SSH (Secure Shell) is a cryptographic network protocol for operating network services securely over an unsecured network.
Basic Connection
ssh user@hostname # Connect to a host
ssh -p 2222 user@hostname # Connect using a specific port
ssh -i ~/.ssh/id_rsa user@host # Connect using a specific private keySSH Key Management
Using SSH keys is more secure and convenient than using passwords.
# Generate a new SSH key (Ed25519 is currently the most recommended)
ssh-keygen -t ed25519 -C "[email protected]"
# Generate a legacy RSA key (Use 4096 bits)
ssh-keygen -t rsa -b 4096 -C "[email protected]"
# Copy your public key to a remote server (Enables passwordless login)
ssh-copy-id user@hostname
# If using a custom port:
ssh-copy-id -p 2222 user@hostnameTunneling & Port Forwarding
# Local Port Forwarding (Forward local port 8080 to remote port 80)
# Use case: Accessing a remote internal web server on your local machine
ssh -L 8080:localhost:80 user@hostname
# Remote Port Forwarding (Forward remote port 8080 to local port 80)
# Use case: Exposing your local dev server to the internet via a VPS
ssh -R 8080:localhost:80 user@hostname
# Dynamic Port Forwarding (SOCKS5 Proxy)
# Use case: Routing your web browser traffic through the SSH server
ssh -D 9090 -C -N user@hostnameSSH Config File (~/.ssh/config)
Instead of typing long commands, you can save host configurations.
# ~/.ssh/config
Host myserver
HostName 198.51.100.1
User admin
Port 2222
IdentityFile ~/.ssh/id_ed25519Now you can simply type:
ssh myserverHardening SSH Server (/etc/ssh/sshd_config)
To secure your server, edit /etc/ssh/sshd_config and restart the sshd service.
Port 2222 # Change default port to avoid automated scanners
PermitRootLogin no # Disable root login
PasswordAuthentication no # Disable password login (Requires SSH keys setup first!)
PubkeyAuthentication yes # Enable public key authentication