Skip to main content
HashnodeJedidiah's Blog

Command Palette

Search for a command to run...

A Beginner's Guide to SSH

Everything you need to start using SSH confidently - from your first connection to production-ready security practices

Updated
9 min read
A Beginner's Guide to SSH
J
Jedidiah Amaraegbu

Full Stack Engineer (TypeScript, React.js, Node.js) and Stripe Implementation Architect with 6+ years of experience, leveraging AI-native workflows (Cursor, Claude Code) to deliver scalable solutions to improve user interactions and business processes. Proven track record of mentoring 200+ developers across 3 continents and implementing enterprise payment solutions. Specialist in clean architecture and modern stacks.

If you've ever needed to access a remote server, deploy code, or manage a cloud instance, you've probably encountered SSH. This guide will teach you everything you need to get started with SSH quickly and confidently.

💡 Want more details? Check out the Complete SSH Guide for in-depth explanations, advanced features, and comprehensive troubleshooting.

TL;DR (Quick Reference)

Need SSH basics right now? Here's the essentials:

# Check if SSH is installed
ssh -V

# Connect to a remote server
ssh username@hostname

# Generate SSH key pair (recommended: ED25519)
ssh-keygen -t ed25519 -C "<your_email>"

# Copy public key to server
ssh-copy-id -i ~/.ssh/id_ed25519.pub username@hostname

# Connect without password (after key setup)
ssh username@hostname

# Copy file to server
scp local_file.txt username@hostname:/remote/path/

# Sync directories
rsync -avz local_folder/ username@hostname:/remote/folder/

Key Security Tips:

  • ✅ Always use key-based authentication (not passwords)
  • ✅ Add a passphrase to your private keys
  • ✅ Never share your private key
  • ✅ Set permissions: chmod 600 ~/.ssh/id_ed25519
  • ✅ Keep your SSH client updated

What is SSH?

SSH (Secure Shell) is a protocol that enables secure communication between computers over the internet. Think of it as a secure tunnel between your computer and a remote server that allows you to:

  • Execute commands on a remote machine
  • Transfer files securely
  • Access services on remote servers
  • Manage servers without physical access

SSH replaced older, insecure protocols like Telnet, which transmitted data (including passwords!) in plain text. With SSH, everything is encrypted.

Why SSH Matters

As a developer, SSH is one of those tools you'll use almost daily:

  • Remote Server Management - Access servers located anywhere in the world
  • Secure File Transfers - Copy files between machines safely
  • Cloud Computing - AWS, Google Cloud, Azure all rely on SSH
  • Deployment - Deploy applications and run scripts remotely
  • Version Control - GitHub and GitLab use SSH for repository access
  • Industry Standard - It's how professionals work with servers

How SSH Works (Simple Explanation)

You don't need to be a cryptography expert! Here's what you need to know:

The Security Layers

SSH uses three types of encryption to keep your data safe:

  1. Symmetric Encryption - Both computers share a secret key that encrypts all data in the session
  2. Asymmetric Encryption - Uses a public/private key pair (like a lock and key that only you have)
  3. Hashing - Creates a fingerprint of each message to detect tampering

What Happens When You Connect

  1. Handshake - Your computer and the server agree on encryption methods
  2. Key Exchange - Both create a shared secret key (without sending it over the network!)
  3. Authentication - You prove who you are (password or SSH key)
  4. Secure Session - Everything is now encrypted

💡 The beauty of SSH is that even if someone intercepts your connection, they can't read the data or figure out the keys.

Your First SSH Connection

Prerequisites

Most systems come with SSH pre-installed. Check by running:

ssh -V

If you see a version number, you're ready!

Windows users: Windows 10/11 includes OpenSSH. Alternatively, use any of:

  • Windows Subsystem for Linux (WSL)
  • Git Bash
  • PuTTY

Basic Connection

ssh username@hostname

Example:

ssh john@192.168.1.100
# or with a domain
ssh john@example.com

First-Time Connection

When connecting for the first time, you'll see:

The authenticity of host '192.168.1.100' can't be established.
ED25519 key fingerprint is SHA256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.
Are you sure you want to continue connecting (yes/no)?

This is normal! Type yes to continue. SSH is saving the server's fingerprint to protect you from future impersonation attempts.

⚠️ If you see this on a server you've connected to before, it could indicate a security issue. Verify with your system administrator first!

