SSH remote login syntax and examples

The SSH protocol in Linux is used to manage remote systems. Ordinarily, this would be another Linux system, but it could also be a firewall, router, or even a different operating system entirely. Using the SSH protocol to remotely log into another system will give you a command line terminal that you can fully access as if you were physically in front of the machine.

As you can imagine, being able to manage a countless number of remote systems without getting up from your chair is a dream for Linux administrators, or even ordinary users that have multiple systems in different locations. SSH can also be used to create port forwarding tunnels, effectively encrypting and securing connections made through any type of application on your Linux system.

In this tutorial, you will learn how to use the SSH protocol in Linux through examples. Follow along below to learn about the various options that you can use with this command. You will also see how to install the OpenSSH package on your system and implement various SSH configuration on your server.

In this tutorial you will learn:

  • How to install OpenSSH package on major Linux distros
  • How to allow remote SSH login for root account
  • How to execute command after SSH remote login
  • How to use scp command to copy files to and from remote server
  • How to use SSH port forwarding
  • How to tar over SSH
  • How to add SSH alias
SSH remote login syntax and examples
SSH remote login syntax and examples
Software Requirements and Linux Command Line Conventions
Category Requirements, Conventions or Software Version Used
System Any Linux system
Software OpenSSH Server and Client
Other Privileged access to your Linux system as root or via the sudo command.
Conventions # – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command
$ – requires given linux commands to be executed as a regular non-privileged user

How to install OpenSSH Server and Client on major Linux distributions



Twitter icon Follow LinuxConfig.org on Twitter for the latest tips and tricks about Linux!


Before we get started, you will need to have OpenSSH installed on your system. The OpenSSH Server package will need installed if you would like your computer to accept incoming SSH connections. Otherwise, if you would just like to initiate outgoing connections with the ssh command, then you can install the OpenSSH Clients package. Of course, you may also install both.

You can use the appropriate command below to install OpenSSH with your system’s package manager.

To install OpenSSH on Ubuntu, Debian, and Linux Mint:

$ sudo apt install ssh

To install OpenSSH on Fedora, CentOS, AlmaLinux, and Red Hat:

$ sudo dnf install openssh-server openssh-clients

To install OpenSSH on Arch Linux and Manjaro:

$ sudo pacman -S openssh

How to login to a remote system via SSH protocol

In order to login to a remote system using SSH, you will use the ssh command in terminal. The ssh command is essential if you want to manage remote systems. Follow along with our examples below to learn about some of the most common and useful options to use with the command.

  1. To login to a remote system with ssh, simply specify the host name or IP address of the remote system in your ssh command. As an example, we will show the command to SSH into a server named linuxconfig.org that has an IP address of 10.1.1.1.
    $ ssh linuxconfig.org
    OR
    $ ssh 10.1.1.1
    
  2. Unless the username that you’re currently logged into is the same as the username on the remote system, you will want to specify the username and your ssh command. There are two different ways to do that, as seen below.
    $ ssh user@linuxconfig.org
    OR
    $ ssh -l user linuxconfig.org
    
  3. The default port for SSH to listen on is 22. If the remote system is running the SSH service on some non default port, you can specify that port with the -p option in your command. The following example shows how you would SSH into a remote system that’s running the service on port 2210.
    $ ssh -p 2210 user@linuxconfig.org
    
  4. The -v (verbose) option will give you details about the connection process of SSH. This is useful when troubleshooting a troublesome connection.


    $ ssh -v user@linuxconfig.org
    
  5. To increase verbosity even further, you can use the -vvv option.
    $ ssh -vvv user@linuxconfig.org
    

How to allow remote SSH login for root account

Logging into the root account via an SSH connection is disabled by default. This is done for security purposes. In case an account is compromised, it means the attacker will not automatically have root permissions as well.

If you would like to do without this security recommendation and be able to login to SSH with your root account, there’s a simple setting you can change in the SSH server configuration file to enable root login. Follow the steps below to configure this setting.

  1. Open the /etc/ssh/sshd_config file with administrative privileges, using nano or which ever text editor you prefer.
    $ sudo nano /etc/ssh/sshd_config
    
  2. Within this file, find and change the following line:

    Change from:

    #PermitRootLogin prohibit-password
    

    Change to:

    PermitRootLogin yes
    

    The quick way to do this job could be just to simply use the sed command as shown below:

    $ sudo sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
    
  3. When you have finished making this change, save the file and then restart the SSH service in order for the changes to take effect.
    Debian based:
    $ sudo systemctl restart ssh
    
    Red Hat based:
    $ sudo systemctl restart sshd
    
  4. Keep in mind that the root account does not have a configured password on some Linux distributions. If this is the case for your system, you will need to set a root password with the passwd command before you can log in to the root account via SSH.


