Introduction to ssh command in Linux
ssh (Secure Shell) is a command-line tool in Linux that allows you to log into a remote machine and execute commands. ssh connects and logs into the specified hostname. It uses the default TCP/IP port 22 to log in. It allows secure encrypted communications between two untrusted hosts over an insecure network. It can also forward X11 connections, arbitrary TCP ports, and UNIX-domain sockets over the secure channel.
How to install ssh client
Most of the newer versions of any Linux distribution have ssh tool pre-installed in the system. You can type ssh
in your terminal to check if it is installed.
If you do not get the output like above, you first have to install ssh in your system. You can install from the default package management repositories in any Linux distribution.
To install ssh on CentOS, Fedora, Rocky Linux and RHEL
$ sudo yum install openssh-client
To install ssh on Ubuntu and Debian
$ sudo apt install openssh-client
Since this article is all about SSH client, so the article assumes that you already have a different SSH server to whom you intend to connect using the SSH client.
Different examples to use ssh command
In this article, you will learn to use the ssh command to connect and log in to the remote server.
1. ssh command to connect to a remote machine
You can connect to a remote machine by using its IP address.
$ ssh IP_address
Sample Output:
When you try to connect for the first time, it asks for continuing the connection. Type yes and press Enter. Then it asks you to enter the password, which you will use later to log in to the remote machine.
You can also connect to a remote machine using its name.
$ ssh hostname
Sample Output:
Note:Â You can press "Ctrl + D" or enter exit
command to close the SSH connection.
2. Login with a different user in SSH connection using ssh command
By default, the ssh command logins with the current user when connecting to a remote server. To use another user, you can use the following command:
$ ssh user_name@ip_address
OR
$ ssh -l user_name ip_address
Sample Output:
You can also use the hostname instead of the IP address.
3. ssh command to generate SSH keys
You can generate SSH key pair using ssh-keygen to secure the SSH connections. It generates a pair of public and private keys. When you generate an SSH key pair, you can access a server without entering a password.
$ ssh-keygen
Sample Output:
4. ssh command to copy public SSH key to a server
You need to copy the public SSH key in order to use the key for SSH authentication. To copy the key generated from the previous command, you can use:
$ ssh-copy-id ip_address
Sample Output:
After successfully copying the public key, you do not have to enter a password to connect to a remote server.
5. Print debug information using ssh command
-v
option prints the process information when connecting to a remote server. That information is useful for debugging an authentication issue. You can also use multiple -v
options to print more detailed information. The maximum is 3.
$ ssh -v ip_address
OR to increase the level of verbosity
$ ssh -vv ip_address
OR to further increase the level of verbosity
$ ssh -vvv
Sample Output:
6. ssh command to execute command on remote nodes
You can use SSH command to execute commands on the remote node
$ ssh username@ip_address "command_to_execute"
Sample Output:
7. Execute SSH multiple commands using SSH on remote nodes
We can also execute multiple commands using SSH on the remote node. The first way is by proving multiple commands separated by semi-colon (;
). You can use the following syntax:
$ ssh username@ip_address command1; command2; command3
Sample Output:
You can also use a different syntax by providing End Of File as shown below:
$ ssh username@ip_address << EOFÂ > command1 > command2 > EOF
Sample Output:
Verify the content of /tmp/file.txt
on the remote node:
8. Enable X11 forwarding with ssh command
-X
option lets you enable X11 forwarding. It would be best if you used this option with caution. Users who have file permission on the remote server can access the local X11 display through the forwarded connection. Then an attacker will be able to perform keystroke monitoring. Therefore, X11 forwarding is subjected to X11 SECURITY extension restrictions.
$ ssh -X ip_address
Sample Output:
To disable X11 forwarding, you can use -x
option.
9. Enable trusted X11 forwarding with ssh command
-Y
option enables trusted X11 forwarding with ssh
command. The X11 SECURITY extension restrictions are not applicable for trusted X11 forwarding.
$ ssh -Y ip_address
Sample Output:
10. Bind address on a local machine using ssh command
-b
option allows you to bind address on a local machine as the source address of the connection. It is only useful for systems with more than one address.
$ ssh -b ip_addr1 ip_addr2
Sample Output:
11. ssh command to hide the error message
-q
option suppresses or hides the most warning and diagnostic messages in the output.
$ ssh -q
Sample Output:
12. Initiate SSH connection using a different port number
-p
option specifies the port to connect to the remote SSH server. The default SSH port is 22, so we do not have to specify it. You can view the port number in the/etc/ssh/ssh_config file. If the specified port number does not match with the ssh_config port number, the connection gets refused.
$ ssh -p NUM
Sample Output:
13. Request compression of all data using ssh command
-C
option enables compression for all data (including stdin, stdout, stderr, and data for forwarded X11 and TCP connections). The compression is useful on slow connections and modem lines, but it will slow down things on fast networks.
$ ssh -C <IP/Hostname>
Sample Output:
14. Disable strict host key checking with ssh command
With -o
option, you can specify different options in the format given in the ssh_config file. Â To disable strict host key checking, you can use:
$ ssh -o StrictHostKeyChecking=no ip_address
Sample Output:
15. Specify the protocol version using ssh command
You can use -1
to specify protocol version 1 and -2
to use protocol version 2. The default value is "2,1" which ssh tries to use version 2 and use version 1 if 2 is unavailable.
$ ssh -1 ip_address
OR
$ ssh -2 ip_address
Sample Output:
16. ssh command to use only IPv6 address
You can use -6
option to use only an IPv6 address to connect to a remote server.
$ ssh -6 IPv6_address
Sample Output:
As you can see, the IPv4 address is not supported with -6
option. You can use -4
option to use only the IPv4 address.
17. Set connection timeout value using ssh command
You can specify the timeout in seconds when connecting to the SSH server. The value is applicable when the target is down or unreachable, not when the connection is refused.
$ ssh -o ConnectTimeout=NUM ip_address
Sample Output:
18. Using -o option with ssh command
-o
option is useful for specifying option which has no separate command-line flag. It can be used to change any default value to other possible values. You can find the options and their possible values in ssh_config.
$ ssh -o option=value ip_address
Following are some of the options which can be used above with -o
argument:
AddKeysToAgent AddressFamily BatchMode BindAddress CanonicalDomains CanonicalizeFallbackLocal CanonicalizeHostname CanonicalizeMaxDots CanonicalizePermittedCNAMEs CertificateFile ChallengeResponseAuthentication CheckHostIP Ciphers ClearAllForwardings ... StrictHostKeyChecking TCPKeepAlive Tunnel TunnelDevice UpdateHostKeys UsePrivilegedPort User UserKnownHostsFile VerifyHostKeyDNS VisualHostKey XAuthLocation
For complete list of options you can refer the man page of ssh command.
Summary
These are the most used ssh command examples in Linux. System and network administrators use this command to manage the remote server. You can connect and log in to a remote server with an encrypted method using the SSH tool.
What's Next
6 ssh authentication methods to secure connection (sshd_config)
Further Reading
If you use LDAP, you make sure you also have a local account with the same name and the necessary sudo rights