PRODUCT

SSH.ID

Search...

How to Share Hosts and Credentials with Your Team

How To

Academy

Explanations

Reference

Getting Started with SSH

Termius documentation

If you need to securely administer remote servers or network devices, SSH is an essential protocol to master. SSH creates encrypted connections between devices, allowing you to login in, run commands, transfer files, and tunnel other traffic securely.

This tutorial will show you exactly how to get started with SSH, including simpl step-by-step instructions for generating keys, remotely connecting to a server, setting up config files, and more. In just minutes, you’ll have an SSH set up and the skills to start securely managing your own remote devices.

Installing SSH

To use SSH, you first need to check if you have an SSH client installed on your system.

The easiest way is by running the which ssh command in your terminal. On Linux and macOS, which will print the path to the ssh executable if it is installed:

$ which ssh
  /usr/bin/ssh

If SSH is not installed, you will see no output from the command.

On Windows, you can check if Open?ssh is installed by going to Settings > Apps & Features and looking for OpenSSH or checking if the ssh command works in PowerShell.

If you don’t have SSH installed, here are some ways to install it:

Linux - User your package manager, e.g. apt install openssh-client on Debian/Ubuntu.

macOS - SSH is installed by default. You can enable the OpenSSH server in System Preferences.

Windows - Install the OpenSSH Client from Settings or via PowerShell: Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0

Alternatively, consider installing a third-party SSH client such as Termius which provides a cross-platform SSH client for Windows, macOs, and Linux.

Once installed, you can verify SSH is set up properly by running ssh commands. The next section will cover how to generate SSH keys.

Generating SSH Keys

SSH keys provide a more secure way for servers to authenticate and identify you instead of using just a password.

To generate SSH keys, we will use the ssh-keygen command. This will create a public and private SSH key pair which are two long strings of characters connected mathematically. You keep the private key on your local machine while the public key can be shared freel without compromising security.

Here is an example generating a Ed25519 SSH key pair, following the prompts.

ssh-keygen -t ed25519Generating public/private ed25519 key pair.
Enter file in which to save the key (/home/demo/.ssh/id_ed25519):
Enter passphrase (empty for no passphrase): 
Enter same passphrase again:

The -t ed25519 specifies we want to use the ED25519 algorithm. Ed25519 is a modern algorithm that offers better security and faster performance compared to the older RSA algorithm.

We enter a file location to save the keys and an optional passphrase to further encrypt the private key. This generates id_ed25519 (private key) and id_ed25519.pub (public key) files saved in the .ssh folder.

The public key in id_ed25519.pub can now be shared freely with any servers you want to access via SSHwithout compromising security. The private key (id_ed25519) should not be shared and allows access when paired with the public key.

We will use the Ed25519 SSH key files to then connect securely in the next sections, but first let’s talk about how to properly with the keys.

Working with SSH Keys

Once you have generated an SSH key pair, there are some important steps to properly handle and work with the keys.

Setting Permissions

First, it’s crucial to restrict permissions on the SSH private key file so that no other users can access it. Use this command, replacing “id_ed25519” with your private key file name:

chmod 600 ~/.ssh/id_ed25519

This sets the permissions so only your user account can read/write that file.

Using ssh-agent

Typing in your SSH key passphrase each time you use it can be tedious. The ssh-agent program can cache your decrypted private key so you don’t have to keep retyping the passphrase as long as ssh-agent is running.

Start the ssh-agenct in the background:

eval "$(ssh-agent -s)"

Now add your private key to the ssh-agent:

ssh-add ~/.ssh/id_ed25519

You will be prompted to enter your passphrase one time when adding the key. After tha, ssh-agent will automatically handle unlocking the key as needed when you SSH into servers.

Properly securing and handling your SSH keys is important for keeping your systems safe and streamlining authentication with remote systems.

Connecting to a Remote Server with SSH

Once SSH is installed and you have an SSH key pair, you can connect to a remote server using the ssh command. The basic syntax is:

ssh user

Where user is your account name on the remote system, and host is the IP address or domain name of the server.

