Connecting with SSH

ssh, keys, scp — reach a remote server.

Beginner12 min · lesson 11 of 25

SSH (Secure Shell) is how you connect to and run commands on a remote Linux server — an encrypted terminal session over the network. It is the single most important remote-access tool in operations: nearly every server you touch, you reach over SSH. The basic form is ssh user@host, which opens a shell on that machine as that user, and from there you work exactly as if you were sitting at it.

KEY-BASED SSH LOGIN
1ssh-keygen
create a private + public key pair
2ssh-copy-id
install the public key on the server
3ssh user@host
server challenges your key
4Logged in
private key proves you — no password
The private key never leaves your machine; only the public key is placed on the server.
terminal
$ ssh deploy@web-01.acme.internal
deploy@web-01:~$ # you now have a shell ON the remote server
deploy@web-01:~$ hostname
web-01
deploy@web-01:~$ exit # or Ctrl-D to disconnect and return to your machine
$ # back on your local machine

Keys, not passwords

You can authenticate with a password, but the standard is a key pair: you generate a private key (kept secret, on your machine) and a public key (installed on the server). The server challenges your key, and you are in — no password to type or brute-force. Generate a modern key with ssh-keygen, then ssh-copy-id installs your public key on the server. After that, ssh logs you in with the key automatically.

terminal
$ ssh-keygen -t ed25519 # generate a key pair (add a passphrase when asked)
Your identification has been saved in /home/deploy/.ssh/id_ed25519
Your public key has been saved in /home/deploy/.ssh/id_ed25519.pub
$ ssh-copy-id deploy@web-01 # install your PUBLIC key on the server
$ ssh deploy@web-01 # now logs in with the key — no password prompt
deploy@web-01:~$

scp and the SSH config

SSH also moves files: scp (from the command reference) copies over the same secure channel. And typing full host names gets old, so ~/.ssh/config lets you define shortcuts — a friendly name, the real host, the user, the key — so ssh web01 just works. This is where you also set up jump hosts and per-server options; for a beginner, the alias alone saves a lot of typing.

~/.ssh/config
Host web01
HostName web-01.acme.internal
User deploy
IdentityFile ~/.ssh/id_ed25519
# now simply: ssh web01 (and: scp file.txt web01:/opt/app/)
Guard your private key; it is your login
The private key file (id_ed25519, no .pub) is the credential — anyone who copies it can log in as you. Protect it with a passphrase when you generate it, keep its permissions at 600 (SSH refuses a key readable by others), never commit it to a repo or copy it onto a server, and remove your public key from a server’s authorized_keys when you no longer need access. The deep version of SSH security is the hardening course; the beginner rule is simple: the private key never leaves your machine, and it never goes unprotected.