How To Use SSH to Connect to a Remote Server | DigitalOcean (2023)

Introduction

One essential tool to master as a system administrator is SSH.

SSH, or Secure Shell, is a protocol used to securely log onto remote systems. It is the most common way to access remote Linux servers.

In this guide, we will discuss how to use SSH to connect to a remote system.

Core Syntax

To connect to a remote system using SSH, we’ll use the ssh command.

If you are using Windows, you’ll need to install a version of OpenSSH in order to be able to ssh from a terminal. If you prefer to work in PowerShell, you can follow Microsoft’s documentation to add OpenSSH to PowerShell. If you would rather have a full Linux environment available, you can set up WSL, the Windows Subsystem for Linux, which will include ssh by default. Finally, as a lightweight third option, you can install Git for Windows, which provides a native Windows bash terminal environment that includes the ssh command. Each of these are well-supported and whichever you decide to use will come down to preference.

If you are using a Mac or Linux, you will already have the ssh command available in your terminal.

The most straightforward form of the command is:

  1. ssh remote_host

The remote_host in this example is the IP address or domain name that you are trying to connect to.

This command assumes that your username on the remote system is the same as your username on your local system.

If your username is different on the remote system, you can specify it by using this syntax:

  1. ssh remote_username@remote_host

Once you have connected to the server, you may be asked to verify your identity by providing a password. Later, we will cover how to generate keys to use instead of passwords.

To exit the ssh session and return back into your local shell session, type:

  1. exit

How Does SSH Work?

SSH works by connecting a client program to an ssh server, called sshd.

In the previous section, ssh was the client program. The ssh server was already running on the remote_host that we specified.

On nearly all Linux environments, the sshd server should start automatically. If it is not running for any reason, you may need to temporarily access your server through a web-based console, or local serial console.

The process needed to start an ssh server depends on the distribution of Linux that you are using.

On Ubuntu, you can start the ssh server by typing:

  1. sudo systemctl start ssh

That should start the sshd server and you can then log in remotely.

How To Configure SSH

When you change the configuration of SSH, you are changing the settings of the sshd server.

In Ubuntu, the main sshd configuration file is located at /etc/ssh/sshd_config.

Back up the current version of this file before editing:

  1. sudo cp /etc/ssh/sshd_config{,.bak}

Open it using nano or your favourite text editor:

  1. sudo nano /etc/ssh/sshd_config

You will want to leave most of the options in this file alone. However, there are a few you may want to take a look at:

/etc/ssh/sshd_config

Port 22

The port declaration specifies which port the sshd server will listen on for connections. By default, this is 22. You should probably leave this setting alone, unless you have specific reasons to do otherwise. If you do change your port, we will show you how to connect to the new port later on.

/etc/ssh/sshd_config

HostKey /etc/ssh/ssh_host_rsa_keyHostKey /etc/ssh/ssh_host_dsa_keyHostKey /etc/ssh/ssh_host_ecdsa_key

The host keys declarations specify where to look for global host keys. We will discuss what a host key is later.

/etc/ssh/sshd_config

SyslogFacility AUTHLogLevel INFO

These two items indicate the level of logging that should occur.

If you are having difficulties with SSH, increasing the amount of logging may be a good way to discover what the issue is.

/etc/ssh/sshd_config

LoginGraceTime 120PermitRootLogin yesStrictModes yes

These parameters specify some of the login information.

LoginGraceTime specifies how many seconds to keep the connection alive without successfully logging in.

It may be a good idea to set this time just a little bit higher than the amount of time it takes you to log in normally.

PermitRootLogin selects whether the root user is allowed to log in.

In most cases, this should be changed to no when you have created a user account that has access to elevated privileges (through su or sudo) and can log in through ssh, in order to minimize the risk of anyone gaining root access to your server.

strictModes is a safety guard that will refuse a login attempt if the authentication files are readable by everyone.

This prevents login attempts when the configuration files are not secure.

/etc/ssh/sshd_config

X11Forwarding yesX11DisplayOffset 10

These parameters configure an ability called X11 Forwarding. This allows you to view a remote system’s graphical user interface (GUI) on the local system.

This option must be enabled on the server and given with the SSH client during connection with the -X option.

After making your changes, save and close the file. If you are using nano, press Ctrl+X, then when prompted, Y and then Enter.

If you changed any settings in /etc/ssh/sshd_config, make sure you reload your sshd server to implement your modifications:

  1. sudo systemctl reload ssh

You should thoroughly test your changes to ensure that they operate in the way you expect.