Using a Custom Port

Some servers use non-standard ports:

ssh -p 2222 username@hostname

Password Login

After connecting, you'll be prompted for your password:

<your_email> password:

Type it (it won't show on screen) and press Enter.

Important: Once you're comfortable, switch to key-based authentication—it's more secure and convenient.

Setting Up Key-Based Authentication

This is the recommended and most secure way to use SSH. It's like having a master key instead of remembering passwords.

Step 1: Generate Your SSH Keys

Run this on your local machine:

ssh-keygen -t ed25519 -C "<your_email>"

What this does:

  • Creates a public key (like a lock) that you share with servers
  • Creates a private key (like your personal key) that stays on your computer

Prompts you'll see:

Enter file in which to save the key (/Users/you/.ssh/id_ed25519):

Press Enter to use the default location.

Enter passphrase (empty for no passphrase):

Add a passphrase! This protects your key if someone steals your computer.

Result:

  • Private key: ~/.ssh/id_ed25519 (NEVER share this!)
  • Public key: ~/.ssh/id_ed25519.pub (safe to share)

💡 Why ED25519? It's the modern standard (as of 2025) - more secure and faster than older RSA keys.

Step 2: Copy Your Public Key to the Server

The easiest method:

ssh-copy-id -i ~/.ssh/id_ed25519.pub username@hostname

Enter your password one last time. This command copies your public key to the server's authorised keys list.

Step 3: Set Proper Permissions

On the server, ensure correct permissions:

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

SSH requires these restrictive permissions for security.

Step 4: Test Your Connection

ssh username@hostname

You should connect without a password! (You might need to enter your key's passphrase if you set one.)

Step 5: Use SSH Agent (Optional)

Tired of entering your passphrase? The SSH agent remembers it for you:

# Start the agent
eval "$(ssh-agent -s)"

# Add your key
ssh-add ~/.ssh/id_ed25519

Now you won't be prompted for your passphrase until you restart your computer!

Common Tasks

Execute Remote Commands

Run a command without opening an interactive session:

ssh username@hostname 'ls -la /var/www'

The command runs on the remote server and displays output locally.

Transfer Files

Copy a file to the server:

scp /path/to/local/file.txt username@hostname:/remote/path/

Copy a file from the server:

scp username@hostname:/path/to/remote/file.txt /local/path/

Copy a directory (recursively):

scp -r /local/directory username@hostname:/remote/path/

Sync Directories with Rsync

For large transfers or syncing, use rsync (faster and more efficient):

rsync -avz /local/folder/ username@hostname:/remote/folder/

Flags explained:

  • -a = Archive mode (preserves permissions, timestamps)
  • -v = Verbose (shows what's being transferred)
  • -z = Compress during transfer (faster over slow networks)

Exclude files:

rsync -avz --exclude 'node_modules' --exclude '*.log' . username@hostname:~/project/

Create SSH Shortcuts

Tired of typing long commands? Create a config file!

Edit ~/.ssh/config:

Host myserver
    HostName 192.168.1.100
    User john
    Port 22
    IdentityFile ~/.ssh/id_ed25519

Host production
    HostName prod.example.com
    User deploy
    IdentityFile ~/.ssh/prod_key

Host github.com
    User git
    IdentityFile ~/.ssh/github_key

Now type:

ssh myserver

Much easier than:

ssh -i ~/.ssh/id_ed25519 john@192.168.1.100

Set permissions:

chmod 600 ~/.ssh/config

Essential Security Practices

1. Use Keys, Not Passwords

  • Generate strong SSH keys (ED25519 or RSA 4096-bit)
  • Add passphrases to your private keys
  • Never reuse keys across different contexts (work vs personal)

2. Protect Your Private Keys

Critical rules:

  • NEVER share your private key with anyone
  • NEVER store it in cloud storage or Git repositories
  • Set proper permissions: chmod 600 ~/.ssh/id_ed25519
  • Back up keys to a secure, encrypted location

3. Keep Software Updated

Security vulnerabilities are discovered regularly:

# Check your SSH version
ssh -V

# Update regularly (at least monthly)
sudo apt update && sudo apt upgrade  # Ubuntu/Debian
brew upgrade openssh                  # macOS

⚠️ Ensure you're running OpenSSH 8.0 or newer (2025 recommendation).

