The ssh command in Linux: secure remote connection

Posted on by BlockmyIP | Category: Linux terminal commands

Introduction

SSH (Secure Shell) is a network protocol that allows secure access to another computer via an encrypted connection. In Linux environments, the ssh command becomes the default tool for administering servers, transferring files, and executing commands remotely without exposing credentials in plain text. This article explains step by step how to use ssh, from installation to advanced configurations such as tunnels and public‑key authentication.

What is SSH?

SSH replaces old tools such as telnet and rsh, which sent information unencrypted. It uses public‑key cryptography to authenticate the server and, optionally, the client. All traffic, including passwords and data, travels within a secure channel protected against eavesdropping and tampering. Furthermore, SSH allows port forwarding and creating tunnels that can encapsulate other protocols securely.

Installation and verification

On most Linux distributions, the ssh client is already installed. To confirm, run ssh -V in the terminal; it should display the OpenSSH version. If it is missing, install it via your package manager: on Debian/Ubuntu use sudo apt-get install openssh-client, on Fedora sudo dnf install openssh-clients, and on Arch sudo pacman -S openssh. The server, required if you wish to accept connections, is installed with openssh-server.

Basic syntax

The simplest way to connect is ssh user@host. If the username on the remote machine matches the local one, you can omit it: ssh host. By default, ssh uses port 22; to specify another, add the option -p port. For example, ssh -p 2222 admin@example.com connects to port 2222.

Most used options

  • -p port: defines the connection port.
  • -i keyfile: indicates the private key to use for authentication.
  • -v: verbose mode, useful for debugging connection problems.
  • -C: enables data compression, beneficial on slow links.
  • -X: X11 forwarding to run graphical applications remotely.

Password‑less connection with public keys

To avoid typing the password each time, generate a key pair with ssh-keygen -t rsa -b 4096. Copy the public key to the server using ssh-copy-id user@host or by manually adding it to ~/.ssh/authorized_keys. Then test access with ssh user@host; you should log in without being prompted for a password. You can protect your private key with a passphrase to increase security.

Tunnels and port forwarding

SSH can create tunnels that encrypt traffic from other applications. A local tunnel is created with ssh -L local_port:destination:remote_port user@host. For example, ssh -L 8080:localhost:80 user@host forwards port 8080 on your machine to port 80 on the server, allowing secure access to an internal web service. Remote forwarding (-R) does the opposite, exposing a local port on the server.

Security best practices

  • Disable password authentication on the server by setting PasswordAuthentication no in /etc/ssh/sshd_config and reload the daemon.
  • Limit which users can log in using AllowUsers or DenyUsers.
  • Change the default port to a non‑standard one to reduce automated attacks.
  • Always use recent versions of OpenSSH and apply security updates.
  • Monitor connection attempts with tools such as fail2ban or by checking /var/log/auth.log.

Conclusion

The ssh command is a fundamental piece for secure administration of Linux systems. Mastering its syntax, options, and advanced techniques such as key authentication and tunneling gives you the ability to manage remote infrastructures confidently without compromising security. Applying the best practices described ensures that your connections remain protected against external threats.

This post is also available in ESPAÑOL.

Leave a Reply

Your email address will not be published. Required fields are marked *

Esta obra está bajo una Licencia Creative Commons Atribución 4.0 Internacional para Francesc Roig francesc@vivaldi.net .