Introduction
SSH (Secure Shell) is a network protocol that allows safe access to another equipment by means of an encrypted connection. In Linux environments, the ssh command becomes the default tool for managing servers, transferring files and running commands remotely without exposing credentials in flat text. This article explains step by step how to use ssh, from installation to advanced configurations such as tunnels and public key authentication.
What is SSH?
SSH replaced old tools such as telnet and rsh, which sent information without encryption. It uses public key cryptography to authenticate the server and, optionally, to the client. All traffic, including passwords and data, travels within a safe channel protected against listening and handling. In addition, SSH allows you to send ports and create tunnels that can safely encapsulate other protocols.
Installation and verification
In most Linux distributions, the ssh client is already installed. To confirm, runssh -Vin the terminal; you should show the OpenSSH version. If missing, install it with the package manager: in Debian / Ubuntu usesudo apt-get install openssh-client, in Fedorasudo dnf install openssh-clientsand in Archsudo pacman -S openssh. The server, necessary if you want to accept connections, is installed withopenssh-server.
Basic syntax
The simplest way to connect isssh usuario@host. If the user name on the remote machine matches the site, you can omit it it:ssh host. By default, ssh uses port 22; to specify another, add the option-p puerto. For example,ssh -p 2222 admin@ejemplo.comis connected to port 2222.
Most commonly used options
-p puerto: defines the connection port.-i archivo_clave: indicates the private key to be used for authentication.-v: Vertical mode, useful for debugging connection problems.-C: enables data compression, beneficial in slow links.-X: X11 reshipment to run graphic applications remotely.
Password-free connection with public keys
To avoid writing the password at a time, generate a couple of keys withssh-keygen -t rsa -b 4096. Copy the public key to the server usingssh-copy-id usuario@hostor manually added to~/.ssh/authorized_keys. Then try the access withssh usuario@host; you should enter without requesting a password. You can protect your private key with a passing phrase to increase security.
Tunes and port reshipment
SSH can create tunnels that cipher traffic from other applications. A local tunnel is created withssh -L puerto_local:destino:puerto_destino usuario@host. For example,ssh -L 8080:localhost:80 usuario@hostredirect the 8080 port of your machine to the 80 port of the server, allowing access to a secure internal web service. Remote forwarding (-R) does otherwise, exposing a local port to the server.
Good security practices
- Disable password authentication on the server by setting
PasswordAuthentication noin/etc/ssh/sshd_configand recharge the daemon. - Limit users who can access by
AllowUsersorDenyUsers. - Change the default port to a non-standard to reduce automated attacks.
- Always use recent versions of OpenSSH and apply security updates.
- Monitor connection attempts with tools like
fail2banor reviewing/var/log/auth.log.
Conclusion
The ssh command is a key piece for the safe management of Linux systems. Dominating your syntax, options and advanced techniques such as key authentication and tunnels gives you the ability to manage remote infrastructure with confidence and without compromising security. Applying the good practices described above ensures that your connections remain protected from external threats.
