SSH is actually a protocol designed to let you control a remote machine as if you were sitting in front of it, not just to transfer files.
Let’s say you’ve got a shiny new Ubuntu server and want to log in. First, you need an SSH client on your local machine. Most Linux and macOS systems have OpenSSH built-in. On Windows, you can use the built-in ssh command in PowerShell or Command Prompt (version 10 and later), or a client like PuTTY.
On your server, the SSH daemon (usually sshd) needs to be running. It typically listens on port 22.
To connect, you’ll use the command:
ssh username@remote_host
For example, if your username on the server is admin and the server’s IP address is 192.168.1.100, you’d type:
ssh admin@192.168.1.100
The first time you connect to a new server, your SSH client will show you the server’s host key fingerprint and ask if you want to continue connecting. This is a security measure to prevent man-in-the-middle attacks. The fingerprint is like a unique ID for that server. You should verify this fingerprint if possible (e.g., by asking the server administrator or checking a trusted source). If you’re confident, type yes.
After that, you’ll be prompted for your password on the remote server. Enter it, and if it’s correct, you’ll see the server’s command prompt. You’re now logged in!
To disconnect, simply type exit or press Ctrl+D.
For more advanced use, you can specify a different port if sshd isn’t running on the default port 22:
ssh -p 2222 username@remote_host
This connects to port 2222 on remote_host.
You can also use SSH to execute a single command remotely without starting an interactive session:
ssh username@remote_host 'ls -l /home/username'
This will log in, run ls -l /home/username, print the output, and then disconnect.
A more secure and convenient way to authenticate is using SSH keys. This involves generating a pair of keys on your local machine: a private key (which you keep secret) and a public key (which you can share).
To generate a key pair, use:
ssh-keygen -t rsa -b 4096
This will create ~/.ssh/id_rsa (your private key) and ~/.ssh/id_rsa.pub (your public key). You’ll be prompted to enter a passphrase for extra security on your private key.
Next, you need to copy your public key to the authorized_keys file on the server. The easiest way is using ssh-copy-id:
ssh-copy-id username@remote_host
This command automatically appends your public key to ~/.ssh/authorized_keys on the remote server and sets the correct permissions. If ssh-copy-id isn’t available, you can manually copy the ~/.ssh/id_rsa.pub content and paste it into ~/.ssh/authorized_keys on the server, ensuring the file has 600 permissions and the .ssh directory has 700 permissions.
Once your public key is on the server, you can log in without a password (or with your passphrase if you set one for your private key).
SSH also supports port forwarding, allowing you to tunnel network traffic securely. For instance, to forward a local port (e.g., 8080) to a port on the remote server (e.g., 80), you can use:
ssh -L 8080:localhost:80 username@remote_host
Now, if you access http://localhost:8080 in your local browser, the traffic will be forwarded through the SSH connection to port 80 on the remote_host.
The most surprising thing about SSH is how its multiplexing feature can drastically speed up connections to the same server. By default, every ssh command opens a new, independent connection, including the handshake and authentication. However, if you enable ControlMaster in your SSH client configuration (~/.ssh/config), subsequent connections to the same host can reuse an already established channel. This means you don’t re-authenticate or re-negotiate the encryption for each new SSH session, making them near-instantaneous after the first one.
Here’s a snippet for your ~/.ssh/config:
Host *
ControlMaster auto
ControlPath ~/.ssh/control-%r@%h:%p
ControlPersist 600
With this, after your first ssh user@host, any subsequent ssh user@host commands in other terminals will open instantly, even if you’re on a slow network. ControlPersist 600 keeps the master connection open for 10 minutes after the last client disconnects.
Understanding ControlMaster and ControlPath is key to unlocking near-instantaneous SSH connections after the initial handshake.