Back to Commands

ssh

networkingLinux/Unix/Windows
The ssh command is one of the most frequently used commands in Linux/Unix-like operating systems. ssh The ssh (Secure Shell) command is a secure protocol used to remotely connect to and manage systems over an encrypted network connection. It allows for secure remote logins, command execution, file transfers, and port forwarding with strong encryption and authentication mechanisms.
See ExamplesView Syntax

Quick Reference

Command Name:

ssh

Category:

networking

Platform:

Linux/Unix/Windows

Basic Usage:

ssh user@hostname

Common Use Cases

  • 1

    Secure remote access

    Connect securely to remote servers with encrypted communications

  • 2

    Remote command execution

    Run commands on remote systems without establishing a full shell

  • 3

    Port forwarding

    Create secure tunnels to access services behind firewalls or NAT

  • 4

    Jump host connections

    Connect to servers through intermediary proxy systems

Syntax

ssh [options] [user@]hostname [command]

Options

Option Description
-4 Force SSH to use IPv4 addresses only
-6 Force SSH to use IPv6 addresses only
-A Enable forwarding of the authentication agent connection
-C Enable compression of all data
-D [bind_address:]port Dynamic port forwarding (SOCKS proxy server)
-F configfile Specify an alternative per-user configuration file
-i identity_file Specify identity (private key) file
-J [user@]host[:port] Connect through a jump host (SSH proxy)
-L [bind_address:]port:host:hostport Local port forwarding
-N Do not execute a remote command (useful for port forwarding)
-o option Specify options in the format used in the config file
-p port Connect to this port on the remote host
-q Quiet mode (suppress most warning and diagnostic messages)
-R [bind_address:]port:host:hostport Remote port forwarding
-t Force pseudo-terminal allocation (interactive programs)
-v Verbose mode (useful for debugging)
-X Enable X11 forwarding
-Y Enable trusted X11 forwarding (less secure but more compatible)

Common SSH Config File Options:

Option Description
Host Specifies host patterns for which the following declarations apply
HostName Real hostname to connect to (allows for aliases)
User Username to use when connecting
Port Port to connect to on the remote host
IdentityFile File from which the identity (private key) is read
ForwardAgent Whether to forward the SSH agent
ForwardX11 Whether to forward X11 connections
ServerAliveInterval Seconds between keepalive packets
PasswordAuthentication Whether to use password authentication
ProxyJump Host to use as a jump host

Examples

How to Use These Examples

The examples below show common ways to use the ssh command. Try them in your terminal to see the results. You can copy any example by clicking on the code block.

#

Basic Examples:

ssh user@hostname

Connect to a remote server with a specific username.

ssh hostname

Connect to a remote server using your current username.

ssh -p 2222 user@hostname

Connect to a remote server on a non-standard port.

Running Remote Commands:

ssh user@hostname ls -la

Run a command on the remote server and return the output.

ssh user@hostname "cat /etc/hostname && uptime"

Run multiple commands on the remote server.

Key Authentication:

ssh-keygen -t rsa -b 4096

Generate an RSA SSH key pair with 4096 bits.

ssh-copy-id user@hostname

Copy your public key to a remote server for passwordless login.

Port Forwarding:

ssh -L 8080:localhost:80 user@hostname

Forward local port 8080 to port 80 on the remote server.

ssh -R 8080:localhost:80 user@hostname

Forward remote port 8080 to port 80 on your local machine.

ssh -D 9090 user@hostname

Create a SOCKS proxy on local port 9090 for dynamic port forwarding.

Advanced Usage:

ssh -i ~/.ssh/private_key user@hostname

Connect using a specific private key file.

ssh -X user@hostname firefox

Run a graphical application remotely with X11 forwarding.

ssh -o "ServerAliveInterval 60" user@hostname

Keep the connection alive by sending a packet every 60 seconds.

ssh -J jumphost user@destination

Connect through a jump host (proxy) to reach the destination server.

Try It Yourself

Practice makes perfect! The best way to learn is by trying these examples on your own system with real files.

Understanding Syntax

Pay attention to the syntax coloring: commands, options, and file paths are highlighted differently.