    $ sudo passwd
    [sudo] password for linuxconfig: 
    Enter new UNIX password: 
    Retype new UNIX password: 
    passwd: password updated successfully
    
  5. Finally, you are ready to login to SSH with the root user account.
    $ ssh root@linuxconfig.org
    

How to execute command after SSH remote login

SSH is more powerful than just providing a user with remote shell access, as it can also be used to automate remote command executions, like running simple backups and downloading the backup file locally.

Use some of the commands below to see how remote command execution via SSH works, and adapt them to your own needs.

  1. The following SSH command can be used to create a file remotely.
    $ ssh user@hostname '( cd /tmp/ && touch ssh_file.txt )'
    
  2. This example will make a local copy of a remote /etc/passwd file to /tmp/passwd:
    $ ssh user@username '( cat /etc/passwd )' > /tmp/passwd
    
  3. This example will execute a script on the remote server. Of course, this will only work if the script already exists and has the proper executable permissions.
    $ ssh user@hostname '( cat ~/myscript.sh )'
    
  4. In this example we make a bzip2 local copy of the remote server’s /var/log/auth.log file to a local file in the /tmp/ directory:
    $ ssh user@hostname '( cp /var/log/auth.log /tmp/; cd /tmp/ && tar -jcvf - auth.log )' > /tmp/auth.tar.bz2
    

How to copy files and directories from remote server to local computer

The scp command works through the SSH protocol and is used to copy files and directories to or from a remote system. It works very similarly to the cp command, except that it copies files to or from other systems that are either on your local network or somewhere over the internet.

Check some of the examples below to see how you can use scp to copy files to and from a remote system.

  1. Let’s look at a simple example where we use the scp command to copy a local file named file.txt to a remote server with IP address 10.1.1.20.
    $ scp file.txt linuxconfig@10.1.1.20:/home/linuxconfig
    

    In this example, we are authenticating with the username linuxconfig on server 10.1.1.20. After supplying the password or authenticating with RSA keys, our file file.txt will be copied from the local system into remote directory /home/linuxconfig.

  2. If we had wanted our original file to adopt a new file name on the remote system, we can specify that in our command.
    $ scp file.txt linuxconfig@10.1.1.20:/home/linuxconfig/newname.txt
    
  3. To copy a directory instead of a file to the remote system, you will need to use the -r option in your scp command.
    $ scp -r Downloads linuxconfig@10.1.1.20:/home/linuxconfig/
    

    In this example, we are copying our local Downloads directory into the remote /home/linuxconfig/ directory.

  4. So far, we have seen how to copy files and directories from our local system to the remote system. But, what about the other way around? If we want to copy a remote file into our local system, all we need to do is reverse the order of the command, as seen below.
    $ scp linuxconfig@10.1.1.20:/home/linuxconfig/file.txt /path/to/destination
    

    In this example, we are copying remote file /home/linuxconfig/file.txt into our local directory at /path/to/destination.

How to use SSH port forwarding



Twitter icon Follow LinuxConfig.org on Twitter for the latest tips and tricks about Linux!


SSH port forwarding can be used to encrypt the traffic between two systems for pretty much any protocol. This is accomplished by creating a secure tunnel and then routing another protocol’s traffic through that tunnel. By principle, it works very similarly to a VPN.

As an example, we’ll create port forwarding for the telnet protocol, which is usually avoided because of how it transfers data in clear text. This will secure the protocol and make it safe to use. For this example, we will forward port 4500 on our local system to port 23 (telnet) on a remote system.

$ ssh -L 4500:127.0.0.1:23 user@linuxconfig.org

Let’s dissect what’s going on in this command.

  • -L – This option tells SSH that we want to create a tunnel through port forwarding.
  • 4500 – The port on our local system which we will send traffic through.
  • 127.0.0.1 – This is our local system’s loopback address.
  • 23 – The remote port that we are trying to connect to.
  • user – The username to login to SSH on the remote server.
  • linuxconfig.org – The remote server IP or domain name.

At this point, every connection which uses port 4500 on the localhost will be redirected to remote port 23.

Now, on our local system, we can access the telnet service of the remote system by routing traffic through port 4500.

$ telnet 127.0.0.1 4500

That’s all there is to it. You can use SSH tunnels for any type of traffic. The thing to remember is that you should point your application to your localhost address (127.0.0.1) and the port number that you configure for the SSH tunnel.

How to login to SSH without password

If you ever get tired of typing in your SSH password, it’s possible to configure public key authentication, which allows you to connect to a server through SSH, without using a password.

