How To Ssh From Linux

How To Ssh From Linux

Reading time1 min
#Linux#Security#SSH#SSHConfig#SSHKeyAuthentication#PortForwarding

Mastering SSH from Linux: Beyond Basic Connections to Advanced Secure Practices

Forget just “how to connect”—discover the overlooked SSH configurations and practices that separate amateurs from pros in Linux administration. This guide flips the script on SSH by focusing on security hardening, efficient workflow hacks, and customized client/server settings that save time and protect your resources.

Why Master SSH Beyond Basics?

SSH (Secure Shell) is the lifeblood of Linux system administration. Almost every Linux user knows how to log into a remote server:

ssh user@remote-host

But beyond this simple command lies a wealth of potential to optimize your workflow, defend against attacks, and seamlessly manage complex environments.

In this post, we’ll explore:

  • Secure key-based authentication and disabling passwords
  • Creating SSH config files for effortless connections
  • Leveraging control master for faster repeated logins
  • Using port forwarding to securely access services behind firewalls
  • Hardening your SSH server to resist attacks

1. Use Key-Based Authentication Instead of Passwords

Why?

Passwords can be guessed or brute-forced. Public/private key pairs provide stronger, computationally secure authentication.

How?

Generate keys if you don't have them yet:

ssh-keygen -t ed25519 -C "your_email@example.com"

This creates two files:

  • ~/.ssh/id_ed25519 (private key)
  • ~/.ssh/id_ed25519.pub (public key)

Transfer your public key to the remote server with:

ssh-copy-id user@remote-host

Now you can log in without passwords:

ssh user@remote-host

Optional: Disable password authentication on the server

Edit /etc/ssh/sshd_config on the server to set:

PasswordAuthentication no
ChallengeResponseAuthentication no

Then reload sshd:

sudo systemctl reload sshd

This step drastically improves security by forcing key-based login only.

2. Simplify Connections with Your SSH Config File

If you routinely connect to multiple servers or non-standard ports, create a config file in ~/.ssh/config with entries like:

Host devserver
    HostName dev.example.com
    User alice
    Port 2222
    IdentityFile ~/.ssh/id_ed25519_dev

Host prod-db
    HostName db1.prod.example.com
    User dbadmin
    ForwardAgent yes

Now instead of typing full commands with options, just run:

ssh devserver

You can also customize per-host settings like agent forwarding, key files, jump hosts, etc.

3. Speed Up Repeated Connections with ControlMaster

Opening a new SSH connection initiates a handshake each time—this can be slow if you connect frequently.

Enable connection multiplexing by adding this to your ~/.ssh/config:

Host *
    ControlMaster auto
    ControlPath ~/.ssh/control-%r@%h:%p
    ControlPersist 10m

This lets multiple ssh sessions reuse a single TCP connection. Opening new terminals connected to the same host will be instant.

Test it out:

ssh user@remote-host   # first connection (takes normal time)
ssh user@remote-host   # subsequent connections open instantly!

4. Use SSH Port Forwarding for Tunneling Services

Whether you want to securely connect to a remote database or access internal web services, SSH port forwarding is essential.

Local Port Forwarding

For example, forward your local port 8080 to a remote internal webserver’s port 80 via SSH:

ssh -L 8080:internal-webserver:80 user@bastion-host.example.com

Then open http://localhost:8080 in your browser — traffic will securely tunnel through bastion-host.

Remote Port Forwarding

Reverse case: Allow a remote machine access to your local service.

ssh -R 9090:localhost:3000 user@remote-server.example.com

Now users on remote-server can access your local service at port 3000 through port 9090.

5. Secure Your SSH Server Against Attacks

Beyond strong keys and disabling passwords, take these extra steps on the server side:

  • Change the default listening port

In /etc/ssh/sshd_config, change Port 22 to something less predictable like Port 2222.

  • Limit users who can log in
AllowUsers alice bob adminuser
  • Disable root login

Set:

PermitRootLogin no
  • Use fail2ban or similar tools
    Install fail2ban to auto-block IPs after too many failed attempts.
sudo apt install fail2ban

# Basic jail configuration typically includes sshd by default.
# Customize as needed in /etc/fail2ban/jail.local.

Bonus Tip: Jump Hosts (ProxyJump) for Multi-Hop Connections

Sometimes you can't access servers directly but must go through an intermediate host (jump/bastion).

Add this to your ssh config:

Host internal-server
    HostName internal.example.com
    User alice
    ProxyJump bastion@example.com:22

Now simply run:

ssh internal-server

SSH will transparently tunnel through bastion host for you.

Wrapping Up

While it’s easy to get started with just a simple ssh user@host, mastering these advanced practices transforms SSH into a tool that enhances productivity and security. Key-based auth keeps your credentials safe; the config file saves keystrokes; control master speeds things up; tunneling extends access; and hardening keeps intruders out.

Start integrating these steps today—your future self (and sysadmins!) will thank you.

Have tips or favorite SSH tricks? Drop them in the comments below!

Related Articles

How To Use Ssh In Linux

Mastering SSH in Linux: Secure, Efficient Remote Access Beyond Basics

1 min

How To Install Ssh Ubuntu

Mastering Secure Access: Step-by-Step Guide to Installing and Configuring SSH on Ubuntu

1 min

How To Make A Linux Server

Building a Lean, Secure Linux Server from Scratch: The Minimalist Approach

1 min
← Back to Blog