ssh, or the secure shell, is one of the essential tools for free software developers, system administrators, and anyone else who needs to get to the command line on remote computers. It forms an encrypted communications channel between two hosts, and allows you to do things across that secure channel:

  • Log into the remote end, to get a command line. You can then use that as if you were using a command line in a terminal window on your local machine.

  • Run X11 programs on the remote end, and have them open windows on your screen.

  • Transfer files using SFTP, an FTP-like file transfer protocol, except not broken and horrible. If you use a Linux desktop, your file manager can probably talk SFTP directly.

  • Forward local ports to the remote end, or the other way around. This can allow you to for example make a server on your laptop available to others on the Internet, or work around a firewall, sort of like a simple VPN.

Examples

If you have ssh installed on your machine, and listening to the localhost interface, try these commands:

ssh localhost
ssh localhost ls -l
ssh localhost -X xterm

The first form gives you an interactive shell on the remote machine, or in this case on your own machine. Normally, you'd connect to another machine instead of localhost, such as your VPS if you have one. Second form executs the command directly and then exits. The third form runs an X11 program on the remote end, but opens its window on your own desktop. All of these work as well (though perhaps more slowly) over the Internet as over localhost.

You can copy files using either the scp or sftp programs. For simple copies, scp is easy:

scp index.html your.server:public_html/

sftp can also be used directly from the command line, in addition to interactively, for fetching files:

sftp your.server:public_html/index.html

For more complicated transfers, and for uploading files, use sftp interactively.

Security

ssh is meant to be secure. Apart from encrypting the connection, it also verifies the server's host key, to help you feel confident you've connected to the right server.

The user can authenticate itself to the server, when logging in, using a password, but ssh also allows a client key. The client key is a public key cryptography key pair (consisting of a public and private key). This is a very powerful feature:

  • The server no longer needs to know a password for you at all. If someone breaks into the server, they can't get your secret password at all.

  • You can load your private ssh key into an ssh agent, and then you don't need to type either a password or the key's passphrase. If you log into other machines often, this is a time saver.

  • You can have a key without a passphrase, which allows a cron job or other batch processes to run stuff on other machines in a reasonably secure manner. The server can further be configured to limit what can be executed using the key.

The more powerful features of ssh can be used wrongly, and can have security risks. You should read the documentation to understand the impact of what you're doing.

Installation

Every Linux distribution and BSD system comes with ssh, and usually at least the client is installed by default. You may need to install the server separately. We'll skip the installation instructions: you're hacker enough to figure that out for your particular system, and installation instructions are really boring to write.

SEE ALSO

Manual pages you should at least skim:

Links to more information: