwarded ports.
-i identity_file
It reads the private key for public-key authentication.
-j
It specifies a ProxyJump configuration directive.
-l login_name
It specifies the user to log in to the remote machine.
-p port
It is used to specify the port to connect to the remote host.
-q
It is the quiet mode.
-V
Verbose mode.
-X
It enables X11 forwarding
-Y
It enables Trusted X11 forwarding
Conclusion
In this tutorial, we learned how to use ssh command along with useful examples. Thanks for reading, please provide your feedback and suggestions in the below comment section.
If this resource helped you, let us know your care by a Thanks Tweet.
Did you find this article helpful?
We are glad you liked the article. Share with your friends.
About The Author
Bobbin Zachariah
Bobbin is a seasoned IT professional with over two decades of experience. He has excelled in roles such as a computer science instructor, Linux system engineer, and senior analyst. Currently, he thrives in DevOps environments, focusing on optimizing efficiency and delivery in AWS Cloud infrastructure. Bobbin holds certifications in RHEL, CCNA, and MCP, along with a Master's degree in computer science. In his free time, he enjoys playing cricket, blogging, and immersing himself in the world of music.
Comments