The ssh command in Linux is used to manage remote systems. Ordinarily, this would be another Linux system, but it could also be a firewall, router, or even a different operating system entirely. Using the ssh command to remotely log into another system will give you a command line terminal that you can fully access as if you were physically in front of the machine.
As you can imagine, being able to manage a countless number of remote systems without getting up from your chair is a dream for Linux administrators, or even ordinary users that have multiple systems in different locations. SSH can also be used to create port forwarding tunnels, effectively encrypting and securing connections made through any type of application on your Linux system.
The ssh command has a few different options that we can specify which allow us to manage our connection with the remote machine. Some of these are definitely worth learning, such as how to specify a username or port number with the ssh command.
In this guide, you’ll learn how to use the ssh command in Linux through examples. Follow along below to learn about the various options that you can use with this command. Before beginning, you may want to check out our guide on getting the most out of OpenSSH, as it explains how to get the protocol installed on any type of Linux distribution.
In this tutorial you will learn:
- How to use the ssh command on Linux
- Modern SSH features and security best practices
- SSH configuration management
- Authentication methods and key management
| Category | Requirements, Conventions or Software Version Used |
|---|---|
| System | Any Linux distro |
| Software | ssh |
| Other | Privileged access to your Linux system as root or via the sudo command. |
| Conventions | # – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command$ – requires given linux commands to be executed as a regular non-privileged user |
Basic SSH Usage
The ssh command is essential if you want to manage remote systems. Follow along with our examples below to learn about some of the most common and useful options to use with the command.
Basic Connection Examples
- Connect to remote host: To login to a remote system with ssh, simply specify the host name or IP address of the remote system in your ssh command. As an example, we will show the command to SSH into a server named
linuxconfig.orgthat has an IP address of10.1.1.1.$ ssh linuxconfig.org OR $ ssh 10.1.1.1
- Specify username: Unless the username that you’re currently logged into is the same as the username on the remote system, you will want to specify the username in your ssh command. There are two different ways to do that, as seen below.
$ ssh user@linuxconfig.org OR $ ssh -l user linuxconfig.org
- Use non-default port: The default port for SSH to listen on is 22. If the remote system is running the SSH service on some non default port, you can specify that port with the
-poption in your command. The following example shows how you would SSH into a remote system that’s running the service on port 2210.$ ssh -p 2210 user@linuxconfig.org
- Force IPv4 or IPv6: Use the
-4or-6options with the ssh command to specify IPv4 or IPv6 connections only, respectively.$ ssh -4 user@linuxconfig.org OR $ ssh -6 user@linuxconfig.org
NOTE
You can always use the man command to read more about the ssh command and its official documentation.
SSH Configuration Management
Managing multiple SSH connections becomes easier when you use SSH configuration files and modern connection features.
Using SSH Config Files
- SSH config file basics: Instead of typing long SSH commands with all options every time, you can create an SSH config file at
~/.ssh/configto store connection preferences for different hosts. Here’s a basic example:Host myserver HostName linuxconfig.org User admin Port 2210 IdentityFile ~/.ssh/id_ed25519After creating this configuration, you can simply connect with:
$ ssh myserver
For more complex SSH configurations, check out our SSH config generator tool.
- Jump host configuration: When you need to connect to a server through an intermediate host (jump server), use the
ProxyJumpoption. This is common in corporate environments where direct access to internal servers is restricted.$ ssh -J jumphost.example.com user@internal.example.com
Or in your config file:
Host internal HostName internal.example.com User admin ProxyJump jumphost.example.com - Connection multiplexing: Use
ControlMasterto reuse existing SSH connections, which speeds up subsequent connections to the same host. Add this to your~/.ssh/config:Host * ControlMaster auto ControlPath ~/.ssh/sockets/%r@%h-%p ControlPersist 600First, create the sockets directory:
$ mkdir -p ~/.ssh/sockets
Advanced Connection Features
- Enable X forwarding: To enable X forwarding with SSH, use the
-Xoption in your command. This allows you to run graphical applications on the remote system and display them locally.$ ssh -X user@linuxconfig.org
- Enable compression: The
-Coption can be used to enable compression for your SSH session. Things like standard input and standard error will be compressed with gzip before being sent to your terminal. This option is useful on slower connections.$ ssh -C user@linuxconfig.org
- SSH agent forwarding: Use the
-Aoption to forward your SSH agent to the remote system. This allows you to use your local SSH keys on the remote host without copying them.$ ssh -A user@linuxconfig.org
SECURITY WARNING
Only use agent forwarding with trusted hosts, as it can pose security risks if the remote system is compromised.
SSH Key Management
Modern SSH security relies on proper key management and using current cryptographic standards.
- Generate ed25519 keys: The ed25519 algorithm is the current recommended key type for SSH. It’s faster and more secure than traditional RSA keys. Generate a new ed25519 key pair with:
$ ssh-keygen -t ed25519 -C "your_email@example.com"
This creates a private key at
~/.ssh/id_ed25519and a public key at~/.ssh/id_ed25519.pub. - Copy public key to server: Use
ssh-copy-idto install your public key on a remote server for passwordless authentication:$ ssh-copy-id -i ~/.ssh/id_ed25519.pub user@linuxconfig.org
- Specify key file: If you have multiple SSH keys, specify which one to use with the
-ioption:$ ssh -i ~/.ssh/id_ed25519 user@linuxconfig.org
MIGRATING FROM RSA
If you’re currently using RSA keys, consider migrating to ed25519 for better security and performance. We’ll cover the complete migration process in a dedicated article.
Security Best Practices
Implementing proper security measures is crucial when using SSH to manage remote systems.
- Disable password authentication: After setting up key-based authentication, you should disable password authentication on your SSH server. Edit
/etc/ssh/sshd_configon the remote system:# vi /etc/ssh/sshd_config
Set the following option:
PasswordAuthentication no
Then restart the SSH service:
# systemctl restart sshd
IMPORTANT
Make sure you have working key-based authentication before disabling password login, or you may lock yourself out. - Verify host keys: When connecting to a server for the first time, SSH will ask you to verify the host key fingerprint. Always verify this fingerprint through a separate secure channel before accepting it:
The authenticity of host 'linuxconfig.org' can't be established. ED25519 key fingerprint is SHA256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. Are you sure you want to continue connecting (yes/no)?
- Use strong key lengths: If you must use RSA keys instead of ed25519, ensure they are at least 2048 bits, preferably 4096 bits:
$ ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
Troubleshooting SSH Connections
- Verbose output: The
-v(verbose) option will give you details about the connection process of SSH. This is useful when troubleshooting a problematic connection.$ ssh -v user@linuxconfig.org
- Maximum verbosity: To increase verbosity even further for detailed debugging, you can use the
-vvvoption.$ ssh -vvv user@linuxconfig.org
Related Resources
To expand your SSH knowledge, check out these related guides:
- Configuring passwordless SSH logins – Essential for system administrators managing multiple systems
- SSH port forwarding – Create secure tunnels for any application
- SSH config generator – Simplify managing multiple SSH connections
Closing Thoughts
In this guide, we learned all about the ssh command on Linux. The ssh command is by far the most widespread and commonly supported way to manage remote systems at the command line. We covered basic usage, modern features like connection multiplexing and jump hosts, SSH configuration management, key management with ed25519 keys, and security best practices. SSH is a very secure and convenient way to manage remote Linux systems as well as other network devices.
