Privacy Policy
© 2025 linux101.dev

ssh (Secure Shell)

ssh is a cryptographic network protocol for operating network services securely over an unsecured network. Its most notable applications are remote login and command-line execution.

Basic Connections

Connect to a Server

ssh user@hostname

Connects to the server at hostname as the user user. You will be prompted for a password. Example: ssh admin@192.168.1.100.

Connect on a Different Port

ssh -p 2222 user@hostname

The -p flag allows you to specify a port number if the SSH server is not running on the default port 22.

How to Change the Default SSH Port (on the Server)

Changing the default SSH port from 22 to something else is a common security practice to reduce exposure to automated bot attacks. This must be done on the SSH server you are connecting to.

1. Edit the SSHD Configuration File

sudo nano /etc/ssh/sshd_config

Open the main SSH daemon configuration file with a text editor like nano or vim.

2. Change the Port Number

 # Port 22
 Port 2222

Find the line that says # Port 22. Uncomment it (remove the #) and change the number to your desired port (e.g., 2222). Save and close the file.

3. Restart the SSH Service

sudo systemctl restart sshd

Apply the changes by restarting the SSH daemon. Your server will now listen on the new port.

4. Update the Firewall

sudo ufw allow 2222/tcp

Crucial step: You must allow traffic through the new port in your firewall, otherwise you will be locked out. If you are removing access on port 22, make sure you have successfully connected on the new port first before running sudo ufw deny 22.

SSH Key-Based Authentication (Passwordless Login)

Using SSH keys is much more secure than using passwords. The process involves creating a pair of cryptographic keys (a public and a private one) on your local machine.

1. Generate SSH Keys (on your local machine)

ssh-keygen -t rsa -b 4096

This command starts the key generation process. It's recommended to accept the default file location and add a strong passphrase when prompted for an extra layer of security.

2. Copy Public Key to Server

ssh-copy-id user@hostname

This is the easiest way. It automatically copies your public key (~/.ssh/id_rsa.pub) to the correct file on the server (~/.ssh/authorized_keys) and sets the right permissions. You will be asked for your password one last time.

3. (Optional) Disable Password Authentication on Server

sudo nano /etc/ssh/sshd_config

For maximum security, you can disable password logins entirely. Open the SSH config file and change PasswordAuthentication yes to PasswordAuthentication no. Then, restart the SSH service with sudo systemctl restart sshd. Warning: Make sure key-based login is working correctly before you do this, or you could be locked out.