Secure shell (SSH) is one of the most ubiquitous Linux tools. It provides secure connectivity between workstations, servers, managed switches, routers, and any number of other devices. Linux and macOS include SSH, and it’s easy to add to Windows.
This article provides a quick review of standard SSH usage. The main goal is to provide guidance for executing one-time commands over an SSH connection and how to tunnel other applications, and I’ve added an additional section on using scp to copy files securely.
There are many SSH configuration articles, so this article is about using SSH instead of configuring it. I’ve made some assumptions about its configuration:
The SSH service is installed
- and running on the target server
- A customer
- Firewall settings allow
- You are using the standard SSH port 22/tcp
- In these exercises, key-based authentication is NOT configured, so SSH prompts you for a password.
SSH is installed on the local computer.
For registration, key-based authentication is highly recommended (in fact, almost assumed at this point). Key-based authentication connection attempts are faster, easier to automate, and considered more secure. Read passwordless SSH using public-private key pairs for guidance on this critical configuration or Eight Ways to Secure SSH Access on Your System for general suggestions.
I’ll start with what could be considered a standard SSH connection. This command starts SSH and specifies the user account that the remote server should authenticate and the identity of the destination server (host name or IP address):
$ ssh user01@server01
The connection attempt triggers a password challenge. This is the password for the user account specified on the remote system.
Once authenticated, the remote system presents a command prompt and provides the ability to execute commands or access resources with the privileges of the connecting user. On some systems, security settings prevent the root user from connecting via SSH, so it may be necessary to elevate privileges at this point.
The interactive session is established, and you can now perform your administrative tasks.
[Learn how to install apps on Linux by downloading this eBook. ]
a command over SSH
What if all you need to do over the SSH connection is run a single quick command? You may not want to perform the stand-alone actions of connecting and authenticating, running the command, and then disconnecting.
Remember that you are challenged for a password in these examples unless you have key-based authentication set up (you probably should, but it’s beyond the scope of this article).
SSH allows users to add the desired command directly to the connection attempt. The command is executed and the connection is closed.
The basic syntax is ssh user01@server01 “command”.
For example, you can check the installation status of a package:
$ ssh user01@server01 “rpm -qa | grep nano”
You may need to check a log file on a remote server for “error” messages. You could try something like this:
$ ssh user01@server01 “cat /var/log/secure” | grep -i fail
Or maybe you need to extract a file from the remote system. Also, you need to compress the file:
$ ssh user01@server01 “tar -czf /projects” > projectsbackup.tar.gz
Note that you will likely use scp for this task (see below).
[ Download the Bash shell scripting cheat sheet. ]
If you need to elevate your privileges on the other side of the SSH connection with sudo, then force the use of a pseudo-terminal with -t. Use this if sudo will challenge you for a password. The command looks like this:
$ssh -t user01@server01 “sudo yum install nano”
SSH Applications Tunnel can provide an authenticated and encrypted connection to remote devices for other applications
Virtual Network Computing (VNC) is a useful way to connect to a remote desktop when you need a graphical user interface (GUI) to perform your task.
Not all VNC products provide encryption for data transfer (however, they usually do so for the authentication stage). You can tunnel your VNC connection via SSH for added privacy.
You must forward ports for this to work. Type the following
: $ ssh -L 5901:localhost:5901 -N -f -l user01@server01
Start the VNC client and connect to localhost:5901, which is now forwarded to the remote server
Here is an explanation of the options in the above command
- -L: Forwards the port to the target device. In this case, it is a direct mapping of 5901 to 5901 (the default VNC port number).
- -N: Only forward ports and do not run commands.
- -f: Place SSH in the background after establishing the connection (releasing the command prompt).
- -l: This option specifies the remote SSH user and the destination server.
Similarly, you could set up an HTTP tunnel over SSH to a directory called images with a command like this
: $ ssh -L 11000:localhost:80 -N -f -l user01@server01
Next, launch a web browser and connect to http://localhost:11000/images
If all you’re trying to do is copy files, you don’t have to use a full SSH connection. Instead, you can use the scp command to accomplish the same goal more easily.
To copy the file.txt to the /projects directory on the remote server01 system, type: $ scp file.txt server01:/projects
Or, if you need to copy the file from the remote system to the current system directory, type
: $ scp
Glen Newell has a good article on using the scp command.
Linux administrators are familiar with establishing SSH connections for remote administration. We run the ssh command, authenticate, and then perform a series of tasks. When tasks are complete, we disconnect.
This pattern is great if you need to perform multiple configurations or manually issue a series of commands. However, sometimes you just need to run a command or script. SSH allows a fast connection that authenticates, executes the specified command, and disconnects. Finally, SSH can also tunnel other protocols, such as VNC or HTTP, providing a level of security beyond what supporting applications offer. Explore the incredible flexibility of SSH and discover new ways to use this ancient tool.