For example, to connect as the user “john” to a sever at IP 192.168.1.100:

ssh john@192.168.1.100

The first time you connect to a server, you may see a message like this:

The authenticity of host '192.168.1.100' can't be established.
Are you sure you want to continue

This is because your client does not recognize or trust this server yet. You can type yes to continue and SSH will remember the server going forward.

Once connected over SSH, you can run commands or access files on the remote system as if you were logged in locally. This allows you to securely administer servers remotely.

Running Commands Remotely over SSH

Once connected to a remote server over SSH, you can run commands or access the file system as if you were logged in to the remote machine directly.

For example, to list files in the home folder of the remote system:

ssh user@host
ls

You can execute basically any command as you would locally, such as listing the processes with ps, reading logs with less or tail, installing packages with the system package manager, etc.

Moving Files with SCP

The SCP (secure copy) command allows you to easily transfer files between your local machine and remote host through the SSH connection.

Copy file from remote host to local:

scp user@host:/path/to/file /local/path

Copy file from local to remote:

scp /local/path/file user@host:/remote/path

This handles the encrypted file transfer through SSH.

Transferring Files with SFTP

The SFTP command allows you to securely transfer files over an SSH connection. It is similar to standard FTP but with encryption, data integrity, and authentication provided by the SSH protocol. SFTP gives you more options to interactively manage and edit files on a remote server.

The use SFTP, connect to the remote host over SSH just like in the previous section:

sftp user

Once connected, you can run SFTP commands to transfer files and navigate the remote file system:

ls /home/user   (list directory contents)
get remote_file.txt (download file from remote host)
put local_file.txt (upload file to remote host) 
exit (close SFTP session)

The main SFTP commands include:

ls: List directory contents
cd: Change remote directory
get: Download file from remote
put: Upload local file to remote
rm: Delete remote file

Mounting Folders with SSHFS

Another option is to mount a folder from the remote system locally using SSHFS. This will make it appear like a mounted driver or folder on your system.

For example, to mount the remote /var/log folder:

sshfs user@host:/var/log /local/mount/point

Now you can directly access and edit remote files through your local mount point folder.

Leveraging SSH to directly run commands and access the file system on remote systems makes server administration much simpler.

Configuring SSH Connections

Using SSH often involves connecting to the same servers repeatedly. Instead of typing IP addresses and usernames each time, you can create an SSH configuration file to define shortcuts, custom ports, automatic, tunnels, and more.

The SSH configuration file is located at ~/.ssh/config. You can open this file in a text editor to make custom entries for your SSH sessions. Some examples of confiugrations include:

Defining a Host Shortcut

This allow you to use ssh shortcut_name instead of the full hostname and username each time.

Host shortcut_name
     HostName 123.456.78.90
     User john

Specifying a Custom Port

This connects to server on port 2222 instead of standard SSH 22.

Host alternate_port
     HostName 192.168.1.5
     Port 2222

Local Tunnel Config

This automatically tunnels traffic from localhost:8080 to 10.5.6.7.80 when connecting to tunnel_server.

Host tunnel_server
    HostName 1.2.3.4
    LocalForward 8080 10.5.6.7:80

With the SSH config file, you can simplify your connections and streamline automated workflows. Refer to man ssh_config for additional options you can set per host. The config file allows for easy customization for your SSH needs without repetitively typing common settings.

Conclusion

And the wraps up our tutorial on getting started with SSH! We’ve covered the fundamental steps you need to begin securely accessing remote servers, from understanding how SSH works to generate keys, connecting over SSH, transferring files with SCP/SFTP, and configuring your SSH connections for ease of use.

You should now have the core knowledge and skills in place to start remotely administering your own Linux servers, cloud servers, network equipment, and more. SSH unlocks many doors for easily controlling remote devices over an encrypted tunnel.

And if you want to skip manually configuring SSH, Termius provides an easy-to-use cross-platform SSH client and terminal for establishing connections and file transfer with just a few clicks. With the Termius mobile app, you can even manage your server infrastructure securely from your phone.

Start for free with Termius.

Top Articles: