HomeBlog5 Essential SSH Commands Every Linux User Should Master
System Administration📅 January 6, 2021⏱️ 7 minutes min read

5 Essential SSH Commands Every Linux User Should Master

Master the most important SSH commands in Linux for secure remote server management, file transfers, tunneling, and advanced networking tasks. Complete guide with practical examples.

👤 Author: Linux-ID Team
5 Essential SSH Commands Every Linux User Should Master

SSH (Secure Shell) is the most essential command-line tool for Linux system administrators and developers. It provides secure, encrypted communication between local and remote systems, replacing insecure protocols like Telnet and RSH. Whether you're managing servers, transferring files, or creating secure tunnels, mastering SSH commands is crucial for effective Linux system administration.

In this comprehensive guide, we'll explore the 5 most important SSH commands that every Linux user should know, complete with practical examples and advanced use cases.

Why SSH is Essential for Linux Users

SSH offers several critical advantages over traditional remote access methods:

  • Encryption: All data transmission is encrypted, protecting sensitive information
  • Authentication: Multiple authentication methods including password and key-based authentication
  • Integrity: Data integrity verification prevents tampering during transmission
  • Versatility: Supports file transfers, port forwarding, and tunneling
  • Security: Replaces insecure protocols like Telnet, RSH, and FTP

1. Basic SSH Remote Connection

The fundamental SSH command connects you to remote servers securely. This is the foundation of all SSH operations.

Basic Syntax

ssh username@hostname

Examples

Connect to a server with default port (22):

ssh [email protected]
ssh [email protected]

Connect using a specific port:

ssh -p 2222 [email protected]

Connect with verbose output for troubleshooting:

ssh -v user@hostname

Advanced Connection Options

Using specific identity file (private key):

ssh -i ~/.ssh/my_private_key user@hostname

Disable host key checking (use with caution):

ssh -o StrictHostKeyChecking=no user@hostname

Connect with X11 forwarding for GUI applications:

ssh -X user@hostname

2. SSH as SOCKS Proxy for Secure Browsing

SSH can create a SOCKS proxy, allowing you to route your internet traffic through a remote server. This is invaluable for bypassing geo-restrictions or securing your connection on untrusted networks.

Basic SOCKS Proxy Setup

ssh -D 8080 user@hostname

Advanced Proxy Configuration

Run proxy in background:

ssh -D 8080 -f -N user@hostname

Specify local bind address:

ssh -D 127.0.0.1:8080 user@hostname

Browser Configuration

After establishing the SOCKS proxy:

  1. Open your browser's proxy settings
  2. Set SOCKS proxy to 127.0.0.1:8080
  3. Enable "Proxy DNS when using SOCKS v5"

Use Cases

  • Bypass geo-restrictions: Access region-locked content
  • Secure public WiFi: Encrypt traffic on untrusted networks
  • Corporate network access: Access internal resources remotely

3. SSH Port Forwarding (Tunneling)

Port forwarding creates secure tunnels between local and remote ports, enabling access to services that might otherwise be blocked or insecure.

Local Port Forwarding

Forward a local port to a remote service:

ssh -L local_port:destination_host:destination_port user@ssh_server

Examples

Access remote MySQL database:

ssh -L 3307:localhost:3306 user@database-server
# Connect locally: mysql -h 127.0.0.1 -P 3307

Access remote web application:

ssh -L 8080:localhost:80 user@web-server
# Access via: http://localhost:8080

Forward through intermediate server:

ssh -L 5432:internal-db:5432 user@jump-server

Remote Port Forwarding

Make local services accessible from remote server:

ssh -R remote_port:localhost:local_port user@remote_server

Example - Share local web server:

ssh -R 8080:localhost:3000 user@remote-server
# Remote users can access: http://remote-server:8080

Dynamic Port Forwarding

Create a SOCKS proxy (covered in section 2):

ssh -D 1080 user@hostname

Port Forwarding Options

  • -f: Run in background
  • -N: Don't execute remote commands
  • -g: Allow remote hosts to connect to forwarded ports

4. Secure File Transfer with SSH

SSH provides multiple methods for secure file transfer, replacing insecure FTP and enabling efficient remote file management.

SCP (Secure Copy Protocol)

Copy file to remote server:

scp /local/file.txt user@hostname:/remote/path/

Copy file from remote server:

scp user@hostname:/remote/file.txt /local/path/

Copy directory recursively:

scp -r /local/directory/ user@hostname:/remote/path/

Copy with specific port:

scp -P 2222 file.txt user@hostname:/remote/path/

SFTP (SSH File Transfer Protocol)

Interactive SFTP session:

sftp user@hostname

Common SFTP commands:

# Navigate remote directory
sftp> cd /remote/path
sftp> ls

# Navigate local directory
sftp> lcd /local/path
sftp> lls

# Transfer files
sftp> put local_file.txt
sftp> get remote_file.txt
sftp> mput *.txt
sftp> mget *.log

Rsync over SSH

For efficient synchronization and backup:

# Sync local to remote
rsync -avz -e ssh /local/path/ user@hostname:/remote/path/

# Sync remote to local
rsync -avz -e ssh user@hostname:/remote/path/ /local/path/

# Exclude certain files
rsync -avz --exclude='*.log' -e ssh /local/path/ user@hostname:/remote/path/

Advanced File Transfer Options

Preserve permissions and timestamps:

scp -p file.txt user@hostname:/remote/path/

Compress data during transfer:

scp -C large_file.zip user@hostname:/remote/path/

Limit bandwidth usage:

scp -l 1000 file.txt user@hostname:/remote/path/  # 1000 Kbit/s

5. SSH File System Mounting (SSHFS)

SSHFS allows you to mount remote directories as local file systems, providing seamless access to remote files through your local file manager.

Basic SSHFS Mount

sshfs user@hostname:/remote/path /local/mountpoint

Examples

Mount remote home directory:

mkdir ~/remote_home
sshfs user@server:/home/user ~/remote_home

Mount with specific options:

sshfs -o port=2222,compression=yes user@hostname:/remote/path /mnt/remote

Mount with reconnection on network issues:

sshfs -o reconnect,ServerAliveInterval=15,ServerAliveCountMax=3 user@hostname:/remote/path /mnt/remote

Unmounting SSHFS

fusermount -u /local/mountpoint
# or
umount /local/mountpoint

SSHFS Options

  • -o compression=yes: Enable compression
  • -o reconnect: Automatically reconnect on connection loss
  • -o follow_symlinks: Follow symbolic links
  • -o allow_other: Allow other users to access the mount

Use Cases

  • Development: Edit remote files with local editors
  • Backup: Easy access to remote backup directories
  • Content management: Manage website files remotely
  • Data analysis: Process remote datasets locally

SSH Security Best Practices

Key-Based Authentication

Generate SSH key pair:

ssh-keygen -t ed25519 -C "[email protected]"

Copy public key to server:

ssh-copy-id user@hostname

SSH Configuration File

Create ~/.ssh/config for easier connection management:

Host myserver
    HostName example.com
    User admin
    Port 2222
    IdentityFile ~/.ssh/my_private_key
    
Host *.internal
    ProxyJump bastion.example.com
    User admin

Security Hardening

Server-side configurations in /etc/ssh/sshd_config:

# Disable root login
PermitRootLogin no

# Disable password authentication
PasswordAuthentication no

# Change default port
Port 2222

# Limit user access
AllowUsers admin developer

# Enable key-based authentication only
PubkeyAuthentication yes

Troubleshooting Common SSH Issues

Connection Refused

# Check if SSH service is running
sudo systemctl status ssh

# Check firewall rules
sudo ufw status

Permission Denied

# Check SSH key permissions
chmod 600 ~/.ssh/id_rsa
chmod 644 ~/.ssh/id_rsa.pub
chmod 700 ~/.ssh

Host Key Verification Failed

# Remove old host key
ssh-keygen -R hostname

# Or disable strict checking (temporary)
ssh -o StrictHostKeyChecking=no user@hostname

Advanced SSH Techniques

SSH Agent for Key Management

# Start SSH agent
eval $(ssh-agent)

# Add keys to agent
ssh-add ~/.ssh/id_rsa

# List loaded keys
ssh-add -l

SSH Multiplexing

Enable connection sharing in ~/.ssh/config:

Host *
    ControlMaster auto
    ControlPath ~/.ssh/sockets/%r@%h-%p
    ControlPersist 600

Jump Hosts (ProxyJump)

# Direct jump
ssh -J jump-host target-host

# Multiple jumps
ssh -J jump1,jump2 target-host

Conclusion

SSH is an indispensable tool for Linux system administration, offering secure remote access, file transfer capabilities, and advanced networking features. These five essential SSH commands form the foundation of secure remote system management:

  1. Basic remote connection - The foundation of SSH usage
  2. SOCKS proxy - Secure browsing and traffic routing
  3. Port forwarding - Access remote services securely
  4. File transfer - Secure file operations with SCP, SFTP, and rsync
  5. File system mounting - Seamless remote file access with SSHFS

By mastering these commands and following security best practices, you'll be well-equipped to manage Linux systems securely and efficiently. Remember to always use key-based authentication, keep your SSH client and server updated, and follow the principle of least privilege when configuring access.

Whether you're a system administrator managing multiple servers, a developer working with remote environments, or a security-conscious user seeking secure communication methods, these SSH commands will serve as your essential toolkit for secure remote operations.

Tags:

sshlinuxserversecuritynetworkingtutorial

Related Posts

12 months agoSystem Administration

How to Change Hostname on Ubuntu 24.04

Learn how to change hostname on Ubuntu 24.04 using multiple methods including hostnamectl command, configuration files, and GUI. Complete guide with examples, best practices, and troubleshooting tips.

Read more →