SSH is the tool you use every single day as a Linux admin — but most people only scratch the surface. Beyond basic ssh user@host, there's a world of powerful features that will make you 10x more productive.
Here are 15 SSH tips that will change how you work with remote servers.
1. SSH Config File — Stop Typing Long Commands
Instead of ssh -i ~/.ssh/prod-key -p 2222 admin@192.168.1.50, create ~/.ssh/config:
Host prod
HostName 192.168.1.50
User admin
Port 2222
IdentityFile ~/.ssh/prod-key
Host staging
HostName staging.example.com
User deploy
ForwardAgent yes
# Now just type:
# ssh prod
# ssh staging2. Connection Multiplexing — Instant Reconnects
# ~/.ssh/config
Host *
ControlMaster auto
ControlPath ~/.ssh/sockets/%r@%h-%p
ControlPersist 600
# First connection: normal speed
# Subsequent connections: instant (reuses existing connection)3. SSH Tunnels — Access Remote Services Locally
# Forward local port 5432 to remote PostgreSQL
ssh -L 5432:localhost:5432 prod
# Now connect to remote DB locally:
psql -h localhost -p 5432 -U myuser mydb
# Reverse tunnel — expose local port 3000 on remote server
ssh -R 8080:localhost:3000 prod4. Jump Hosts — SSH Through a Bastion
# Direct jump (OpenSSH 7.3+)
ssh -J bastion.example.com internal-server
# In config:
Host internal
HostName 10.0.0.5
ProxyJump bastion.example.com5. Run Commands Without Interactive Shell
# Quick server check
ssh prod "uptime && df -h && free -m"
# Run script remotely
ssh prod 'bash -s' < local-script.sh
# Parallel execution on multiple servers
for host in web1 web2 web3; do
ssh "$host" "sudo systemctl restart nginx" &
done
wait6. sshfs — Mount Remote Filesystems
# Mount remote directory locally
sshfs prod:/var/www/mysite ~/remote-site
# Edit files with your local IDE!
code ~/remote-site
# Unmount when done
fusermount -u ~/remote-site7. Copy Files Like a Pro
# scp with compression
scp -C largefile.tar.gz prod:/backup/
# rsync over SSH (better for large transfers)
rsync -avz --progress /local/dir/ prod:/remote/dir/
# Copy your SSH key to a new server
ssh-copy-id -i ~/.ssh/id_ed25519 prod8. Agent Forwarding — Use Your Keys on Remote Servers
# Enable for a session
ssh -A bastion
# Then from bastion, SSH to another server using YOUR key
ssh internal-server # Works without copying keys!9. Keep Sessions Alive
# ~/.ssh/config
Host *
ServerAliveInterval 60
ServerAliveCountMax 3
TCPKeepAlive yes10. Escape Sequences — Control Stuck Sessions
# When SSH freezes, type:
~. # Disconnect
~^Z # Suspend
~? # Show all escape sequences
~# # List forwarded connections11–15: Security Hardening Tips
# 11. Use Ed25519 keys (faster and more secure than RSA)
ssh-keygen -t ed25519 -C "admin@company.com"
# 12. Disable password authentication
# /etc/ssh/sshd_config
PasswordAuthentication no
PubkeyAuthentication yes
# 13. Change default port
Port 2222
# 14. Allow only specific users
AllowUsers admin deploy
# 15. Use fail2ban for brute force protection
sudo apt install fail2ban
sudo systemctl enable fail2ban📘 SSH Mastery
These 15 tips are just the beginning. For advanced SSH tunneling, certificate authentication, ProxyCommand chains, and enterprise SSH management, get SSH Mastery — the definitive guide to SSH on Linux.
🛡️ Server Security
SSH hardening is part of a bigger picture. Linux Security Hardening covers firewalls, SELinux, audit logging, intrusion detection, and more.
Frequently Asked Questions
Is Ed25519 better than RSA?
Yes. Ed25519 keys are shorter, faster to generate, and provide equivalent or better security than RSA-4096. Unless you need compatibility with very old systems, always use Ed25519.
Can I use SSH without a password?
Yes, using key-based authentication. Generate a key pair with ssh-keygen, copy the public key to the server with ssh-copy-id, then disable password auth. This is more secure AND more convenient.
