DevOps Knowledge Hub
DevOps Knowledge Hub

Mastering SSH: Your Essential Command-Line Guide

Unlock the full potential of Secure Shell (SSH) with this essential command-line guide. Learn fundamental commands for secure remote login, including custom ports and single-command execution. Master key-based authentication for enhanced security, and streamline data movement using secure file transfer tools like `scp` and `sftp`. Finally, discover advanced techniques such as local port forwarding and configuring the `~/.ssh/config` file to drastically improve your administrative workflow and efficiency.

38 views

Mastering SSH: Your Essential Command-Line Guide

The Secure Shell (SSH) protocol is the backbone of secure remote administration across Linux, macOS, and Unix-like environments. It provides an encrypted channel for network services, allowing users to securely log in to remote systems, execute commands, and transfer files without exposing sensitive data.

While SSH is ubiquitous, mastering its core commands and configuration options can drastically improve efficiency, security, and the reliability of your remote server management workflow. This guide serves as a comprehensive resource, covering the fundamental commands necessary for secure login, efficient file handling, and powerful networking techniques like port forwarding.

1. Establishing Secure Remote Login

The most frequent use of SSH is securing a terminal connection to a remote server. The basic syntax is straightforward, but there are crucial options for enhanced security and usability.

Basic Connection Syntax

The standard command requires specifying the remote user and the host address (IP or domain name):

ssh [user]@[host]
# Example:
ssh [email protected]

Specifying a Non-Standard Port

For security reasons, many administrators change the default SSH port (Port 22). Use the -p flag to specify a different port number:

ssh -p 2222 [email protected]

Executing Single Remote Commands

SSH is not limited to opening an interactive shell. You can execute a single command on the remote server and have the output returned locally, which is extremely useful for scripting and quick checks.

# Run 'ls -l' on the remote server's /var/log directory
ssh user@host 'ls -l /var/log'

# Check the server's uptime
ssh user@host uptime

2. Managing Authentication with SSH Keys

Password authentication is vulnerable to brute-force attacks. SSH keys—a cryptographic pair consisting of a private key (kept secret on your machine) and a public key (placed on the remote server)—offer a vastly more secure method of authentication.

Generating Key Pairs

If you do not already have a key pair, you can generate one using ssh-keygen. It is best practice to use a strong passphrase to protect your private key.

ssh-keygen -t rsa -b 4096

Copying the Public Key to the Server

The ssh-copy-id utility is the simplest way to install your local public key (~/.ssh/id_rsa.pub) into the remote user’s ~/.ssh/authorized_keys file, enabling passwordless login.

# Copies the default public key to the server and sets correct permissions
ssh-copy-id user@host

Tip: Using the Private Key
If your private key is not in the default location (~/.ssh/id_rsa), you must use the -i flag to specify its path when connecting:
bash ssh -i ~/.ssh/my_custom_key user@host

3. Secure File Transfers

SSH provides two primary tools for secure file transfer: scp (Secure Copy) and sftp (Secure File Transfer Protocol).

A. Using Secure Copy (scp)

scp is ideal for simple, quick, one-time file transfers, offering a command-line interface modeled after the standard Unix cp (copy) command.

Transferring Files Local to Remote

# Syntax: scp [local_file] [user]@[host]:/[remote_path]
scp deployment.tar.gz user@webserver:/var/www/uploads/

Transferring Files Remote to Local

# Syntax: scp [user]@[host]:/[remote_file] [local_path]
scp user@dbserver:/var/log/backup.sql .

Copying Directories Recursively

Use the -r flag to copy entire directory structures.

scp -r ~/project_files/ user@buildserver:/home/user/builds/

B. Using Secure File Transfer Protocol (sftp)

sftp establishes an interactive session, similar to a traditional FTP client, but secured via SSH. It is better suited for navigating remote directories, listing files, and performing multiple transfers within a single session.

Starting an sftp Session

sftp user@host

Common sftp Session Commands

Command Description
ls List remote files
lls List local files
get filename Download a file from the remote server
put filename Upload a file to the remote server
cd /path/ Change remote directory
lcd /path/ Change local directory
quit Exit the sftp session

4. Advanced Technique: SSH Tunneling (Port Forwarding)

SSH tunneling, or port forwarding, allows you to encrypt connections for non-secure protocols or access services on an internal network via a jump host. The most common form is Local Port Forwarding.

Local Port Forwarding (-L)

Local forwarding routes traffic from a port on your local machine to a specified port on a remote host through the SSH server. This is useful for accessing internal databases, web interfaces, or proprietary services that are not directly exposed to the public internet.

Scenario: You want to access a private internal web server (accessible only from jumpbox) on port 80.

# Syntax: ssh -L [local_port]:[destination_host]:[destination_port] [user]@[jumpbox]
ssh -L 8080:internal-web.lan:80 user@jumpbox -N
  • -L 8080:internal-web.lan:80: Traffic arriving at your local machine on port 8080 is forwarded to internal-web.lan on port 80, via jumpbox.
  • -N: Tells SSH not to execute a remote command; it simply sets up the tunnel.

Once the connection is established, you can access the internal site by navigating your local browser to http://localhost:8080.

5. Improving Efficiency with the SSH Configuration File

Manually typing complex SSH commands, including custom ports, usernames, and key paths, is inefficient. The SSH configuration file (~/.ssh/config) allows you to define aliases and settings for frequently accessed servers.

Example Configuration (~/.ssh/config)

Create or edit the file ~/.ssh/config with the following structure:

# Server 1: Standard key, non-standard port
Host dev-web
    HostName 10.0.0.50
    User deployment_user
    Port 2222
    IdentityFile ~/.ssh/id_rsa_dev

# Server 2: Jumpbox access requiring key authentication
Host production-db
    HostName 203.0.113.10
    User sysadmin
    IdentityFile ~/.ssh/prod_key
    LocalForward 54320 127.0.0.1:5432

Connecting with Aliases

Once configured, connecting becomes dramatically simpler:

# Connects to 10.0.0.50 on port 2222 as deployment_user
ssh dev-web

# Connects and automatically sets up port forwarding (if configured)
ssh production-db

Conclusion

SSH is a powerful, flexible tool essential for modern system administration. By moving beyond the basic ssh user@host command, adopting key-based authentication, leveraging secure file transfer utilities like scp and sftp, and mastering configuration files, you unlock a highly efficient and secure remote access environment. Continuous practice with these fundamental commands ensures you can manage and interact with your remote infrastructure effectively and securely.