This article provides a comprehensive guide to the Linux
ssh
command, including its history, purpose, usage, common parameters, and tips and tricks. Thessh
command is commonly used for secure remote administration of servers, running remote commands and scripts, securely transferring files using SCP or SFTP, and setting up port forwarding and tunneling. The article also covers the~/.ssh
folder, which is a crucial part of the SSH protocol and public-key authentication.
Instructions
This article provides an in-depth introduction to the Linux ssh
command, covering its history, purpose, usage, common parameters, and some tips and tricks.
History
The ssh
(Secure Shell) command was developed in the 1990s as a secure alternative to insecure remote login protocols such as Telnet and Rlogin. It's widely used for remote server administration and file transfers.
When and why to use it
The ssh
command is used to securely access and manage remote systems. It provides encrypted communication between the local machine and the remote host, protecting sensitive data from potential eavesdropping and interception.
How to use it
To connect to a remote host using ssh
, provide the remote username and hostname or IP address:
ssh username@hostname
The commonly used parameters
-p
Specify the remote port number to connect to.
ssh -p 2222 username@hostname
-i
Specify the private key file to use for authentication.
ssh -i ~/.ssh/private_key username@hostname
-X
Enable X11 forwarding, allowing GUI applications to be displayed on the local machine.
ssh -X username@hostname
-N
Do not execute a remote command; useful for forwarding ports.
ssh -N -L 8080:localhost:80 username@hostname
-q
Run in quiet mode, which suppresses most warning and diagnostic messages.
ssh -q username@hostname
Other supported parameters
-o
: Pass options to the SSH client in the formatoption=value
.-t
: Force pseudo-terminal allocation, useful for running interactive applications.-L
: Set up local port forwarding.-R
: Set up remote port forwarding.-D
: Set up dynamic application-level port forwarding (SOCKS proxy).
Most common use cases
The ssh
command is commonly used for:
- Secure remote administration of servers.
- Running remote commands and scripts.
- Securely transfer files using SCP or SFTP.
- Setting up port forwarding and tunneling.
ssh username@hostname "remote-command"
ssh -L 8080:localhost:80 username@hostname
The tricky skills
- Use
ssh
with a custom configuration file for specific connections:
ssh -F /path/to/custom_config username@hostname
- Run multiple commands on the remote host in one
ssh
session:
ssh username@hostname "command1; command2; command3"
The useful of ~/.ssh
Folder
The ~/.ssh
folder is located in a user's home directory and stores SSH-related files, it is a crucial part of the SSH protocol and public-key authentication. It contains private and public keys, along with configuration files, that help establish secure connections between your local machine and remote servers. We will discuss the purpose and usage of the ~/.ssh
folder, private keys id_rsa
, public keys id_rsa.pub
, and the configuration config
file.
id_rsa
: This file contains the user's private key for public-key authentication. It should be kept secret and secure, with permissions set to 600 (chmod 600 ~/.ssh/id_rsa
). The private key is used to decrypt messages sent by the remote server, which are encrypted using the corresponding public key.id_rsa.pub
: This file contains the user's public key for public-key authentication. It can be shared with remote servers to establish trust between the local machine and the server. The public key is used by the remote server to encrypt messages sent to the local machine.- The private key and public key can be generated as follows:
peter@penguin 11:20:35 ~ → ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/peter/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/peter/.ssh/id_rsa
Your public key has been saved in /home/peter/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:2G2qQlsZzZOAAuqDymPzuhh6X+mbavo9HzOqUqSVAac peter@penguin
The key's randomart image is:
+---[RSA 3072]----+
|...... |
|. .oo . |
|. E. o + . |
|o + .o=. |
|.o + .oS.o |
|o o o o. o |
|o= o oo = |
|+.* ++.+ + |
|o++B=+B+. |
+----[SHA256]-----+
config
file allows users to define custom settings and aliases for SSH connections. Some common use cases include:- Specifying a custom port for an SSH connection
- Defining a custom hostname or IP address
- Setting a specific private key for a particular host
- Configuring timeouts and connection retries
- Here’s an example of a
config
file:
# In this example, the config file defines a custom alias "example"
# for connecting to the remote server at example.com. The connection
# uses port 2222 and the custom private key ~/.ssh/custom_id_rsa.
# The ServerAliveInterval and ServerAliveCountMax options help maintain
# the connection by sending keepalive packets.
Host example
HostName example.com
User username
Port 2222
IdentityFile ~/.ssh/id_rsa
ServerAliveInterval 60
ServerAliveCountMax 3
- So, after configuring this, you can connect the example.com using this shortcut:
ssh example
What needs to be noted
- Make sure your private key file has the correct permissions (600) to prevent unauthorized access.
- Use public key authentication instead of passwords for improved security.
- Keep your SSH server and client software up-to-date to ensure the latest security features are in place.
Conclusion
The Linux ssh
command is a powerful and versatile tool for securely accessing and managing remote systems. By understanding its usage and various parameters, you can efficiently and safely administer remote servers and transfer files.