The best part is, using key authentication is actually more secure than typing in a password each time. This is in addition to being far more convenient. It also allows you to automate certain tasks, such as rsync scripts or other Bash scripts that utilize SSH, SCP, etc.

Follow the step by step instructions below to setup this configuration.

  1. Start by opening a terminal and generating RSA keys on the system that you will be connecting from. Run the following command, then press Enter three times.
    $ ssh-keygen
    
  2. Next, we copy our key to the remote system by using the ssh-copy-id command. We’ll also specify our SSH user and the remote system’s hostname or IP address. Then, you’ll be prompted for the SSH login password.
    $ ssh-copy-id user@hostname
    
  3. Now that the key has been copied to the remote system, you will be able to connect like usual, but without needing to give the password anymore.
    $ ssh user@hostname
    

That’s all there is to it. You won’t need to specify a password again. However, if the RSA keys are deleted or replaced, you will have to delete the old pair and generate them again by following this same set of instructions.

How to tar over SSH




As seen earlier in this tutorial, it is possible to use SSH output redirection to run commands on a remote system. One of the most common commands that Linux administrators find themselves running remotely is the tar command. This allows them to bundle and optionally compress remote files, usually for easy transfer later on.

Check out some of the examples below to see how to use SSH output redirection in order to use tar over SSH.

  1. In this first example we will make a simple uncompressed tar file of the home directory of user linuxconfig.
    $ ssh user@hostname '( tar -cf /tmp/home.tar /home/linuxconfig )'
    
  2. And what if we wanted to also transfer this tar file to our local system? In that case, we add the > operator to the end.
    $ ssh user@hostname '( tar -cf - /home/linuxconfig )' > /tmp/home.tar
    
  3. Let’s add some compression to the tar file (gzip) and add verbosity option to tar.
    $ ssh user@hostname '( tar -czvf - /home/linuxconfig )' > /tmp/home.tar.gz
    

As you can see, SSH becomes quite powerful when it can provide us a way to compress and transfer remote directories to our local system.

How to add SSH alias

As you can see in some of the example commands earlier in our tutorial, the SSH command is not hard to use, but can become quite long under certain circumstances. Linux administrators that need to run these commands multiple times per day may find this particularly annoying, so it is best to create some alias for these long commands. We will cover two methods for this below.

Create an alias by editing .bashrc file

Let’s create a ssh alias which allows us to ssh login to remote server ( example: linuxconfig.org on port 2222 ) with a single command.

  1. First, open the .bashrc file with your favourite text editor.
    $ nano ~/.bashrc
    
  2. Then, append the following line to the file.
    alias lconfig='ssh -p 2222 linuxconfig.org'
    



  3. Save your changes and exit the file when done. Your new alias will be activated when you create a new shell session. Therefore, open up new terminal ( or logout and login ) and enter lconfig command to login to your remote server. If you have successfuly exchanged your public keys with a remote server you should be able login to your remote server in no time.
    $ lconfig
    

Create a symlink to ssh custom ssh script

Second option is little bit more tricky but at the same time it also allows us to execute any commands on a remote server directly from local shell.

  1. First, create a bash script with the following two lines:
    #/bin/bash
    ssh `basename $0` $*
    
  2. Login as a root make this script executable and copy this script into /usr/local/bin directory:
    # chmod +x /tmp/ssh-autologin.sh
    # cp /tmp/ssh-autologin.sh /usr/local/bin/
    
  3. Now, create a symbolic link to your script where the name of your new symbolic link will be an IP address or hostname of your remote server:
    # ln -s /usr/local/bin/ssh-autologin.sh /usr/local/bin/linuxconfig.org
    

    or create IP address symlink:

    # ln -s /usr/local/bin/ssh-autologin.sh /usr/local/bin/8.8.8.8
    
  4. Ensure that /usr/local/bin directory is in your PATH by:
    $ echo $PATH
    
  5. If you need to add /usr/local/bin directory to your path follow this simple ENV PATH how to. All set and ready. To login to your remote server simply enter command:
    $ linuxconfig.org
    
  6. To see who is online on your remote server with an IP 8.8.8.8 without actual ssh login, enter:
    $ 8.8.8.8 who
    



    Twitter icon Follow LinuxConfig.org on Twitter for the latest tips and tricks about Linux!


    The command above will create ssh connection, execute who command on the remote server, print the output on your local terminal and logout.

Closing Thoughts

In this tutorial, we learned how to install OpenSSH on major Linux distros, as well as all the basics to get started using the service. The SSH protocol is by far the most widespread and commonly supported way to manage remote systems at the command line. We covered all the most basic and advanced options that you will need to know with the command, although even more exist. SSH is a very secure and convenient way to manage remote Linux systems as well as other network devices.



Comments and Discussions
Linux Forum