One day, you’re trying to fix a friend’s computer, but they’re in another city. You don’t want to use a screen-sharing app, and you definitely don’t want to rely on them to follow your instructions step by step.
What you really want is a way to securely log into their computer and just do it yourself. That’s what SSH does. It gives you a secure way to remotely access a computer, almost like you're sitting in front of it.
What Is SSH?
SSH stands for Secure Shell. It’s a network protocol that lets you connect from one machine to another over the internet or a private network, while encrypting everything you do.
If you’re managing a Linux server, a VPS, or cloud infrastructure like AWS or DigitalOcean, you’re probably using SSH; even if you don’t know it yet.
SSH is the industry standard for remote login because it’s secure, lightweight, and incredibly powerful. The “shell” part refers to the command-line interface you get when you connect.
{{cool-component}}
What Does “Secure Shell Protocol” Mean?
When people say secure shell protocol, they’re just talking about the SSH system as a whole. It’s the set of rules that allow encrypted communication between two computers.
This protocol does a few key things:
- Encrypts everything (so attackers can't spy on your connection)
- Authenticates users (only the right person can get in)
- Supports things like file transfers and tunneling
SSH and SSH: What’s the Difference?
You’ll sometimes hear both “SSH” and “ssh” being tossed around. Here’s the difference:
- SSH (all caps) refers to the protocol itself; the whole system of secure communication.
- ssh (lowercase) is the command you run in the terminal to use that system.
So when you type something like:
ssh username@your-server.com
You're using the ssh command to connect using the Secure Shell protocol.
What’s Inside an SSH Session?
Once you connect with SSH, what you're actually getting is a remote terminal session. It's just like your local terminal, except everything runs on the remote machine.
You can:
- Navigate directories
- Edit files using editors like nano or vim
- Install packages
- Restart services
- Monitor system resources
It’s like having remote hands, but through code. You’re not streaming a desktop screen or using a mouse; you're sending pure commands that get executed directly.
And yes, everything is encrypted along the way. That’s why the secure shell protocol is so widely trusted.
You’ll typically see a shell prompt like this:
user@your-server:~$
That means you're in. From here, you’re fully in control of that system, so act carefully.
What Is an SSH Key?
You can log in to SSH using a password or, more securely, with something called an SSH key.
An SSH key is a pair of cryptographic files:
- The public key goes on the server.
- The private key stays on your device and should never be shared.
When you try to connect, the server checks your private key against its public key. If they match, you're in.
Why is this better than passwords?
- No brute-force attacks
- No password to steal
- You can use a passphrase for extra protection
How to Generate SSH Keys
If you're ready to stop typing passwords every time you log into a server, generating an SSH key pair is your first step.
Open your terminal and run:
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
- -t rsa means you're generating an RSA key
- -b 4096 sets the key length (more bits, more secure)
- -C just adds a label so you remember why you made it
You’ll be asked where to save the key. Just hit Enter to use the default location: ~/.ssh/id_rsa.
You’ll also be asked to add a passphrase. This adds an extra layer of protection. You can skip it, but it’s better to use one.
Once done, you’ll have two files:
- id_rsa (this is your private key – never share it)
- id_rsa.pub (this is your public key – you’ll copy this to the server)
To copy your public key to a server, run:
ssh-copy-id username@your-server.com
Now, next time you log in, no password is needed. SSH will use your key instead.
What Is the SSH Port?
By default, SSH uses port 22. This is the secure shell port you’ll see most often.
If you’re running a server, changing the default SSH port can slightly reduce the risk of automated attacks. For example, switching to port 2222 or 8022 won’t stop hackers, but it may avoid common scanning scripts.
You can define the port when connecting:
ssh -p 2222 user@your-server.com
Just make sure the server is configured to listen on that port too.
{{cool-component}}
SSH Options You Should Know
The ssh command supports many options. You don’t need to memorize them, but here are a few you’ll use often:
- -p [port] — connect to a different SSH port
- -i [file] — use a specific private key file
- -L — set up a local port forwarding (for tunneling)
- -v — verbose output (helpful for debugging)
Here’s an example of connecting with a key and a custom port:
ssh -i ~/.ssh/id_rsa -p 2222 user@host.com
You can also configure these options in a file called ~/.ssh/config to save time.
What Can You Actually Do With SSH?
SSH is more than just logging into a remote terminal. Here’s what you can do:
1. Run Commands Remotely
You can send a command directly:
ssh user@host "uptime"
2. Copy Files with SCP or SFTP
To copy a file from your computer to a server:
scp file.txt user@host:/home/user/
Or use sftp for an interactive file transfer session:
sftp user@host
3. Set Up Tunnels
You can use SSH to create secure tunnels, which is useful for:
- Accessing web interfaces on private servers
- Encrypting untrusted connections
- Forwarding ports safely
4. Use Agent Forwarding
This lets you access other servers from within your SSH session using your local SSH key, without copying the key to the server.
How Does SSH Authentication Work?
SSH supports different methods of authentication:
- Password-based: Not recommended unless you have strong controls in place
- Key-based: Much safer and commonly used
- Two-factor (2FA): Optional, but increasingly supported
- Certificate-based: For large orgs needing centralized key control
When setting up authentication, you can also control who has access by editing the ~/.ssh/authorized_keys file on the server.
Using ~/.ssh/config to Save Time
If you connect to multiple servers often, typing out full SSH commands each time can get repetitive. That’s where the SSH config file comes in.
You can create a file at ~/.ssh/config and define shortcuts like this:
Host myserver
HostName 203.0.113.55
User root
Port 2222
IdentityFile ~/.ssh/id_rsa
Now instead of typing a long command, you can just run:
ssh myserver
It’s a small change, but it saves tons of time, especially when you're juggling different servers, usernames, ports, or keys.
Security Tips for SSH
If you’re managing servers, keep your SSH setup locked down. Here’s how:
- Disable password logins: Force key-based auth only
- Change the default SSH port
- Use fail2ban: Blocks brute-force attempts
- Enable UFW or firewalls: Restrict access to known IPs
- Never share your private key
{{cool-component}}
Common SSH Errors and What They Mean
- Permission denied (publickey) → The server doesn’t recognize your SSH key
- Connection refused → SSH isn’t running or wrong port
- Host key verification failed → The server’s fingerprint changed, possible MITM attack
Always check your ~/.ssh/known_hosts file if you suspect fingerprint issues.
Conclusion
SSH is like having a direct line to your server; no fuss, no screen-sharing apps, and no risk of someone snooping in. Once you learn what SSH is, what an SSH key does, and how to work with different SSH options and SSH ports, you’ve got the remote control to practically any system in the world.
Set a meeting and get a commercial proposal right after
Build your Multi-CDN infrastructure with IOR platform
Build your Multi-CDN infrastracture with IOR platform
Migrate seamleslly with IO River migration free tool.