It may be a good idea to have a few terminal sessions open while you are making changes. This will allow you to revert the configuration if necessary without locking yourself out.

How To Log Into SSH with Keys

While it is helpful to be able to log in to a remote system using passwords, it is faster and more secure to set up key-based authentication.

How Does Key-based Authentication Work?

Key-based authentication works by creating a pair of keys: a private key and a public key.

The private key is located on the client machine and is secured and kept secret.

The public key can be given to anyone or placed on any server you wish to access.

When you attempt to connect using a key-pair, the server will use the public key to create a message for the client computer that can only be read with the private key.

The client computer then sends the appropriate response back to the server and the server will know that the client is legitimate.

This process is performed automatically after you configure your keys.

How To Create SSH Keys

SSH keys should be generated on the computer you wish to log in from. This is usually your local machine.

Enter the following into the command line:

  1. ssh-keygen -t rsa

You may be prompted to set a password on the key files themselves, but this is a fairly uncommon practice, and you should press enter through the prompts to accept the defaults. Your keys will be created at ~/.ssh/id_rsa.pub and ~/.ssh/id_rsa.

Change into the .ssh directory by typing:

  1. cd ~/.ssh

Look at the permissions of the files:

  1. ls -l

Output

-rw-r--r-- 1 demo demo 807 Sep 9 22:15 authorized_keys-rw------- 1 demo demo 1679 Sep 9 23:13 id_rsa-rw-r--r-- 1 demo demo 396 Sep 9 23:13 id_rsa.pub

As you can see, the id_rsa file is readable and writable only to the owner. This helps to keep it secret.

The id_rsa.pub file, however, can be shared and has permissions appropriate for this activity.

How To Transfer Your Public Key to the Server

If you currently have password-based access to a server, you can copy your public key to it by issuing this command:

  1. ssh-copy-id remote_host

This will start an SSH session. After you enter your password, it will copy your public key to the server’s authorized keys file, which will allow you to log in without the password next time.

Client-Side Options

There are a number of optional flags that you can provide when connecting through SSH.

Some of these may be necessary to match the settings in the remote host’s sshd configuration.

For instance, if you changed the port number in your sshd configuration, you will need to match that port on the client-side by typing:

  1. ssh -p port_number remote_host

Note: Changing your ssh port is a reasonable way of providing security through obscurity. If you are allowing ssh connections to a widely known server deployment on port 22 as normal, and you have password authentication enabled, you will likely be attacked by many automated login attempts. Exclusively using key-based authentication and running ssh on a nonstandard port is not the most complex security solution you can employ, but should reduce these to a minimum.

If you only want to execute a single command on a remote system, you can specify it after the host like so:

  1. ssh remote_host command_to_run

You will connect to the remote machine, authenticate, and the command will be executed.

As we said before, if X11 forwarding is enabled on both computers, you can access that functionality by typing:

  1. ssh -X remote_host

Providing you have the appropriate tools on your computer, GUI programs that you use on the remote system will now open their window on your local system.

Disabling Password Authentication

If you have created SSH keys, you can enhance your server’s security by disabling password-only authentication. Apart from the console, the only way to log into your server will be through the private key that pairs with the public key you have installed on the server.

Warning: Before you proceed with this step, be sure you have installed a public key to your server. Otherwise, you will be locked out!

As root or user with sudo privileges, open the sshd configuration file:

  1. sudo nano /etc/ssh/sshd_config

Locate the line that reads Password Authentication, and uncomment it by removing the leading #. You can then change its value to no:

/etc/ssh/sshd_config

PasswordAuthentication no

Two more settings that should not need to be modified (provided you have not modified this file before) are PubkeyAuthentication and ChallengeResponseAuthentication. They are set by default, and should read as follows:

/etc/ssh/sshd_config

PubkeyAuthentication yesChallengeResponseAuthentication no

After making your changes, save and close the file.

You can now reload the SSH daemon:

  1. sudo systemctl reload ssh

Password authentication should now be disabled, and your server should be accessible only through SSH key authentication.

Conclusion

Learning your way around SSH will greatly benefit any of your future cloud computing endeavours. As you use the various options, you will discover more advanced functionality that can make your life easier. SSH has remained popular because it is secure, light-weight, and useful in diverse situations.

Next, you may want to learn about working with SFTP to perform command line file transfers.

