SSH (Secure Shell) for remote access, file transfer, and secure communications.

SSH Keys vs Passwords

SSH keys provide better security and convenience than passwords.

Generate Keys

1
2
3
4
5
6

# Generate SSH key pair
ssh-keygen -t ed25519 -C "[email protected]"

# Files created:
# ~/.ssh/id_ed25519     # Private key (never share)
# ~/.ssh/id_ed25519.pub # Public key (deploy to servers)

Deploy Public Key

1
2
3
4
5
6

# Copy public key to server
ssh-copy-id [email protected]

# Or manually
cat ~/.ssh/id_ed25519.pub | ssh [email protected] \
  'mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys'

Basic Operations

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14

# Connect to server
ssh [email protected]

# Execute command remotely
ssh [email protected] uptime

# Copy file to server
scp file.zip [email protected]:/path/to/destination/

# Copy file from server
scp [email protected]:/path/file.zip ./

# Copy directory recursively
scp -r directory [email protected]:/tmp/

SSH Config

~/.ssh/config:

Host prod
    HostName server.example.com
    User na
    IdentityFile ~/.ssh/id_ed25519
    IdentitiesOnly yes

Host staging
    HostName staging.example.com
    User deploy
    Port 2222

Host *
    Compression yes
    ControlMaster auto
    ControlPath ~/.ssh/master-%h:%r:%p
    ControlPersist 60

Usage:

1
2
3
4
5

# Connect using alias
ssh prod

# Much shorter than:
ssh -i ~/.ssh/id_ed25519 [email protected]

Connection Multiplexing

Reuse existing connections for speed:

Host *
    ControlMaster auto
    ControlPath ~/.ssh/master-%h:%r:%p
    ControlPersist 10m

First connection creates a master socket. Subsequent connections reuse it (instant login, no re-authentication).

Agent Forwarding

Use local SSH keys on remote servers:

Host jumphost
    HostName jump.example.com
    ForwardAgent yes

Security warning: Only use on trusted servers.

Jump Hosts

Connect through intermediate servers:

Host internal
    HostName internal.local
    ProxyJump jumphost

Or command line:

1

ssh -J jumphost internal

Tips

  • Never share private keys
  • Use strong passphrases for private keys
  • Keep ~/.ssh permissions at 700
  • Keep private keys at 600 permissions
  • Use ssh-agent to avoid repeatedly entering passphrases
  • Disable root login on servers: PermitRootLogin no
  • Use key-based auth exclusively: PasswordAuthentication no
~
Last updated: 2025-01-19