ssh Command
Beginner SSH & Remote man(1)Securely connect to remote servers
👁 12 views
📅 Updated: Mar 16, 2026
SYNTAX
ssh [OPTION]... [USER@]HOSTNAME [COMMAND]
What Does ssh Do?
SSH (Secure Shell) provides encrypted remote login and command execution over insecure networks. It is the primary method for securely accessing remote Linux servers, replacing older unencrypted protocols like telnet and rsh.
ssh supports password authentication, public key authentication, X11 forwarding, port forwarding (tunneling), SOCKS proxying, and agent forwarding. Public key authentication is strongly recommended for security and convenience.
SSH is fundamental to system administration, remote development, deployment automation, and secure data transfer. Tools like scp, sftp, rsync, and git all use SSH for secure transport.
ssh supports password authentication, public key authentication, X11 forwarding, port forwarding (tunneling), SOCKS proxying, and agent forwarding. Public key authentication is strongly recommended for security and convenience.
SSH is fundamental to system administration, remote development, deployment automation, and secure data transfer. Tools like scp, sftp, rsync, and git all use SSH for secure transport.
Options & Flags
| Option | Description | Example |
|---|---|---|
| -p | Connect to specific port | ssh -p 2222 user@server |
| -i | Use specific identity (private key) file | ssh -i ~/.ssh/deploy_key user@server |
| -L | Local port forwarding (tunnel) | ssh -L 3306:localhost:3306 user@db-server |
| -R | Remote port forwarding | ssh -R 8080:localhost:80 user@public-server |
| -D | Dynamic port forwarding (SOCKS proxy) | ssh -D 1080 user@server |
| -N | Do not execute remote command (tunneling only) | ssh -N -L 5432:localhost:5432 user@db-server |
| -v | Verbose mode for debugging | ssh -v user@server |
| -A | Enable agent forwarding | ssh -A user@jump-server |
| -J | Jump host (proxy through another server) | ssh -J jump@bastion user@internal-server |
| -t | Force pseudo-terminal allocation | ssh -t user@server sudo service nginx restart |
Practical Examples
#1 Connect to a server
Opens an interactive shell on the remote server.
$ ssh user@192.168.1.100#2 Run remote command
Executes commands on the remote server and returns output locally.
$ ssh user@server "df -h && free -m"#3 SSH with key file
Connects using a specific SSH private key file.
$ ssh -i ~/.ssh/mykey.pem ubuntu@ec2-instance.aws.com#4 Port forwarding (tunnel)
Forwards local port 3306 to the database server — access remote MySQL locally.
$ ssh -L 3306:localhost:3306 user@db-server -N#5 Jump through bastion host
Connects to an internal server through a bastion/jump host.
$ ssh -J admin@bastion user@internal-server#6 SOCKS proxy
Creates a SOCKS proxy on port 1080 for secure browsing through the server.
$ ssh -D 1080 -N user@server#7 Copy file via SSH
Quick way to copy a remote file to your local machine.
$ ssh user@server "cat /var/log/app.log" > local-copy.logTips & Best Practices
Use SSH config file: Create ~/.ssh/config to define shortcuts: Host myserver / Hostname 192.168.1.100 / User admin / IdentityFile ~/.ssh/mykey. Then just type: ssh myserver
Never use password auth in production: Always use key-based authentication. Disable password auth in /etc/ssh/sshd_config: PasswordAuthentication no
SSH agent for key management: Use ssh-agent and ssh-add to cache your passphrase: eval $(ssh-agent) && ssh-add ~/.ssh/id_rsa. Avoids entering passphrase repeatedly.
Frequently Asked Questions
How do I set up SSH key authentication?
Generate a key pair: ssh-keygen -t ed25519. Copy public key to server: ssh-copy-id user@server. Now you can log in without a password.
What is SSH port forwarding?
Port forwarding creates encrypted tunnels. Local forwarding (-L) forwards a local port to a remote service. Remote forwarding (-R) exposes a local service on the remote server.
How do I fix "Permission denied (publickey)"?
Ensure your key is in ~/.ssh/authorized_keys on the server, permissions are correct (700 for .ssh, 600 for authorized_keys), and you are using the right key (-i flag).
Related Commands
More SSH & Remote Commands
Master Linux with Professional eBooks
Curated IT eBooks covering Linux, DevOps, Cloud, and more
Browse Books →