Notes

Key Points:

  • SSH provides a secure, encrypted connection between systems over an untrusted network
  • Public key authentication is more secure than password-based authentication
  • SSH supports various types of port forwarding for tunneling applications through firewalls
  • SSH can run both interactive terminal sessions and individual commands
  • The default SSH port is 22, but it can be configured to use any port
  • SSH configuration can be stored in ~/.ssh/config for easier connections
  • SSH key pairs consist of a private key (kept secret) and a public key (shared with servers)

Security Best Practices:

  • Always use key-based authentication instead of passwords when possible
  • Use strong passphrases to protect your SSH private keys
  • Keep your SSH client and server software updated to fix security vulnerabilities
  • Consider using ssh-agent to avoid typing your passphrase repeatedly
  • Disable root login via SSH when possible
  • Consider changing the default SSH port to reduce automated attacks
  • Use fail2ban or similar tools to prevent brute force attacks
  • Regularly audit authorized_keys files to remove unused or unauthorized keys

SSH Key Management:

  • Private keys should be kept secure with appropriate permissions (chmod 600)
  • The ~/.ssh directory should have restricted permissions (chmod 700)
  • Use ssh-add to manage keys in your SSH agent
  • Consider using different keys for different servers or purposes
  • Backup your private keys securely - they cannot be recovered if lost
  • Ed25519 keys are recommended for new deployments (faster and more secure than RSA)
  • Use ssh-keygen's -C option to add comments to keys for better identification

Port Forwarding Types:

  • Local forwarding (-L): Forward a local port to a remote server, useful for accessing services behind firewalls
  • Remote forwarding (-R): Forward a remote port to your local machine, useful for exposing local services
  • Dynamic forwarding (-D): Create a SOCKS proxy, useful for browser or application traffic tunneling
  • Use the -N flag with port forwarding to establish the connection without executing a remote shell
  • Add -f to run SSH in the background when only using it for port forwarding

Configuration File:

  • The ~/.ssh/config file can store connection settings for multiple hosts
  • Use Host patterns to create aliases for complex connection strings
  • Include directives can be used to organize configuration across multiple files
  • Match directives can apply settings conditionally based on hostname, user, etc.
  • System-wide settings are in /etc/ssh/ssh_config

Common Issues:

  • Permission denied errors: Check key permissions, authorized_keys file, and server configuration
  • Connection timeouts: Check firewalls, DNS resolution, and server availability
  • Host key verification failures: Update known_hosts file if the server has changed
  • Agent forwarding issues: Ensure ssh-agent is running and contains the necessary keys
  • X11 forwarding problems: Check if X11 is installed and properly configured on both systems

Related Commands:

  • scp - Secure Copy, transfers files securely using SSH protocol
  • sftp - Secure FTP, provides FTP-like interface over SSH
  • ssh-keygen - Generates SSH key pairs
  • ssh-copy-id - Installs SSH keys on remote servers
  • ssh-agent - Authentication agent that stores unencrypted keys in memory
  • ssh-add - Adds private keys to the authentication agent
  • rsync - File synchronization tool that can use SSH for transport

Tips & Tricks

1

Use SSH config file: Create aliases in ~/.ssh/config with "Host nickname" to simplify connections

2

Setup passwordless login: Use ssh-copy-id user@host to copy your public key for authentication

3

Keep connections alive: Add "ServerAliveInterval 60" to your config to prevent timeouts

4

Use key agent forwarding: ssh -A user@host allows using your local keys on remote servers

5

Create SSH tunnels: Use -L for local port forwarding and -R for remote port forwarding

6

Run multiple commands: ssh user@host "command1 && command2 && command3"

7

Escape sequences: Type ~? during an SSH session to see available escape commands

8

Disable host key checking: Use -o "StrictHostKeyChecking=no" for temporary connections to new hosts

9

Compress data: Use -C to enable compression for slow connections

Common Use Cases

Secure remote access

Connect securely to remote servers with encrypted communications

Remote command execution

Run commands on remote systems without establishing a full shell

Port forwarding

Create secure tunnels to access services behind firewalls or NAT

Jump host connections

Connect to servers through intermediary proxy systems

X11 forwarding

Run graphical applications remotely and display them locally

Related Commands

scp

scp

View command

sftp

sftp

View command

rsync

rsync

View command

ssh-keygen

ssh-keygen

View command

ssh-copy-id

ssh-copy-id

View command

ssh-agent

ssh-agent

View command

ssh-add

ssh-add

View command

Learn By Doing

The best way to learn Linux commands is by practicing. Try out these examples in your terminal to build muscle memory and understand how the ssh command works in different scenarios.

See ExamplesTry Lab Exercises
$ ssh
View All Commands