FAQs

How we can connect to a remote server via SSH? ›

To initiate an SSH connection to a remote system, you need the Internet Protocol (IP) address or hostname of the remote server and a valid username. You can connect using a password or a private and public key pair. Because passwords and usernames can be brute-forced, it's recommended to use SSH keys.

How do I SSH into a remote server without typing the password? ›

Configuring an SSH login without password
  1. Start by generating a key pair. A key pair includes a . ...
  2. Navigate to the directory in which you created the keys and verify that the process succeeded. ...
  3. Copy the public key to the destination system. ...
  4. You should now be able to login into the remote machine without a password.
Oct 17, 2019

How do I SSH to a remote server with a private key? ›

Step 1 Create and Copy Private Key to remote VM
  1. Copy private key to new file called centos7template01.txt.
  2. Type ls to verify file is there.
  3. Copy file to remote VM.
  4. Type yes to connect and transfer file.
  5. SSH into remote VM (Cent7-07)
  6. Type ls to confirm file copied successfully.

How do I access a server remotely? ›

To install Remote Access as a Web Application Proxy, either use the Add Roles and Features Wizard in Server Manager and select the Remote Access server role and the Web Application Proxy role service; or type the following command at a Windows PowerShell prompt, and then press ENTER.

What is SSH remote command? ›

The ssh command provides a secure encrypted connection between two hosts over an insecure network. This connection can also be used for terminal access, file transfers, and for tunneling other applications. Graphical X11 applications can also be run securely over SSH from a remote location.

What is SSH for dummies? ›

SSH(Secure Shell) is a secure protocol for logging into a remote server/computer. SSH provides a secure encrypted connection between two computers. SSH is widely used to manage servers and applications remotely in the IT industry by system administrators.

What is SSH in simple words? ›

SSH or Secure Shell is a network communication protocol that enables two computers to communicate (c.f http or hypertext transfer protocol, which is the protocol used to transfer hypertext such as web pages) and share data.

What is SSH key and how do you use it? ›

2. What are SSH Keys? SSH keys are a pair of public and private keys that are used to authenticate and establish an encrypted communication channel between a client and a remote machine over the internet.

Does SSH require public key? ›

An SSH key relies upon the use of two related keys, a public key and a private key, that together create a key pair that is used as the secure access credential. The private key is secret, known only to the user, and should be encrypted and stored safely.

How do I pass a password using SSH command line? ›

You need to use the sshpass command to pass the password on Linux or Unix command-line. It is a utility designed for running ssh using the mode referred to as “keyboard-interactive” password authentication, but in non-interactive mode.

Do SSH keys need passwords? ›

In terms of convenience, SSH-keys, when used with a program known as an SSH agent, allow users to connect to a server or multiple servers, without requiring the user to remember and re-enter their password when logging into multiple solutions, making for faster, easier log-ins.

How to login via SSH key? ›

Manually Copy the SSH Key with PuTTY
  1. Launch putty.exe . ...
  2. Scroll back to the top of the Category window and click Session. ...
  3. Click the Open button to establish a connection. ...
  4. Once you're logged in to the remote server, configure it to authenticate with your SSH key pair instead of a user's password.
Feb 1, 2023

How can I remotely access a server without VPN? ›

The steps are included below.
  1. Open the Remote Desktop Connection program. ...
  2. In the window that pops up, click Show Option.
  3. Click the Advanced tab.
  4. Click Settings under the Connect from anywhere section.
  5. Use the following settings in the window that pops up: ...
  6. Click OK to exit the "RD Gateway Server Settings".

How do I find the IP address of a remote server? ›

How to Find a Remote IP Address
  1. Click "Start | All Programs | Accessories | Command Prompt" or click "Start," type "cmd.exe" and press "Enter."
  2. Type "ping <computer name>" (without the quotes) into the terminal. ...
  3. Press "Enter." Ping will list the IP address of the remote workstation along with its query results.

Does SSH work remotely? ›

In addition to providing strong encryption, SSH is widely used by network administrators to manage systems and applications remotely, enabling them to log in to another computer over a network, execute commands and move files from one computer to another.

What can you do with SSH? ›

SSH can provide an authenticated and encrypted connection to remote devices for other applications. Virtual Network Computing (VNC) is a useful way to connect to a remote desktop when you need a graphical user interface (GUI) to accomplish your task.

What is SSH host key? ›

Definition(s): A public key used for authenticating a host in the SSH protocol to hosts that want to communicate with it (each host also generally has its own private host key). Some hosts may have more than one host key (e.g., one for each algorithm).

