Introduction
This content aims to offer a comprehensive guide on how to use SSH (Secure Shell) for remote operations under Linux, including basic SSH connections, custom hostname mapping, configuring aliases for connections, setting up key authentication, and using SCP (Secure Copy Protocol) to transfer files. We will start with how to establish a standard SSH remote connection, then explain how to simplify daily remote access by modifying the /etc/hosts
file for custom hostname mapping. Following that, this guide will instruct you on how to further simplify SSH commands by configuring SSH aliases. Regarding security, we will demonstrate how to enhance security by replacing traditional password authentication with key authentication. Finally, we will introduce how to securely and efficiently transfer files and directories between local and remote hosts using the SCP tool. Whether you are a system administrator, developer, or just a Linux user, mastering these skills will save you a considerable amount of time in your daily work while also ensuring the security of data transfers.
General SSH Remote Connection
SSH is a protocol for secure remote login and other secure network services over a network. With SSH, users can remotely access Linux servers or devices from any location via the network. SSH provides encrypted sessions, encrypted data transmission, ensuring the security and confidentiality of communication. Most Linux distributions come pre-installed with an SSH client. Windows users can install PuTTY or use the SSH client feature added after Windows 10.
Format and Example:
Here is the general format for an SSH remote connection:
ssh [user]@[remote] -p [port]
[user]
, [remote]
, and [port]
are your actual username, remote server address, and port number. If -p [port]
is omitted, it defaults to 22, the default listening port for the SSH Server. Using this general format requires entering the user login password each time you connect.
For example, to connect to a host with the address 34.77.26.88
, username tjsimpletg
:
ssh tjsimpletg@34.77.26.88
On the first connection, you will be prompted for “fingerprint” verification, with a prompt to enter yes/no
. When the SSH client connects to an SSH server for the first time, it checks whether the server’s ssh key fingerprint is in the client’s known hosts file. If not, the client prompts the user to verify if the fingerprint is the expected server fingerprint. After confirmation by the user, the server’s key is saved in the client’s known hosts file, eliminating the need for this step in future connections.
Custom Hostname Mapping
In Linux systems, the /etc/hosts
file plays an important role as the static table lookup for hostname. It provides a static lookup table for mapping between IP addresses and hostnames (including aliases of the hostname). This means that all network programs on the system will first query the /etc/hosts
file to resolve the IP address corresponding to a hostname before resorting to DNS services for name resolution. Its resolution priority order is: DNS cache > hosts
file > DNS service.
Difference Between Hostname and Domain Name:
- Hostname: Primarily used within a local area network (LAN) to identify individual devices on the network. By editing the
/etc/hosts
file, hostnames can be directly resolved to their corresponding IP addresses without the need for external DNS services. - Domain Name: Usually used on the internet, representing an IP resource’s address with a meaningful sequence of characters for easy memorization. Although domain names are primarily used on the internet, users can perform custom resolution for specific domain names locally by adding entries in the
/etc/hosts
file, independent of internet DNS resolution.
Format and Example:
In the /etc/hosts
file, each line’s format is typically:
IP address Hostname/Domain_Name Host_Alias(optional)
For example, to map the IP address 34.77.26.88
to the hostname cloudhost
, add the following entry in the /etc/hosts
file:
34.77.26.88 cloudhost
By adding custom mappings in the /etc/hosts
file, users can achieve quick and convenient access to hosts both within and outside the LAN, especially useful for network testing or development when one wishes to bypass DNS queries to speed up access or for specific network configurations.
At this point, you can use the custom hostname for SSH connection:
ssh tjsimpletg@cloudhost
Configuring Aliases for Connections
When using SSH for remote connections, it can be tedious and inefficient to enter a long command each time (including the username, IP address or domain name, port, etc.). Fortunately, SSH allows you to set aliases for frequently used connections in the ~/.ssh/config
file, simplifying the connection process. After configuring an alias, you only need to use a short name to quickly start the connection, greatly improving work efficiency.
To configure an alias for an SSH connection, you need to edit or create the ~/.ssh/config
file and add a corresponding configuration section for each connection you want to simplify.
Add a new Host entry in the file to define the alias, with the following format:
Host [alias]
HostName [IP address or domain name or hostname of the remote server]
User [username on the remote server]
Port [port number]
- Host: This is the alias you set for the connection, which you can use later to initiate an SSH connection.
