Quick take: The ssh command opens an encrypted shell on a remote server: ssh user@host. Add -p for a non-default port, -i to choose a private key, and append a command to run it remotely without an interactive session.
Introduction
The ssh command (Secure Shell) is how you log in to and run commands on remote Linux servers over an encrypted connection. It replaced insecure tools like telnet and is the foundation of remote administration, deployments, and secure file transfer.
This guide covers connecting with users and ports, key-based authentication, running one-off remote commands, and the tunnelling options that make SSH far more than a remote terminal.
Syntax
The basic syntax of the ssh command is:
ssh [OPTIONS] user@host [COMMAND]Common Options and Parameters
The most useful options and parameters for the ssh command:
| Option | Description |
|---|---|
| -p PORT | Connect to a non-default SSH port (default is 22). |
| -i KEYFILE | Use a specific private key for authentication. |
| -v | Verbose output — invaluable for debugging connection problems. |
| -L l:h:r | Local port forwarding (tunnel a local port to a remote host). |
| -R r:h:l | Remote port forwarding (expose a local service on the server). |
| -D PORT | Dynamic SOCKS proxy through the SSH connection. |
| -N | Do not run a remote command (used for tunnels only). |
| -t | Force a pseudo-terminal (needed for interactive remote commands). |
| -C | Compress the connection. |
| -o opt=val | Pass a configuration option, e.g. -o StrictHostKeyChecking=no. |
Practical Examples
Real ssh commands you can run today:
# Connect to a server
ssh irfan@203.0.113.10
# Connect on a custom port
ssh -p 2222 irfan@server.example.com
# Use a specific private key
ssh -i ~/.ssh/deploy_key deploy@app01
# Run a single command remotely
ssh irfan@server 'df -h'
# Debug a failing connection
ssh -v irfan@server
# Local port forward: reach remote DB on localhost:5432
ssh -N -L 5432:localhost:5432 irfan@dbhostThe SSH Config File and Key Management
Once you manage more than a couple of servers, typing full connection details every time becomes tedious. The ~/.ssh/config file lets you define named hosts with their user, port, key, and options, so a long command collapses into a short alias.
# ~/.ssh/config
Host app01
HostName 203.0.113.10
User deploy
Port 2222
IdentityFile ~/.ssh/deploy_keyWith that in place, ssh app01 connects with the right user, port, and key automatically. Pair it with key-based authentication — generate a key with ssh-keygen -t ed25519 and install it using ssh-copy-id app01 — to log in securely without passwords.
Troubleshooting SSH Connections
When a connection fails, the verbose flag is your best friend: ssh -v user@host prints each step of the handshake and usually pinpoints the problem — wrong key, refused authentication, or a network block.
Common causes have quick fixes: a permission denied error often means the private key has loose permissions (chmod 600 ~/.ssh/id_rsa) or the public key is not in the server's ~/.ssh/authorized_keys. A connection refused means nothing is listening on the SSH port — check the service with systemctl status ssh and confirm the port with ss -tlnp. A host key changed warning appears after a server rebuild; remove the stale entry with ssh-keygen -R host.
Tips and Best Practices
- Set up key-based login (
ssh-keygenthenssh-copy-id user@host) to connect without passwords and improve security. - Use a
~/.ssh/configfile to store hosts, users, ports, and keys so you can just typessh app01. - If a key is rejected, check its permissions — SSH refuses private keys that are group- or world-readable (use
chmod 600).
Final Thoughts
ssh is the front door to every remote Linux server you manage. Learn to connect with users, ports, and keys, run remote commands inline, and build tunnels with -L and -R, and you can administer infrastructure securely from anywhere. Combine it with scp and rsync for file transfer over the same secure channel.
FAQ: ssh Command in Linux
How do I connect to a server with ssh?+
Run ssh user@host, for example ssh irfan@203.0.113.10. You will be asked for a password unless key-based authentication is configured.
How do I use a specific SSH port?+
Use the -p flag: ssh -p 2222 user@host connects on port 2222 instead of the default 22.
How do I log in with an SSH key instead of a password?+
Generate a key with ssh-keygen, copy it to the server with ssh-copy-id user@host, then connect normally. Use -i to pick a specific key file.
How do I run a command on a remote server without logging in?+
Append the command in quotes: ssh user@host 'systemctl status nginx' runs it remotely and returns the output.
Why does SSH say my private key is unprotected?+
SSH refuses keys that other users could read. Fix the permissions with chmod 600 ~/.ssh/id_rsa so only your account can access the key.
Need help with Linux servers or infrastructure?
Work directly with Muhammad Irfan Aslam for Linux, Ubuntu, Docker, DevOps, cloud, CI/CD, or infrastructure support.
Hire Me for Support