The SSH protocol in Linux is used to manage remote systems. Ordinarily, this would be another Linux system, but it could also be a firewall, router, or even a different operating system entirely. Using the SSH protocol to remotely log into another system will give you a command line terminal that you can fully access as if you were physically in front of the machine.
As you can imagine, being able to manage a countless number of remote systems without getting up from your chair is a dream for Linux administrators, or even ordinary users that have multiple systems in different locations. SSH can also be used to create port forwarding tunnels, effectively encrypting and securing connections made through any type of application on your Linux system.
In this tutorial, you will learn how to use the SSH protocol in Linux through examples. Follow along below to learn about the various options that you can use with this command. You will also see how to install the OpenSSH package on your system and implement various SSH configuration on your server.
In this tutorial you will learn:
- How to install OpenSSH package on major Linux distros
- How to allow remote SSH login for root account
- How to execute command after SSH remote login
- How to use
scpcommand to copy files to and from remote server
- How to use SSH port forwarding
- How to tar over SSH
- How to add SSH alias
|Category||Requirements, Conventions or Software Version Used|
|System||Any Linux system|
|Software||OpenSSH Server and Client|
|Other||Privileged access to your Linux system as root or via the
# – requires given linux commands to be executed with root privileges either directly as a root user or by use of
$ – requires given linux commands to be executed as a regular non-privileged user
How to install OpenSSH Server and Client on major Linux distributions
Before we get started, you will need to have OpenSSH installed on your system. The OpenSSH Server package will need installed if you would like your computer to accept incoming SSH connections. Otherwise, if you would just like to initiate outgoing connections with the
sshcommand, then you can install the OpenSSH Clients package. Of course, you may also install both.
You can use the appropriate command below to install OpenSSH with your system’s package manager.
$ sudo apt install ssh
$ sudo dnf install openssh-server openssh-clients
$ sudo pacman -S openssh
How to login to a remote system via SSH protocol
In order to login to a remote system using SSH, you will use the
ssh command in terminal. The
ssh command is essential if you want to manage remote systems. Follow along with our examples below to learn about some of the most common and useful options to use with the command.
- To login to a remote system with
ssh, simply specify the host name or IP address of the remote system in your
sshcommand. As an example, we will show the command to SSH into a server named
linuxconfig.orgthat has an IP address of
$ ssh linuxconfig.org OR $ ssh 10.1.1.1
- Unless the username that you’re currently logged into is the same as the username on the remote system, you will want to specify the username and your
sshcommand. There are two different ways to do that, as seen below.
$ ssh email@example.com OR $ ssh -l user linuxconfig.org
- The default port for SSH to listen on is 22. If the remote system is running the SSH service on some non default port, you can specify that port with the
-poption in your command. The following example shows how you would SSH into a remote system that’s running the service on port 2210.
$ ssh -p 2210 firstname.lastname@example.org
-v(verbose) option will give you details about the connection process of SSH. This is useful when troubleshooting a troublesome connection.
$ ssh -v email@example.com
- To increase verbosity even further, you can use the
$ ssh -vvv firstname.lastname@example.org
How to allow remote SSH login for root account
Logging into the root account via an SSH connection is disabled by default. This is done for security purposes. In case an account is compromised, it means the attacker will not automatically have root permissions as well.
If you would like to do without this security recommendation and be able to login to SSH with your root account, there’s a simple setting you can change in the SSH server configuration file to enable root login. Follow the steps below to configure this setting.
- Open the
/etc/ssh/sshd_configfile with administrative privileges, using nano or which ever text editor you prefer.
$ sudo nano /etc/ssh/sshd_config
- Within this file, find and change the following line:
The quick way to do this job could be just to simply use the
sedcommand as shown below:
$ sudo sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
- When you have finished making this change, save the file and then restart the SSH service in order for the changes to take effect.
Debian based: $ sudo systemctl restart ssh Red Hat based: $ sudo systemctl restart sshd
- Keep in mind that the root account does not have a configured password on some Linux distributions. If this is the case for your system, you will need to set a root password with the
passwdcommand before you can log in to the root account via SSH.