What is difference between SSH and SSH? ›

So, basically, there is no real difference, just different methods to use the encrypted connection.

How to do SSH from Windows? ›

You can start an SSH session in your command prompt by executing ssh user@machine and you will be prompted to enter your password. You can create a Windows Terminal profile that does this on startup by adding the commandline setting to a profile in your settings.json file inside the list of profile objects.

Why you should use SSH keys? ›

SSH keys enable the automation that makes modern cloud services and other computer-dependent services possible and cost-effective. They offer convenience and improved security when properly managed. Functionally SSH keys resemble passwords. They grant access and control who can access what.

What port does SSH use? ›

SSH port 22

The port is used for Secure Shell (SSH) communication and allows remote administration access to the VM. In general, traffic is encrypted using password authentication.

How do I open an SSH client? ›

Open Settings, then go to Apps > Apps & Features. Go to Optional Features. In the list, select OpenSSH Client or OpenSSH Server.

What is an SSH server how it works? ›

SSH is a protocol for securely exchanging data between two computers over an untrusted network. SSH protects the privacy and integrity of the transferred identities, data, and files. It runs in most computers and in practically every server.

Does SSH require a username? ›

If you use ssh to connect to the machine with no username, it will attempt to connect with the username of whoever is logged in. If the logged in user doesn't have a key on the server, then it will attempt password authentication.

Can I SSH without public IP? ›

To connect to a server via SSH when the server does not have a public network, you will have to connect to it via a private network. Therefore, you will first have to connect to a server that has a public IP address.

Do users verify SSH keys? ›

No . Anecdotal evidence suggests that the majority of users will accept SSH server keys without checking them .

What is the difference between SSH and Sshpass? ›

SSH uses direct TTY access to ensure that the password is indeed issued by an interactive keyboard user. sshpass runs SSH in a dedicated TTY, fooling SSH into thinking it is getting the password from an interactive user. [ Check out this guide to boosting hybrid cloud security and protecting your business. ]

What is default password for SSH? ›

The root account uses a password of "root". This would allow anyone to log into the machine via SSH and take complete control.

How do I find my SSH key passphrase? ›

Recovering your SSH key passphrase
  1. In Finder, search for the Keychain Access app.
  2. In Keychain Access, search for SSH.
  3. Double click on the entry for your SSH key to open a new dialog box.
  4. In the lower-left corner, select Show password.
  5. You'll be prompted for your administrative password. ...
  6. Your password will be revealed.

Does Email matter in SSH key? ›

The email is only optional field to identify the key. So the Comment is for you only and you can put anything inside. Many sites and software are using this comment as the key name.

What info do you need to SSH? ›

In order to establish an SSH connection, you need two components: a client and the corresponding server-side component. An SSH client is an application you install on the computer which you will use to connect to another computer or a server.

Can SSH key be stolen? ›

Can SSH keys be stolen? SSH provides a cryptographically secure access method, but there are specific challenges that must be addressed. SSH keys are a valuable target for cybercriminals because stolen credentials can be used to access critical servers.

How do I connect to a remote server using SSH Windows? ›

Using SSH in Windows
  1. Download and install PuTTY. ...
  2. Open PuTTY. ...
  3. Enter the appropriate address into the Hostname or IP address field and click Open. ...
  4. Answer Yes if prompted to confirm your connection. ...
  5. Enter your username and password as prompted.
Jul 4, 2022

How do I connect to a remote server in terminal? ›

Connect to servers in Terminal on Mac
  1. In the Terminal app on your Mac, choose Shell > New Remote Connection.
  2. Select a protocol in the Service list.
  3. Select a shared server in the Server list.
  4. In the User field, enter a user name, then click Connect.

References

Top Articles
Latest Posts
Article information

Author: Barbera Armstrong

Last Updated: 11/24/2023

Views: 5521

Rating: 4.9 / 5 (59 voted)

Reviews: 82% of readers found this page helpful

Author information

Name: Barbera Armstrong

Birthday: 1992-09-12

Address: Suite 993 99852 Daugherty Causeway, Ritchiehaven, VT 49630

Phone: +5026838435397

Job: National Engineer

Hobby: Listening to music, Board games, Photography, Ice skating, LARPing, Kite flying, Rugby

Introduction: My name is Barbera Armstrong, I am a lovely, delightful, cooperative, funny, enchanting, vivacious, tender person who loves writing and wants to share my knowledge and understanding with you.