4. Server Hardening (If You Manage Servers)

Edit /etc/ssh/sshd_config:

# Disable root login
PermitRootLogin no

# Disable password authentication (use keys only)
PasswordAuthentication no

# Limit which users can SSH
AllowUsers john jane deploy

Always test before restarting:

sudo sshd -t                    # Test configuration
sudo systemctl restart sshd     # Apply changes

⚠️ Keep a backup session open when making SSH config changes to avoid locking yourself out!

Troubleshooting

Permission Denied (publickey)

Problem: Can't connect even though you set up keys.

Solutions:

  1. Verify key is on the server:

    ssh-copy-id -i ~/.ssh/id_ed25519.pub username@hostname

  2. Check permissions:

    chmod 600 ~/.ssh/id_ed25519
ssh username@hostname "chmod 700 ~/.ssh && chmod 600 ~/.ssh/authorized_keys"

  3. Make sure SSH agent has your key:

    ssh-add ~/.ssh/id_ed25519
ssh-add -l  # List loaded keys

  4. Specify the correct key:

    ssh -i ~/.ssh/id_ed25519 username@hostname

Connection Timeout

Problem: Connection hangs or times out.

Possible causes:

  • Server is down (ping hostname to check)
  • Firewall blocking port 22
  • Wrong hostname/IP address
  • SSH daemon not running on the server

If you have console access:

   sudo systemctl status sshd
   sudo systemctl start sshd

Host Key Verification Failed

Problem: Warning about host identification changed.

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Causes:

  • Server was reinstalled or reconfigured
  • Could be a man-in-the-middle attack

Solution (only if you trust this change):

ssh-keygen -R hostname

This removes the old fingerprint. Try connecting again.

Connection Keeps Dropping

Problem: SSH session disconnects after being idle.

Solution: Add to your ~/.ssh/config:

   Host *
       ServerAliveInterval 60
       ServerAliveCountMax 3

This sends a keepalive signal every 60 seconds.

Debugging Mode

When you're stuck, use verbose mode to see what's happening:

ssh -v username@hostname      # Verbose
ssh -vv username@hostname     # More verbose
ssh -vvv username@hostname    # Maximum verbosity

This shows every step of the connection process and helps identify problems.

Next Steps

Congratulations! You now know how to use SSH securely and effectively.

Practice Ideas

  1. Set up a test server - Use DigitalOcean, AWS Free Tier, or a Raspberry Pi
  2. Create your SSH config - Make your workflow more efficient
  3. Automate a task - Try deploying code or backing up files with SSH
  4. Learn Git over SSH - Set up SSH keys for GitHub/GitLab

Learn More

Ready to level up? Check out the Complete SSH Guide for:

  • Deep Cryptography Dive - How Diffie-Hellman key exchange really works
  • Advanced Port Forwarding - Local, remote, and dynamic tunnelling
  • Jump Hosts & ProxyJump - Navigate complex network topologies
  • SSH Multiplexing - Reuse connections for faster performance
  • SFTP - Interactive file transfers
  • SSH Certificates - Enterprise-scale key management
  • Comprehensive Config Templates - Production-ready configurations for AWS, GitHub, bastion hosts, and more
  • In-depth Security Hardening - 2FA, fail2ban, audit logging

Essential Commands Cheat Sheet

# Connection
ssh user@host
ssh -p 2222 user@host          # Custom port

# Key generation
ssh-keygen -t ed25519 -C "<your_email>"
ssh-copy-id -i ~/.ssh/id_ed25519.pub user@host

# File transfer
scp file.txt user@host:/path/
scp -r folder/ user@host:/path/
rsync -avz folder/ user@host:/path/

# SSH agent
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_ed25519
ssh-add -l

# Troubleshooting
ssh -v user@host               # Debug connection
ssh-keygen -R hostname         # Remove old host key

Key Takeaways

  • SSH is the industry standard for secure remote access
  • Key-based authentication is more secure than passwords
  • Protect your private keys like you'd protect your house keys
  • Use ED25519 keys for modern, secure encryption (2025 standard)
  • The SSH config file makes your life easier

Remember: SSH gets easier with practice. Start simple, build confidence, and gradually explore more features.

Happy (secure) connecting! 🔐

#ssh#devops#security#linux#remote-access#authentication#server-management#terminal

Comments

Join the discussion

No comments yet. Be the first to comment.

More from this blog

Jedidiah's Blog

21 posts