Master DevOps Tools & Best Practices - DevOps Knowledge Hub Master DevOps Tools & Best Practices - DevOps Knowledge Hub

How to Connect to a Remote Server Using the Basic SSH Command

Master the fundamental `ssh` command for secure remote server access. This essential guide breaks down the core syntax, including username, host address, and custom port options (`-p`). Learn to establish connections using both password and the more secure key-based authentication (`-i`). Perfect for new users and administrators, this article provides practical examples and essential troubleshooting tips to ensure a robust and efficient connection every time.

How to Connect to a Remote Server Using the Basic SSH Command

Secure Shell (SSH) is the standard way to open a secure terminal session on a remote server. If you have a server address, a username, and valid credentials, the basic ssh command gets you from your laptop to a shell on that machine.

The common problems are usually simple: the wrong username, the wrong port, a missing private key, or a server host key prompt you have not seen before.

Prerequisites for Connection

Before attempting to connect, ensure you have the following components ready:

  1. SSH Client: Most modern operating systems (Linux, macOS) include the OpenSSH client by default. Windows 10/11 also includes an integrated OpenSSH client, though older versions may require a third-party application like PuTTY.
  2. Server Address (Host): The IP address (e.g., 192.168.1.50) or fully qualified domain name (FQDN, e.g., server.example.com) of the remote machine.
  3. Username: A valid user account on the remote server (e.g., root, ubuntu, jdoe).
  4. Credentials: Either the password for the specified user or a matching private SSH key file.

The Basic SSH Command Syntax

Establishing an SSH connection relies on a simple, consistent syntax structure. The command requires specifying who you are and where you want to go.

Core Syntax Breakdown

The most basic structure of the SSH command is:

ssh [options] username@host_address
Component Description Example Value
ssh The command initiating the Secure Shell connection. -
[options] Optional flags to modify the connection (e.g., port, identity file). -p 2222
username The account name on the remote server you wish to log in as. sysadmin
host_address The IP address or domain name of the remote server. 172.31.255.10 or webserver.com

Connecting to the Default Port

By default, SSH servers listen on TCP port 22. If the remote server uses this default port, you only need the username and host.

Example: Connecting as user jdoe to the server at 192.168.1.100

ssh [email protected]

If this is your first time connecting to the server, your SSH client prompts you to verify the server's host key. Confirm it only if the fingerprint matches what your provider or administrator expects. After you accept it, SSH stores the key in ~/.ssh/known_hosts.

Essential Connection Options

While the basic syntax works for most standard connections, several options are frequently used to customize or troubleshoot the connection.

Specifying a Custom Port (-p)

For security reasons, many server administrators change the default SSH port (22) to a non-standard port (e.g., 2222, 50000). You must use the -p flag to specify this custom port.

Syntax:

ssh -p [port_number] username@host_address

Example: Connecting to appserver.local on port 5555

ssh -p 5555 [email protected]

The -p option normally comes before username@host. That keeps the command easy to read and avoids confusing it with remote command arguments.

Verbose Output (-v)

If you are having trouble connecting (e.g., connection timeouts, authentication failure), the verbose mode is invaluable for troubleshooting. The -v flag increases the output level, showing detailed steps of the connection process, including negotiation, key exchange, and authentication attempts.

Syntax:

ssh -v username@host_address

For even more detailed debugging, you can use -vv or -vvv (maximum verbosity).

Running a Single Remote Command

SSH is typically used to open an interactive shell session. However, you can execute a single command on the remote server without establishing a continuous session. The connection executes the command, returns the output, and then immediately closes.

Syntax:

ssh username@host_address "command to run"

Example: Checking the disk space (df -h) on the remote server:

ssh [email protected] "df -h"

This is useful for quick checks:

ssh [email protected] "systemctl status nginx --no-pager"

Authentication Methods

Once the connection is initiated, the server requires authentication to verify your identity. The two primary methods are password authentication and key-based authentication.

1. Password Authentication

This is the simplest method, where the server prompts you for the user's password after the connection is established. SSH encrypts the password transmission.

Process:

  1. Run the ssh command.
  2. Server prompts: [email protected]'s password:
  3. Type the password (input will not be visible).

Password authentication is convenient, but public-facing servers are often targeted by brute-force login attempts. For internet-exposed systems, key-based login plus disabled password authentication is usually the safer baseline.

2. Key-Based Authentication

Key-based authentication uses a pair of cryptographic keys: a public key stored on the server and a corresponding private key stored securely on your local machine. This method is far more secure than passwords.

Specifying the Identity File (-i)

If your private key file is not in the default location (~/.ssh/id_rsa or ~/.ssh/id_ed25519), you must use the -i option to specify its location.

Syntax:

ssh -i /path/to/private/key/file username@host_address

Example: Connecting using a specific key named prod_server_key

ssh -i ~/.ssh/prod_server_key [email protected]

Setting up Key Authentication (Brief Overview)

To use key authentication, you typically follow these steps:

  1. Generate the key pair on your local machine using ssh-keygen.
  2. Copy the public key to the remote server's ~/.ssh/authorized_keys file, usually done using the utility ssh-copy-id.
ssh-copy-id username@host_address

Summary of Practical SSH Commands

Goal Command Example Description
Standard Connection ssh [email protected] Connects using default port 22.
Custom Port ssh -p 443 [email protected] Connects to port 443.
Key Authentication ssh -i ~/.ssh/dev_key dev@testbed Connects using a specific private key file.
Debugging Connection ssh -v [email protected] Runs connection in verbose mode for troubleshooting.
Remote Command ssh user@host "uptime" Executes the uptime command and exits.

Quick Troubleshooting Checks

If the command fails, check the error before changing server settings:

  • Connection timed out: The host or port may be blocked by a firewall, security group, or routing problem.
  • Connection refused: The server is reachable, but nothing is listening on that port.
  • Permission denied (publickey): The server did not accept your key, username, or authentication method.
  • REMOTE HOST IDENTIFICATION HAS CHANGED: The saved host key no longer matches. This can happen after a server rebuild, but it can also signal a serious security problem. Verify the fingerprint before removing the old key.

For key problems, this command usually gives enough detail:

ssh -vvv -i ~/.ssh/prod_server_key [email protected]

Practical Takeaway

Start with ssh user@host. Add -p when the server uses a custom port, add -i when you need a specific private key, and use -v or -vvv when authentication or network errors are unclear. For servers exposed to the internet, move toward key-based authentication and keep password logins disabled when your access process allows it.