- HostName: This is the IP address or domain name or hostname of the remote server, the target you usually need to connect to.
- User: The username required to log in to the remote server.
- Port: The port the SSH server listens on. If not specified, the default is 22.
Example
Continuing with the example we used above, you would need to add the following configuration in the ~/.ssh/config
file:
Host cloud
HostName 34.77.26.88
User tjsimpletg
Port 22
Or, using the custom hostname we set earlier:
Host cloud
HostName cloudhost
User tjsimpletg
Port 22
After configuration. Thereafter, whenever you want to connect to that server, you only need to enter the following command in the terminal to connect:
ssh cloud
In this way, you can set short and memorable aliases for all frequently used SSH connections, greatly simplifying the connection process.
Setting Up Key Authentication
Key authentication is a more secure authentication method in SSH connections, providing stronger security guarantees compared to traditional password authentication. By using a pair of keys (public and private), users can achieve passwordless login to remote servers. Here are the steps to generate a key pair and install the public key on the remote server:
Generate a Key Pair:
On your local machine, open a terminal and run the
ssh-keygen
command to generate a new pair of keys. Follow the prompts to proceed, and a key pair will be created using the default settings (an RSA key pair, 2048 bits long) and saved to~/.ssh/id_rsa
(private key) and~/.ssh/id_rsa.pub
(public key).ssh-keygen
Copy the Public Key to the Remote Server:
Use the
ssh-copy-id
command to copy the local public key~/.ssh/id_rsa.pub
to the remote host’s~/.ssh/authorized_keys
file for passwordless authentication. Utilize the connection alias we set earlier (cloud
):ssh-copy-id cloud
After executing this command, you will be prompted to enter the remote server’s user password. Once the password is entered, the local public key will be automatically added to the corresponding user’s
~/.ssh/authorized_keys
file on the remote host, allowing future logins through key authentication.Verify Passwordless Login:
After copying the public key, we can try to login to the remote server without a password to verify the setup is successful.
ssh cloud
If everything is set up correctly, you should be able to log in to the remote server directly without entering a password.
Through these steps, we have successfully set up key authentication for SSH connections. This method not only enhances security but also improves the convenience of using SSH to connect to remote servers.
Using SCP to Transfer Files
SCP is a tool for securely transferring files between a local and a remote host, providing secure encrypted transfer via the SSH protocol. The default port number is also 22, and the -P
option can be used to specify the SSH connection port. The -r
option allows for recursive transfer of directories and their contents.
Uploading Files or Directories to a Remote Host
Full Command to Upload Files:
Upload a local file
/path/to/local/file
to the remote server’s/path/to/remote/
, assuming the port number2222
:scp -P 2222 /path/to/local/file user@remote:/path/to/remote/
Full Command to Upload Directories:
scp -P 2222 -r /path/to/local/dir user@remote:/path/to/remote/
Using SSH Alias to Upload Files:
If you configured an alias for the remote host in the
~/.ssh/config
file as described above (e.g.,cloud
), you can directly use this alias to simplify the command:scp /path/to/local/file cloud:/path/to/remote/
Using SSH Alias to Upload Directories:
scp -r /path/to/local/dir cloud:/path/to/remote/
Downloading Files from a Remote Host
Full Command to Download Files:
Download a file from the remote server to local:
scp -P port user@remote:/path/to/remote/file /path/to/local/
Full Command to Download Directories:
scp -P port -r user@remote:/path/to/remote/dir /path/to/local/
Using SSH Alias to Download Files:
scp cloud:/path/to/remote/file /path/to/local/
Using SSH Alias to Download Directories:
scp -r cloud:/path/to/remote/dir /path/to/local/
Default Paths
Remote Default Path: If the remote path is not specified, SCP defaults to using the remote host’s home directory (
~
) as the base path.For example, uploading the
file
from the current directory to the remote host’s~/dir/
:scp file cloud:dir/
Transferring Directories: For example, transferring the
dir
directory from the current directory to the remote host’s home directory:scp -r dir cloud:
With these basic commands, you can flexibly use SCP to transfer files and directories between the local and remote hosts while ensuring the security of the transfer process.