Secure SHell (SSH) is a remote access program for *nix machines. It can be used to obtain both command-line and graphical (via the command line) access to machines.
The basic syntax for SSH is:
remote are replaced by the username and remote machine name (the machine name can also be an IP address). If the username is left off, SSH will default to the current username:
The default authentication method is username/password, but a variety of authentication methods exist, of which the most popular alternative is SSH keys (see configuration section).
SSH can be configured to simplify a number of workflows. The most common of these configurations are setting up a config file for hostnames and adding SSH keys.
"SSH" keys are RSA keypairs.
To generate a keypair, use
You will be asked a series of questions, generally the default (no answer) is fine:
you@local (~) ∑ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/you/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/you/.ssh/id_rsa. Your public key has been saved in /home/you/.ssh/id_rsa.pub. The key fingerprint is: SHA256:1234567890ABCDEFGH1234567890 you@local The key's randomart image is: +---[RSA 3072]----+ | ^__^ | | (oo)\_______ | | (__)\ )\/\| | ||----w | | | || || | +----[SHA256]-----+ you@local (~) ∑
If you like, you can increase the number of bits used in the RSA key, for example to 4096:
ssh-keygen -b 4096
If you only generate one SSH key, it will be the default used by SSH when connecting to any remote server, which may not be what you want. If you want to have multiple SSH keys, a good organizational tip is to have a
keys folder in your
you@local (~) ∑ tree ~/.ssh /home/you/.ssh ├── config ├── keys │ ├── school.key │ ├── school.key.pub │ ├── github.key │ ├── github.key.pub │ ├── gitlab.key │ └── gitlab.key.pub └── known_hosts 1 directory, 8 files you@local (~) ∑
This will let you use a config file (next section) to control which keys are used for which machines.
The basic syntax of the SSH config file is:
Host symbolic name HostName machine hostname User username IdentityFile /path/to/a/key
Suppose I had three keys, one for school, one for GitHub, and one for GitLab. My config file could look like this:
Host github.com HostName github.com User git IdentityFile ~/.ssh/keys/github.key Host gitlab.com HostName gitlab.com User git IdentityFile ~/.ssh/keys/gitlab.key Host school HostName email@example.com User schoolid IdentityFile ~/.ssh/keys/school
The username for Git source control repositories must be
git, unless you have been told that it is otherwise.
Note that the
HostName values do not have to match. The
Host value is what you will type on the command line, and the
HostName is what SSH uses to make the connection. So if I wanted to login to the
school machine, which is actually
firstname.lastname@example.org, I would type:
The default port for SSH is 22. To connect to an SSH daemon on another port, use the
ssh -p user@remote
Specifying identity file
To specify the identity file to use (which you generally don't have to do if you use a config file), use the
ssh -i /path/to/key/file user@remote
Remote graphical windows
To run graphical commands on the remote machine (often called "throwing the X display back"), use the
ssh -X user@remote
Using keys with other programs
The keys used by command-line SSH can also be used by other programs, such as SCP.