$ sudo passwd [sudo] password for linuxconfig: Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully
- Finally, you are ready to login to SSH with the root user account.
$ ssh email@example.com
How to execute command after SSH remote login
SSH is more powerful than just providing a user with remote shell access, as it can also be used to automate remote command executions, like running simple backups and downloading the backup file locally.
Use some of the commands below to see how remote command execution via SSH works, and adapt them to your own needs.
- The following SSH command can be used to create a file remotely.
$ ssh user@hostname '( cd /tmp/ && touch ssh_file.txt )'
- This example will make a local copy of a remote
$ ssh user@username '( cat /etc/passwd )' > /tmp/passwd
- This example will execute a script on the remote server. Of course, this will only work if the script already exists and has the proper executable permissions.
$ ssh user@hostname '( cat ~/myscript.sh )'
- In this example we make a bzip2 local copy of the remote server’s
/var/log/auth.logfile to a local file in the
$ ssh user@hostname '( cp /var/log/auth.log /tmp/; cd /tmp/ && tar -jcvf - auth.log )' > /tmp/auth.tar.bz2
How to copy files and directories from remote server to local computer
scp command works through the SSH protocol and is used to copy files and directories to or from a remote system. It works very similarly to the cp command, except that it copies files to or from other systems that are either on your local network or somewhere over the internet.
Check some of the examples below to see how you can use
scp to copy files to and from a remote system.
- Let’s look at a simple example where we use the
scpcommand to copy a local file named
file.txtto a remote server with IP address
$ scp file.txt firstname.lastname@example.org:/home/linuxconfig
In this example, we are authenticating with the username
10.1.1.20. After supplying the password or authenticating with RSA keys, our file
file.txtwill be copied from the local system into remote directory
- If we had wanted our original file to adopt a new file name on the remote system, we can specify that in our command.
$ scp file.txt email@example.com:/home/linuxconfig/newname.txt
- To copy a directory instead of a file to the remote system, you will need to use the
-roption in your
$ scp -r Downloads firstname.lastname@example.org:/home/linuxconfig/
In this example, we are copying our local
Downloadsdirectory into the remote
- So far, we have seen how to copy files and directories from our local system to the remote system. But, what about the other way around? If we want to copy a remote file into our local system, all we need to do is reverse the order of the command, as seen below.
$ scp email@example.com:/home/linuxconfig/file.txt /path/to/destination
In this example, we are copying remote file
/home/linuxconfig/file.txtinto our local directory at
How to use SSH port forwarding
SSH port forwarding can be used to encrypt the traffic between two systems for pretty much any protocol. This is accomplished by creating a secure tunnel and then routing another protocol’s traffic through that tunnel. By principle, it works very similarly to a VPN.
As an example, we’ll create port forwarding for the telnet protocol, which is usually avoided because of how it transfers data in clear text. This will secure the protocol and make it safe to use. For this example, we will forward port 4500 on our local system to port 23 (telnet) on a remote system.
$ ssh -L 4500:127.0.0.1:23 firstname.lastname@example.org
Let’s dissect what’s going on in this command.
-L– This option tells SSH that we want to create a tunnel through port forwarding.
4500– The port on our local system which we will send traffic through.
127.0.0.1– This is our local system’s loopback address.
23– The remote port that we are trying to connect to.
user– The username to login to SSH on the remote server.
linuxconfig.org– The remote server IP or domain name.
At this point, every connection which uses port 4500 on the localhost will be redirected to remote port 23.
Now, on our local system, we can access the telnet service of the remote system by routing traffic through port 4500.
$ telnet 127.0.0.1 4500
That’s all there is to it. You can use SSH tunnels for any type of traffic. The thing to remember is that you should point your application to your localhost address (127.0.0.1) and the port number that you configure for the SSH tunnel.
How to login to SSH without password
If you ever get tired of typing in your SSH password, it’s possible to configure public key authentication, which allows you to connect to a server through SSH, without using a password.
The best part is, using key authentication is actually more secure than typing in a password each time. This is in addition to being far more convenient. It also allows you to automate certain tasks, such as rsync scripts or other Bash scripts that utilize SSH, SCP, etc.
Follow the step by step instructions below to setup this configuration.
