SSH (Secure Shell) Command Guide

Overview of SSH

SSH operates on a client-server model, connecting to an SSH server using an SSH client. It uses port 22 by default and protects communication from threats like man-in-the-middle attacks and data interception through strong encryption.

Main Features of SSH

SSH offers the following main features:

Key Features of SSH

Remote Command Execution: You can execute commands directly on a remote server.
Secure File Transfer: You can securely transfer files using `scp` (Secure Copy) or `sftp` (SSH File Transfer Protocol).
Port Forwarding (Tunneling): Creates an encrypted tunnel between a local port and a remote port to securely access specific services.
X11 Forwarding: Allows you to run GUI applications from the remote server on your local PC.
SSH Key-Based Authentication: Provides a more secure and convenient authentication method using a public-private key pair instead of a password.

Main SSH Commands

Learn how to connect to a remote server and perform various tasks using SSH commands. Combine each option to utilize the features you need.

1. Basic Connection and Authentication

2. Advanced Features and Forwarding

Generated command:

Try combining the commands.

Description:

`ssh` Executes the command.

Combine the above options to virtually execute commands with AI.

SSH Key-Based Authentication

SSH key-based authentication is a much safer and more convenient method than password authentication. It uses a public-private key pair for authentication, reducing the risk of password exposure.

Generating SSH Keys

Use the `ssh-keygen` command to generate a public-private key pair. By default, the `~/.ssh/id_rsa` (private key) and `~/.ssh/id_rsa.pub` (public key) files are created.

SSH Key Generation Command

ssh-keygen -t rsa -b 4096

Generates a new SSH key pair on disk. You can set the key storage location and passphrase.

Distributing the Public Key

The generated public key (`id_rsa.pub`) must be added to the `~/.ssh/authorized_keys` file in the user's home directory on the remote server. Users with the public key registered in this file can access the server without a password using the corresponding private key.

Copying Public Key to Server (Using ssh-copy-id)

ssh-copy-id user@hostname

Using the `ssh-copy-id` command allows you to easily copy the public key to the remote server. It is the most recommended method.

Manual Copying of Public Key (Using scp)

scp ~/.ssh/id_rsa.pub user@hostname:~/
ssh user@hostname "mkdir -p ~/.ssh && cat ~/id_rsa.pub >> ~/.ssh/authorized_keys && chmod 700 ~/.ssh && chmod 600 ~/.ssh/authorized_keys && rm ~/id_rsa.pub"

If `ssh-copy-id` cannot be used, you can copy the public key file to the server using `scp` and then manually add it to `authorized_keys`.

SSH Configuration File (~/.ssh/config)

Using the SSH configuration file (`~/.ssh/config`) allows you to conveniently store connection information for frequently accessed servers. You can connect simply using an alias without having to input complex options each time.

Example of Configuration File

Below is an example of the `~/.ssh/config` file. You can define connection settings for multiple hosts.

Contents of config File

Host myserver
  HostName 192.168.1.100
  User myuser
  Port 2222
  IdentityFile ~/.ssh/my_server_key.pem

Host dev-web
  HostName dev.example.com
  User webadmin
  ForwardAgent yes
  LocalForward 8080 localhost:80

Key Configuration Options

Key options that can be used in the `config` file.

Host: This is the alias for this configuration block. Used as `ssh myserver`.
HostName: The IP address or domain name of the remote host you will connect to.
User: The username to connect to the remote server.
Port: The port number to connect to.
IdentityFile: The path to the private key file used for authentication.
LocalForward: Sets up local port forwarding. `LocalForward [local_port] [remote_host]:[remote_port]`
RemoteForward: Sets up remote port forwarding. `RemoteForward [remote_port] [local_host]:[local_port]`
ForwardAgent: Enables SSH agent forwarding. Useful when connecting through multiple servers.
ServerAliveInterval: Periodically sends a signal to the server to prevent the SSH connection from dropping. (in seconds)
StrictHostKeyChecking: Sets whether to verify the host key. `yes` or `no`

Connecting Using the Configuration File

ssh myserver

If you defined a Host alias `myserver` in the `~/.ssh/config` file, you can connect simply as follows.

Usage Examples

Learn real scenarios such as remote server management and file transfer through various usage examples of SSH commands.

Basic SSH Connection

ssh testuser@192.168.1.100

Connects to the server 192.168.1.100 as the user testuser. A prompt will appear for entering the password.

Connecting Using SSH Key File

ssh -i ~/.ssh/my_key.pem ubuntu@ec2-1-2-3-4.compute-1.amazonaws.com

Connects to the server using the private key file `~/.ssh/my_key.pem` instead of a password. (Commonly used in cloud environments)

Executing a Single Command Remotely

ssh user@hostname "ls -l /var/log"

Executes the command `ls -l /var/log` on the remote server without logging in and retrieves the result locally.

Local Port Forwarding (Accessing Web Service)

ssh -L 8888:localhost:80 user@hostname

Accesses the remote server's port 80 (web server) through port 8888 on the local PC. It feels like the web server is local.

Copying Files Using SCP (Local -> Remote)

scp mylocalfile.txt user@hostname:/tmp/

Copies the file `mylocalfile.txt` from the local machine to the `/tmp/` directory on the remote server.

Copying Files Using SCP (Remote -> Local)

scp user@hostname:/var/log/syslog .

Copies the file `/var/log/syslog` from the remote server to the current directory on the local PC.