Imagine you have rented a cloud server on Hostman to host your website. After purchase, you receive a clean system that you need to set up by installing a web server, uploading files, and so on. Instead of going to a data center with a flash drive, you use the SSH protocol.
In this article, we will discuss how to use SSH in Linux and Windows.
SSH (Secure Shell) is a protocol for remote access to any Linux operating system device, such as computers, servers, and phones. In other words, it allows you to connect to a device located anywhere in the world.
The word "secure" in the protocol's name means that data exchanged between devices is encrypted, allowing you to work with sensitive information like passwords and access codes securely. Data is transmitted in encrypted form, enhancing the security of the data you work with. Connection and authentication are done in one of two ways:
Password login: A shared secret key is created between the client and server, encrypting the traffic.
SSH Key pair login: Before the first connection, the user generates two keys: a public and a private one. These are stored on the remote and local devices, respectively.
This article will explore the protocol's capabilities, SSH command syntax, and SSH daemon settings.
Using a password to log into a server via SSH is unsafe and inconvenient:
A password can be brute-forced.
Passwords can leak accidentally, especially when dealing with multiple devices and different passwords.
Entering a password every session is tiresome.
The most reliable way is to log in using an RSA key pair. Let’s look at how to use SSH keys to connect to remote servers.
First, create keys on your local computer:
ssh-keygen -t rsa
During creation, you will need to choose the location of the SSH key files and a passphrase. To connect without a password, leave the Passphrase field empty. A passphrase is an additional code that protects the key. If your private key is compromised, attackers won't be able to use it without the passphrase.
Next, send the public key to the server:
ssh-copy-id -p 222 -i ~/.ssh/id_rsa.pub [email protected]
This command will create an SSH session. After entering your password, the public key will be copied to the authorized keys file, and you won't need to enter a password again.
You can further enhance security by completely disabling password access. Edit the /etc/ssh/sshd_config
file with the following directives:
PasswordAuthentication no
— disable password login.
PubkeyAuthentication yes
— enable SSH key authentication.
ChallengeResponseAuthentication no
— disable PAM authentication.
After updating the file, reload the SSH daemon:
sudo systemctl reload ssh
To connect, the SSH server (sshd
) must be running on the remote device. In Ubuntu, start it using systemd
:
sudo systemctl start ssh
On Hostman servers, sshd
runs by default.
The sshd
server configuration is in the /etc/ssh/sshd_config
file. Let's look at the main SSH settings you can use.
Port: By default, sshd monitors port 22. Change this to complicate unauthorized access attempts using the Port directive. However, port scanning scripts can still find it, so we recommend closing SSH access for the root user for better security.
Superuser Access: By default, remote root user access is allowed to administer Linux servers, which is unsafe. Use the PermitRootLogin no
directive to disable this.
Protocol: SSH supports protocol versions 1 and 2. Version 2 supports more encryption methods and authentication techniques. Use the Protocol
directive to specify a version: Protocol 2
.
AllowUsers
and AllowGroups
directives. For example:AllowUsers adm1, adm2
Or
AllowGroups admin, infrastructure
You can also deny access to specific users with DenyUsers
and DenyGroups
.
Logging: Set the logging level with the LogLevel
directive. The default is INFO
, but you can use VERBOSE
or disable logging with QUIET
for debugging.
Password Access: Control password access with the PasswordAuthentication
directive, set to yes
(default) or no
.
After making changes, restart the sshd server to apply the new configuration. Ensure you have saved the key file on the server or retained password access to avoid losing access:
sudo systemctl reload ssh
That’s all good for Linux, but you may wonder how to use SSH in Windows.
Well, good news: the latest Windows versions (starting from Windows 10) have a build-in OpenSSH client, so you can simply run Windows PowerShell and connect as usual:
ssh user@server
On older Windows systems, you can use SSH via special applications, which can save connection data and customize color schemes for different sessions, which is useful for managing multiple servers. Popular SSH clients include:
PuTTY
WinSCP
Termius
FileZilla (for SFTP)
MobaXterm
To connect remotely, use the SSH command with the server's IP address or domain name:
ssh example.com
If the local and remote system usernames differ, specify the remote username:
ssh [email protected]
ssh remote@server-ip
End the session with the exit
command.
If the remote server uses a non-default port, specify it with the -p
flag:
ssh -p 222 [email protected]
Common and interesting SSH use cases include file and directory transfer, SSH tunnels, and SFTP.
First, let’s talk about how to transfer files using SSH.
With the sshd
daemon running on your server, you can use utilities like scp
to transfer files using the RCP protocol. To transfer filename.txt
to the ~/trash/txt
directory on example.com
, use:
scp filename.txt [email protected]:~/trash/txt
Reverse the local path and server to copy files from the remote server to your local device. To transfer a directory, add the -r
flag and end the destination path with a slash. For example, to copy the images directory from the server to your local documents folder:
scp -r [email protected]:~/images ~/documents/
You can also transfer files between two remote machines by specifying server paths instead of local files.
SSH tunnels provide secure remote access and file transfer over a protected network. They are commonly used for accessing private networks or creating encrypted channels. To forward a port from a remote server, use the -L
flag. For example, to access a remote database available only on the local machine's port 3306
:
ssh -N 53306:127.0.0.1:3306 [email protected]
In this command, -N
means no command needs to be executed on the remote machine, 53306
is the local port, and 127.0.0.1:3306
is the address where MySQL runs on the remote server.
SFTP (Secure File Transfer Protocol) operates over a secure channel and is part of OpenSSH. If your SSH daemon works correctly, you can use SFTP without additional setup. Unlike standard FTP, SFTP encrypts all data.
Start an SFTP session with the same credentials—login and password or key—as SSH. Specify a different port if you changed the default from 22:
sftp -oPort=222 [email protected]
After successful authentication, you can work with files on the remote server.
In this article, we covered what SSH is and how it works. Knowing the basics of this protocol is essential for system administrators and programmers. SSH allows you to connect to devices anywhere in the world with the same rights and capabilities as if you were physically present.
If you host a website on a private server, an incorrect SSH configuration can lead to unauthorized access and severe consequences.
Any server you rent on Hostman is accessible via SSH by default. If you need additional configuration, our support is always available to help.