1. Overview
As more and more sensitive information is transmitted across the Internet, the need for secure, encrypted connections between servers rises.
In this tutorial, we’ll learn about ssh, a protocol and set of tools that provides secure, encrypted communication between servers.
Note that we tested all the commands shown here using Bash; however, they should work with any POSIX-compliant terminal.
2. Configuration
Almost all Unix- and Linux- based operating systems (including macOS) provide a pre-configured ssh program. On the Windows operating system, we can use something like PuTTY or git-bash for Windows to install ssh.
The nice thing about ssh is we don’t need to do anything else for traffic to be encrypted. By default, ssh uses the Diffie-Hellman key exchange to negotiate and swap cryptographic keys and subsequently chose an encryption algorithm for us.
So, once we have ssh on our machine, we can simply start connecting.
3. Accessing a Remote Host
A common use for ssh is connecting to a remote server. For instance, executing the following command will connect us to the host remote-server.com:
ssh [email protected]
After we enter our password on the remote host, that remote host provides us a terminal where we can execute commands as if we were using a shell on our localhost.
Also, note that we can refer to our remote system with a top-level domain, an IP address or a host alias.
4. Port Forwarding
A very useful feature of ssh is port forwarding. This allows us to connect to a local port and have that connection transmitted to some other system that is accessible from the remote system. This can be the system we originally connected to or some other system on that remote network.
To access a port on the connected system we use:
ssh -L 8888:localhost:8080 [email protected]
In this example, the localhost:8080 is relative to the remote system remote-server.com. To access a port on a different system available to the remote system remote-server.com we use:
ssh -L 8888:another-remote-server.com:8080 [email protected]
Here, our local connection to port 8888 is sent across our secure channel to the 8080 port of the another-remote-server.com system which is available to the remote-server.com system on its network.
We can also do reverse port forwarding, allowing the remote system to access ports and systems on the local network using -R on the command line.
Again, we can refer to the remote or local systems with top-level domains, IP addresses or a host aliases defined on remote-server.com when port forwarding.
5. Remote Commands
If we don’t need a shell and just want to execute a single command we can just provide the path to that command on the remote system:
ssh [email protected] /usr/local/bin/some-command
This will run /usr/local/bin/some-command on remote-server.com in a non-interactive session, display any stderr or stdout message in the local terminal and terminate the connection when the command completes execution.
6. X11
Many programs on Unix- and Linux- based systems use GUIs based on the X Window System.
If launched on a remote system in order to see the interface on our local system we use -X:
ssh -X [email protected]
7. Copying Files
Besides local-to-remote connections, we can use our encrypted channel to copy files.
There are a few programs that provide us with this ability.
The first is sftp, which is a secure version of the ftp command. To use it, we just connect using the sftp command and then use it like ftp:
sftp [email protected]
Another program we can use is scp, which provides secure copying from our localhost to the remote server:
scp ./my-local-file.txt [email protected]
We can also use scp to copy files from the remote server to our localhost:
scp [email protected]:my-remote-file.txt ./my-local-copy-of-my-remote-file.txt
Finally, the rsync command much like scp and ftp can copy files from our localhost to our remote server:
rsync ./my-local-file.txt [email protected]:/
It can also copy files from the remote server to our localhost:
rsync [email protected]:/my-remote-file.txt ./my-local-copy-of-my-remote-file.txt
Generally, rsync is faster than sftp and scp.
Before ssh, the File Transfer Protocol (FTP) was the standard protocol used for transfer files from one system to another. However, we should avoid FTP because it transfers data in plain text making it very insecure.
8. Conclusion
In this article, we explored how ssh can provide secure communication under many different circumstances.