Lesson 8.1: SSH Fundamentals

SSH (Secure Shell) is your gateway to remote Linux systems. It's the secure, encrypted way to connect to other computers, execute commands, and manage servers from anywhere in the world.

Think of it this way: SSH is like a secure phone call to another computer. Everything you type is encrypted, and both sides verify who they're talking to. No one can eavesdrop on your conversation.

What is SSH?

SSH (Secure Shell) is a network protocol that provides:

Secure Communication: All data is encrypted end-to-end
Remote Access: Control another computer as if you were sitting at it
Authentication: Verify the identity of both client and server
File Transfer: Securely move files between systems
Tunneling: Create secure connections for other services

Why SSH Matters

Before SSH, remote access tools like telnet sent everything in plain text, including passwords! SSH changed everything:

Encryption: No one can intercept your passwords or data
Industry Standard: Used everywhere in professional environments
Versatile: More than just remote login - file transfer, tunneling, and more
Secure: Modern cryptography protects your connections

Historical Context: SSH was created in 1995 by Tatu Ylönen after his university's network was compromised through a password-sniffing attack. It replaced insecure protocols like telnet and rlogin.

Basic SSH Connection

The simplest SSH command connects you to a remote system:

ssh username@hostname

Let's break this down:

ssh - The SSH command
username - Your account name on the remote system
@ - Separates username from hostname
hostname - The remote computer's address (IP or domain name)

Real Examples

# Connect using an IP address
ssh valente@192.168.1.100

# Connect using a domain name
ssh valente@myserver.com

# Connect to a web hosting server
ssh valente@webhost.example.com

First Connection

The first time you connect to a new server, SSH will ask you to verify its identity:

The authenticity of host '192.168.1.100' can't be established. ED25519 key fingerprint is SHA256:abc123def456... Are you sure you want to continue connecting (yes/no/[fingerprint])?

This is SSH's way of preventing "man-in-the-middle" attacks. Type yes to continue:

Warning: Permanently added '192.168.1.100' (ED25519) to the list of known hosts. valente@192.168.1.100's password:

Security Note: In a production environment, you should verify the fingerprint matches what the server administrator provided. For practice environments, it's generally safe to accept.

After Connecting

Once connected, you'll see a command prompt on the remote system:

valente@remoteserver:~$

Now you can:

Run any command as if you were sitting at that computer
Navigate the filesystem with cd, ls, etc.
Edit files with nano, vim, or other editors
Install software, manage services, and more

Example Session

# After connecting via SSH
valente@remoteserver:~$ pwd
/home/valente

valente@remoteserver:~$ ls -la
total 32
drwxr-xr-x 4 valente valente 4096 Dec 10 10:30 .
drwxr-xr-x 3 root    root    4096 Dec 01 09:00 ..
-rw------- 1 valente valente  220 Dec 01 09:00 .bash_logout

valente@remoteserver:~$ hostname
remoteserver

Exiting SSH

When you're done, disconnect from the remote system:

# Any of these will disconnect you
exit
logout
# Or press Ctrl+D

Connection to 192.168.1.100 closed.

SSH with Custom Port

By default, SSH uses port 22. Some servers use different ports for security:

# Connect to custom port 2222
ssh -p 2222 valente@myserver.com

# Connect to port 8022
ssh -p 8022 valente@192.168.1.100

Execute Single Command

Sometimes you just need to run one command on a remote system:

# Run a command without interactive login
ssh valente@myserver.com "ls -la /var/www"

# Check disk space on remote server
ssh valente@myserver.com "df -h"

# Get system information
ssh valente@myserver.com "uname -a"

These commands connect, execute, and disconnect automatically!

SSH Configuration File

Tired of typing long connection commands? Create shortcuts in ~/.ssh/config:

# Create SSH config directory if it doesn't exist
mkdir -p ~/.ssh

# Edit config file
nano ~/.ssh/config

Add connection shortcuts:

# ~/.ssh/config
Host webserver
    HostName myserver.com
    User valente
    Port 22

Host dev
    HostName 192.168.1.100
    User valente
    Port 2222

Now you can connect with simple commands:

# Instead of: ssh -p 22 valente@myserver.com
ssh webserver

# Instead of: ssh -p 2222 valente@192.168.1.100
ssh dev

Common SSH Options

Useful options to customize your SSH connections:

# Verbose output (helpful for troubleshooting)
ssh -v valente@myserver.com

# Extra verbose (even more detail)
ssh -vv valente@myserver.com

# Compress data transfer (good for slow connections)
ssh -C valente@myserver.com

# Specify custom SSH key
ssh -i ~/.ssh/my_key valente@myserver.com

# Enable X11 forwarding (run GUI apps remotely)
ssh -X valente@myserver.com

Troubleshooting Common Issues

Connection Refused

ssh: connect to host 192.168.1.100 port 22: Connection refused

Possible causes:

SSH server not running on remote system
Firewall blocking port 22
Wrong IP address or hostname

Permission Denied

valente@192.168.1.100: Permission denied (publickey,password).

Possible causes:

Wrong username or password
Account locked or expired
SSH keys not properly set up

Host Key Verification Failed

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

This happens when:

Server was reinstalled
Server's SSH keys changed
Possible security issue (someone intercepting)

Fix (if you know it's safe):

# Remove old key from known_hosts
ssh-keygen -R 192.168.1.100

# Then connect again
ssh valente@192.168.1.100

Security Warning: Only remove host keys if you're certain the server was legitimately changed. This warning could indicate a security attack!

SSH Security Best Practices

Use Key Authentication: Much more secure than passwords (next lesson!)
Keep SSH Updated: Run sudo apt update && sudo apt upgrade
Use Strong Passwords: If using password authentication
Verify Host Keys: Check fingerprints on first connection
Disable Root Login: Never allow direct root SSH access
Use Non-Standard Ports: Change from default port 22 to reduce attacks

Quick Reference

# Basic connection
ssh username@hostname

# Custom port
ssh -p 2222 username@hostname

# Execute single command
ssh username@hostname "command"

# Verbose mode (troubleshooting)
ssh -v username@hostname

# Use specific SSH key
ssh -i /path/to/key username@hostname

# Exit SSH session
exit
logout
# Or: Ctrl+D

Practice Exercise

Before moving on, try these tasks:

Connect to a local virtual machine or test server using SSH
Run a few basic commands (pwd, ls, whoami)
Execute a single remote command without logging in
Create an SSH config entry for your test server
Practice connecting and disconnecting multiple times

Practice Environment: If you don't have a remote server, you can practice by SSH'ing to localhost: ssh username@localhost

Key Takeaways

SSH provides secure, encrypted remote access to Linux systems
Basic syntax: ssh username@hostname
First connection requires verifying server fingerprint
SSH config file simplifies frequently-used connections
Can execute single commands without interactive login
Understanding SSH is essential for web development and system administration

Next Up: In the next lesson, we'll learn about SSH keys - a much more secure and convenient way to authenticate than passwords!