Terminal GuideTerminal Guide

ssh Command Guide

SSH (Secure Shell) provides secure remote access to systems. Learn how to connect to servers, manage keys, and use advanced features.

9 min readLast updated: January 19, 2025
Dai Aoki

Dai Aoki

CEO at init, Inc. / CTO at US & JP startups / Creator of WebTerm

Quick Reference

Connect

ssh user@hostBasic connection
ssh -p 2222 user@hostCustom port
ssh -i key.pem user@hostWith key file

Keys

ssh-keygen -t ed25519Generate key
ssh-copy-id user@hostCopy key to server
ssh-add ~/.ssh/keyAdd key to agent

Tunneling

-L 8080:localhost:80Local forward
-R 8080:localhost:80Remote forward
-D 1080SOCKS proxy

Transfer

scp file user@host:pathCopy to remote
scp user@host:file .Copy from remote
scp -r dir user@host:Copy directory

Options

-vVerbose mode
-J jump@hostJump host
-XX11 forwarding

Downloadable Image Preview

Failed to generate preview

Basic Connection

Connect to a remote server using SSH.

bash
# Basic connection
ssh username@hostname

# Connect on non-standard port
ssh -p 2222 username@hostname

# Connect with specific identity file
ssh -i ~/.ssh/mykey username@hostname

Common Options

SSH Options

-p portConnect on specific port
-i keyfileUse specific identity file
-vVerbose mode for debugging
-XEnable X11 forwarding
-LLocal port forwarding
-RRemote port forwarding
-DDynamic port forwarding (SOCKS)
-NNo remote command (for tunnels)

SSH Key Authentication

Generate SSH key pair

bash
# Generate Ed25519 key (recommended)
ssh-keygen -t ed25519 -C "your_email@example.com"

# Generate RSA key (traditional)
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

Copy public key to server

bash
# Using ssh-copy-id
ssh-copy-id username@hostname

# Or manually
cat ~/.ssh/id_ed25519.pub | ssh user@host "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"

Set correct permissions

bash
chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_ed25519
chmod 644 ~/.ssh/id_ed25519.pub
chmod 600 ~/.ssh/authorized_keys
Tip
Use SSH keys instead of passwords for better security and convenience. Consider adding a passphrase to your private key.

SSH Config File

Create shortcuts for frequent connections in ~/.ssh/config.

bash
# ~/.ssh/config
Host myserver
    HostName 192.168.1.100
    User admin
    Port 22
    IdentityFile ~/.ssh/id_ed25519

Host dev
    HostName dev.example.com
    User developer
    ForwardAgent yes

Host *
    ServerAliveInterval 60
    ServerAliveCountMax 3

Now you can connect with just:

bash
ssh myserver

Running Remote Commands

bash
# Run single command
ssh user@host "ls -la"

# Run multiple commands
ssh user@host "cd /var/log && tail -100 syslog"

# Run script remotely
ssh user@host 'bash -s' < local_script.sh

Port Forwarding (Tunneling)

Local port forwarding

Access remote service through local port.

bash
# Forward local port 8080 to remote localhost:80
ssh -L 8080:localhost:80 user@host

# Access remote database through local port
ssh -L 3307:localhost:3306 user@dbserver

Remote port forwarding

Make local service accessible from remote.

bash
# Make local port 3000 accessible on remote port 8080
ssh -R 8080:localhost:3000 user@host

Dynamic forwarding (SOCKS proxy)

bash
# Create SOCKS proxy on port 1080
ssh -D 1080 user@host
Info
Use -N to create a tunnel without executing a remote command, and -f to run in background.

File Transfer with SSH

Using SCP

bash
# Copy file to remote
scp file.txt user@host:/path/to/destination/

# Copy from remote
scp user@host:/path/to/file.txt ./

# Copy directory recursively
scp -r directory/ user@host:/path/to/destination/

Using rsync over SSH

bash
rsync -avz -e ssh /local/path/ user@host:/remote/path/

Practical Examples

Jump through bastion host

bash
# SSH to internal server via bastion
ssh -J bastion@jumphost user@internalserver

# Or in config:
# Host internal
#     HostName internal.example.com
#     ProxyJump bastion@jumphost

Keep connection alive

bash
ssh -o ServerAliveInterval=60 user@host

X11 forwarding (GUI applications)

bash
ssh -X user@host
# Then run GUI apps like: firefox &

SSH agent forwarding

bash
# Start ssh-agent and add key
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_ed25519

# Connect with agent forwarding
ssh -A user@host

Debug connection issues

bash
# Verbose output for debugging
ssh -vvv user@host
Warning
Be careful with SSH agent forwarding (-A). Only use it when connecting to trusted servers.

Security Best Practices

  • Use SSH keys instead of passwords
  • Add a passphrase to your private key
  • Disable root login on servers
  • Use strong key algorithms (Ed25519 or RSA-4096)
  • Keep your private keys secure (chmod 600)
  • Regularly rotate your SSH keys

Summary

SSH is essential for secure remote access. Key takeaways:

  • Use ssh user@host for basic connections
  • Generate keys with ssh-keygen
  • Configure shortcuts in ~/.ssh/config
  • Use port forwarding for secure tunnels
  • Use scp or rsync for file transfer

Official Documentation

For authoritative information, refer to the official documentation:

Related Articles

tar Command Guide

Create and extract archives

linux6 min read

curl Command Guide

Transfer data from URLs

linux8 min read