Secure SHell (SSH) is a remote access program for *nix machines. It can be used to obtain both command-line and graphical (via the command line) access to machines.

Basic usage

The basic syntax for SSH is:

ssh user@remote

Where user and remote are replaced by the username and remote machine name (the machine name can also be an IP address). If the username is left off, SSH will default to the current username:

ssh remote

The default authentication method is username/password, but a variety of authentication methods exist, of which the most popular alternative is SSH keys (see configuration section).


SSH can be configured to simplify a number of workflows. The most common of these configurations are setting up a config file for hostnames and adding SSH keys.

SSH keys

"SSH" keys are RSA keypairs.

To generate a keypair, use ssh-keygen:


You will be asked a series of questions, generally the default (no answer) is fine:

you@local (~) ∑ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/you/.ssh/id_rsa):
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/you/.ssh/id_rsa.
Your public key has been saved in /home/you/.ssh/
The key fingerprint is:
SHA256:1234567890ABCDEFGH1234567890 you@local
The key's randomart image is:
+---[RSA 3072]----+
| ^__^            |
| (oo)\_______    |
| (__)\       )\/\|
|     ||----w |   |
|     ||     ||   |
you@local (~) ∑ 

If you like, you can increase the number of bits used in the RSA key, for example to 4096:

ssh-keygen -b 4096

If you only generate one SSH key, it will be the default used by SSH when connecting to any remote server, which may not be what you want. If you want to have multiple SSH keys, a good organizational tip is to have a keys folder in your .ssh directory:

you@local (~) ∑ tree ~/.ssh
├── config
├── keys
│   ├── school.key
│   ├──
│   ├── github.key
│   ├──
│   ├── gitlab.key
│   └──
└── known_hosts

1 directory, 8 files
you@local (~) ∑ 

This will let you use a config file (next section) to control which keys are used for which machines.

Config file

The basic syntax of the SSH config file is:

Host symbolic name
     HostName machine hostname
     User username
     IdentityFile /path/to/a/key

Suppose I had three keys, one for school, one for GitHub, and one for GitLab. My config file could look like this:

     User git
     IdentityFile ~/.ssh/keys/github.key
     User git
     IdentityFile ~/.ssh/keys/gitlab.key
Host school
     User schoolid
     IdentityFile ~/.ssh/keys/school


The username for Git source control repositories must be git, unless you have been told that it is otherwise.

Note that the Host and HostName values do not have to match. The Host value is what you will type on the command line, and the HostName is what SSH uses to make the connection. So if I wanted to login to the school machine, which is actually, I would type:

ssh school

Advanced usage

Other ports

The default port for SSH is 22. To connect to an SSH daemon on another port, use the -p flag:

ssh -p user@remote

Specifying identity file

To specify the identity file to use (which you generally don't have to do if you use a config file), use the -i flag:

ssh -i /path/to/key/file user@remote

Remote graphical windows

To run graphical commands on the remote machine (often called "throwing the X display back"), use the -X flag:

ssh -X user@remote

Using keys with other programs

The keys used by command-line SSH can also be used by other programs, such as SCP.