Introduction
Before we start with the tutorial, let's quickly understand – What is SSH Command?
SSH (Secure Shell) command is a secure and encrypted protocol used for remote login and data exchange between two networked devices. It provides a secure channel over an unsecured network, enabling users to securely access and control remote systems.
SSH commands allow users to execute various operations remotely, such as file transfers, running commands, and managing network services. By encrypting the connection, SSH ensures the confidentiality and integrity of data transmitted between devices. It is widely used in system administration, software development, and other fields requiring secure remote access.
This tutorial covers how to log in to a remote machine using the OpenSSH command-line client (ssh) and run commands or complete other tasks. We will also address a few FAQs on how to install MySQL on Ubuntu 20.04.
Advantages of SSH Command
- Secure Remote Access: SSH command provides encrypted and secure remote access to systems, protecting sensitive data from unauthorized access.
- Data Encryption: It encrypts the data transmitted over the network, ensuring confidentiality and preventing data interception or tampering.
- Authentication: SSH offers various authentication methods, including passwords, public-key cryptography, and two-factor authentication, enhancing security.
- Port Forwarding: SSH supports port forwarding, allowing users to securely access services on remote machines through encrypted tunnels.
- Remote Command Execution: SSH enables users to execute commands on remote systems, making it convenient for remote system administration and automation tasks.
Install OpenSSH Client
ssh
is the name of the OpenSSH client application, which can be run from the terminal. Other SSH tools, such as scp
and sftp
, are installed alongside the ssh
command in the OpenSSH client package.
Installing OpenSSH Client on Linux
Most Linux distributions come with the OpenSSH client preinstalled. You can use your distribution package manager to install the ssh client if it isn't already installed on your machine.
Installing OpenSSH on Ubuntu and Debian
sudo apt update
sudo apt install openssh-client
Installing OpenSSH on CentOS and Fedora
sudo dnf install openssh-clients
Installing OpenSSH Client on Windows 10
To connect to a remote machine through SSH, most Windows users use Putty. The most recent versions of Windows 10 do, however, have an OpenSSH client and server. Both programs can be installed using the graphical user interface (GUI) or PowerShell.
Type the following command to get the precise name of the OpenSSH package:
Get-WindowsCapability -Online | ? Name -like 'OpenSSH*'
The command should provide a result similar to this:
Output
Name : OpenSSH.Client~~~~0.0.1.0
State : NotPresent
Name : OpenSSH.Server~~~~0.0.1.0
State : NotPresent
Once you have the package name, use the following command to install it:
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
If you're successful, you'll get something like this:
Output
Path :
Online : True
RestartNeeded : False
Installing OpenSSH Client on macOS
The OpenSSH client is installed by default on macOS.
How to Use the ssh
Command
To log into a remote machine through SSH, the following prerequisites must be met:
- On the remote machine, an SSH server must be running.
- The SSH port on the remote machine's firewall must be open.
- The remote account's username and password must be known. For remote login, the account must have the appropriate privileges.
The ssh
command's fundamental syntax is as follows:
ssh [OPTIONS] [USER@]:HOST
To use ssh
, open a Terminal or PowerShell window and type ssh
followed by the remote hostname:
ssh ssh.vegastack.com
When you initially connect to a remote machine using SSH, you'll receive a notice similar to the one below.
Output
The authenticity of host 'ssh.vegastack.com (192.168.121.111)' can't be established. ECDSA key fingerprint is SHA256:Vybt22mVXuNuB5unE++yowF7lgA/9/2bLSiO3qmYWBY.
Are you sure you want to continue connecting (yes/no)?
The ~/.ssh/known_hosts
file has a unique fingerprint for each host.
If you want to save the remote fingerprint, you'll be asked for your password.
Output
Warning: Permanently added 'ssh.vegastack.com' (ECDSA) to the list of known hosts.
[email protected]'s password:
You will be logged in to the remote system after entering the password.
The ssh
command uses the current system login name if no username is specified.
To log in as a different user, use the following syntax for the username and host:
ssh username@hostname
The -l
option can also be used to specify the username:
ssh -l username hostname
When no port is specified, the SSH client will attempt to connect to the remote server on port 22 by default. Administrators are changing the default SSH port on certain sites to give an extra layer of security by minimizing the danger of automated attacks.