- Start by opening a terminal and generating RSA keys on the system that you will be connecting from. Run the following command, then press
- Next, we copy our key to the remote system by using the
ssh-copy-idcommand. We’ll also specify our SSH user and the remote system’s hostname or IP address. Then, you’ll be prompted for the SSH login password.
$ ssh-copy-id user@hostname
- Now that the key has been copied to the remote system, you will be able to connect like usual, but without needing to give the password anymore.
$ ssh user@hostname
That’s all there is to it. You won’t need to specify a password again. However, if the RSA keys are deleted or replaced, you will have to delete the old pair and generate them again by following this same set of instructions.
How to tar over SSH
As seen earlier in this tutorial, it is possible to use SSH output redirection to run commands on a remote system. One of the most common commands that Linux administrators find themselves running remotely is the
tarcommand. This allows them to bundle and optionally compress remote files, usually for easy transfer later on.
Check out some of the examples below to see how to use SSH output redirection in order to use tar over SSH.
- In this first example we will make a simple uncompressed tar file of the home directory of user
$ ssh user@hostname '( tar -cf /tmp/home.tar /home/linuxconfig )'
- And what if we wanted to also transfer this tar file to our local system? In that case, we add the
>operator to the end.
$ ssh user@hostname '( tar -cf - /home/linuxconfig )' > /tmp/home.tar
- Let’s add some compression to the tar file (gzip) and add verbosity option to
$ ssh user@hostname '( tar -czvf - /home/linuxconfig )' > /tmp/home.tar.gz
As you can see, SSH becomes quite powerful when it can provide us a way to compress and transfer remote directories to our local system.
How to add SSH alias
As you can see in some of the example commands earlier in our tutorial, the SSH command is not hard to use, but can become quite long under certain circumstances. Linux administrators that need to run these commands multiple times per day may find this particularly annoying, so it is best to create some alias for these long commands. We will cover two methods for this below.
Create an alias by editing .bashrc file
Let’s create a ssh alias which allows us to ssh login to remote server ( example:
linuxconfig.org on port
2222 ) with a single command.
- First, open the
.bashrc filewith your favourite text editor.
$ nano ~/.bashrc
- Then, append the following line to the file.
alias lconfig='ssh -p 2222 linuxconfig.org'
- Save your changes and exit the file when done. Your new alias will be activated when you create a new shell session. Therefore, open up new terminal ( or logout and login ) and enter lconfig command to login to your remote server. If you have successfuly exchanged your public keys with a remote server you should be able login to your remote server in no time.
Create a symlink to ssh custom ssh script
Second option is little bit more tricky but at the same time it also allows us to execute any commands on a remote server directly from local shell.
- First, create a bash script with the following two lines:
#/bin/bash ssh `basename $0` $*
- Login as a root make this script executable and copy this script into
# chmod +x /tmp/ssh-autologin.sh # cp /tmp/ssh-autologin.sh /usr/local/bin/
- Now, create a symbolic link to your script where the name of your new symbolic link will be an IP address or hostname of your remote server:
# ln -s /usr/local/bin/ssh-autologin.sh /usr/local/bin/linuxconfig.org
or create IP address symlink:
# ln -s /usr/local/bin/ssh-autologin.sh /usr/local/bin/184.108.40.206
- Ensure that
/usr/local/bindirectory is in your
$ echo $PATH
- If you need to add
/usr/local/bindirectory to your path follow this simple ENV PATH how to. All set and ready. To login to your remote server simply enter command:
- To see who is online on your remote server with an IP
220.127.116.11without actual ssh login, enter:
$ 18.104.22.168 who
Follow LinuxConfig.org on Twitter for the latest tips and tricks about Linux!
The command above will create ssh connection, execute
whocommand on the remote server, print the output on your local terminal and logout.
In this tutorial, we learned how to install OpenSSH on major Linux distros, as well as all the basics to get started using the service. The SSH protocol is by far the most widespread and commonly supported way to manage remote systems at the command line. We covered all the most basic and advanced options that you will need to know with the command, although even more exist. SSH is a very secure and convenient way to manage remote Linux systems as well as other network devices.