Skip to main content

SSH Tutorial

This tutorial will guide you through SSH Authentication, Key Management, and Remote Access.

SSH (Secure Shell) is a network protocol that establishes encrypted connections between computers for secure remote access. It operates on TCP port 22 and provides authentication, encryption, and integrity to protect data transmitted over unsecured networks.

Setting up SSH is essential to connecting to our GitHub repos, dedicated servers and VPS.

1. How SSH Authentication Works

SSH (Secure Shell) enables secure remote access to servers. It operates on a client-server model:

  • Client: Initiates the connection using an SSH client (e.g., ssh command).
  • Server: Runs an SSH daemon (sshd) that listens for incoming connections.

Authentication methods include:

  • Password Authentication: The client provides a password to the server.
  • Public Key Authentication: The client proves possession of a private key corresponding to a public key stored on the server.

Public key authentication is more secure and widely recommended. It is what we use for our DevOps.

2. Setting up SSH

Step 1: Generate the Key Pair

The private key is kept secret on your local machine and is used to prove your identity to a remote server; it should never be shared. The public key can be shared freely and is placed on the remote server to authorize your access, allowing the server to verify that connections using the corresponding private key are legitimate.

On your local machine, run:

ssh-keygen -t ed25519 -C "your_email@example.com"

It will prompt you to specify the following:

Enter file in which to save the key (/home/USERNAME/.ssh/id_ed25519):

Just hit enter to save to /home/USERNAME/.ssh/id_ed25519, or ~/.ssh for short.

It may also prompt you to add a passkey, which it will ask for every time you try to connect to a remote machine via that new public key. You can also skip that by hitting enter.

This creates a key pair:

  • Public Key: ~/.ssh/id_ed25519.pub
  • Private Key: ~/.ssh/id_ed25519

It is optional (but preferred) to establish proper file system permissions to these files too. For that you may run the following commands:

chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_ed25519
chmod 644 ~/.ssh/id_ed25519.pub

Step 2: Add the Private Key to the SSH Agent (Optional)

The SSH agent is a background program that holds your private keys in memory and provides them to SSH clients when needed. This means you don’t have to type your passphrase every time you connect to a server — the agent handles authentication on your behalf.

Start the SSH agent:

eval "$(ssh-agent -s)"

Add your private key:

ssh-add ~/.ssh/id_ed25519

Note: At this point, you should ask the remote server's manager for authorization. This is done via adding your public key to the remote server's whitelist. You can view your public key via:

cat ~/.ssh/id_ed25519.pub

3. Connect to a Remote Server

Once your public key is authorized on the server, you can connect using SSH:

ssh username@remote_host
  • Replace username with your server account name.
  • Replace remote_host with the server's IP address or domain name.

If you need to specify a specific port, you can do so with the -p parameter:

ssh -p PORT username@remote_host

Note: You may also transfer files directly via the scp command.