Use the -p
option to connect to a port other than the default:
ssh -p 5522 username@hostname
Use the -v
option to tell ssh
to print debugging messages if you're having authentication or connection problems:
ssh -v username@hostname
Use -vv
or -vvv
to increase the level of verbosity.
There are several options available when using the ssh
command.
By typing man ssh
in your terminal, you can get a complete list of all options.
SSH Config File
If you use SSH to connect to many remote systems on a daily basis, you'll find it difficult, if not impossible, to remember all the remote IP addresses, different identities, non-standard ports, and other command-line arguments.
The settings set in the per-user configuration file (~/.ssh/config
) are read by the OpenSSH client. You can save various SSH options for each remote machine you connect to in this file.
The following is an example of an SSH configuration:
Host dev
HostName dev.vegastack.com
User mike
Port 4422
When you type ssh dev
, the ssh client will read the ~/.ssh/config
file and connect to the dev host using the connection information indicated in the file. ssh dev
is equivalent to the following in this case:
ssh -p 4422 [email protected]
Public Key Authentication
Various authentication schemes are supported by the SSH protocol.
You can log in to the distant server using the public key-based authentication mechanism without having to type your password.
This approach generates a pair of cryptographic keys that are then used to authenticate the user. The private key is kept on the client device, while the public key is sent to each remote server you want to access. It's necessary to set up the remote server to accept key authentication.
You can generate an SSH key pair on your local machine if you don't already have one by typing:
ssh-keygen -t rsa -b 4096 -C "[email protected]"
You'll be prompted to provide a secure password. It's entirely up to you whether to use a pass.
Copy the public key to the remote server once you have your key pair:
ssh-copy-id username@hostname
The public key will be appended to the remote user authorized keys file once you enter the remote user password.
You can log in to the remote server without having to enter a password once the key has been uploaded.
You may make the login procedure easier and the server more secure by using key-based authentication.
Port Forwarding
SSH tunneling, also known as SSH port forwarding, is a mechanism for relaying services ports across an encrypted SSH connection between a client and a server system.
SSH forwarding is important for transmitting network data of services that employ an unencrypted protocol, such as VNC or FTP, for accessing geo-restricted content, and for getting over intermediate firewalls. Basically, any TCP port can be forwarded and traffic tunneled through a secure SSH connection.
SSH port forwarding can be divided into three categories:
Local Port Forwarding
Local port forwarding allows you to forward a connection from the client host to the SSH server host, which is then forwarded to the destination host port.
Pass the -L
option to the ssh client to set up a local port forwarding:
ssh -L [LOCAL_IP:]LOCAL_PORT:DESTINATION_HOST:DESTINATION_PORT -N -f username@hostname
The -f
option tells ssh to run in the background, while -N
tells it not to run a remote command.
Remote Port Forwarding
It is the opposite of local port forwarding. It transfers a port from the server host to the client host, and then to the port of the destination host.
SSH is told to create a remote port forwarding with the -R
option:
ssh -R [REMOTE:]REMOTE_PORT:DESTINATION:DESTINATION_PORT -N -f username@hostname
Dynamic Port Forwarding
Dynamic port forwarding establishes a SOCKS proxy server that permits communication over a variety of ports.
To set up a dynamic port forwarding configuration (SOCKS) pass the ssh client with the -D
option:
ssh -D [LOCAL_IP:]LOCAL_PORT -N -f username@hostname
FAQs About SSH Command
How does SSH ensure security?
SSH ensures security through encryption, authentication methods, and data integrity checks, providing a secure channel for remote access and data exchange.
Can SSH be used for file transfers?
Yes, SSH supports secure file transfers through protocols like SCP (Secure Copy) and SFTP (SSH File Transfer Protocol).
What authentication methods does SSH support?
SSH supports password-based authentication, public-key cryptography, and even two-factor authentication for enhanced security.
Can SSH be used for port forwarding?
Yes, SSH supports port forwarding, allowing users to securely access services on remote machines through encrypted tunnels.
Can SSH be used for remote command execution?
Absolutely! SSH allows users to execute commands on remote systems, making it useful for remote system administration and automation tasks.
Is SSH widely used in the industry?
Yes, SSH is widely used in various industries for secure remote access, server administration, software development, and network management.
Conclusion
Use the ssh
command followed by the remote username and hostname (ssh username@hostname
) to connect to a remote server through SSH.
When it comes to administering distant servers, knowing how to utilize the ssh command is vital.
If you have any queries, please leave a comment below and we’ll be happy to respond to them.