How to use OpenSSH

0 comment 11 minutes read

The Secure Shell (SSH) protocol uses cryptography to make a secure link between a client and a server. The ssh client makes it possible to connect to an SSH server on a remote machine in a safe way. You can send commands to the server, set up an X11 tunnel, forward ports, and more through this safe channel.

OpenSSH is the most widely used SSH client, but there are many others, both free and paid, that can be used as well. It works with a lot of different systems, like Linux, OpenBSD, Windows, and macOS.

In this article, you will learn how to use the OpenSSH command-line client (ssh) to log into a remote machine and do several things on it.

Installing OpenSSH Client

The terminal can run the OpenSSH client application ssh. Along with ssh, the OpenSSH client package includes scp and sftp.

on Linux

The majority of Linux distributions come with the OpenSSH client installed by default. You can use your distribution’s package management to install the ssh client if it isn’t already on your system.

on Ubuntu and Debian

sudo apt update
sudo apt install openssh-client

on CentOS and Fedora

sudo dnf install openssh-clients

on Windows 10

The majority of Windows users connect to distant machines using SSH using Putty. The most recent iterations of Windows 10 do, however, come with an OpenSSH client and server. Both packages can be installed using PowerShell or the GUI.

Write the following command to discover the precise name of the OpenSSH package:

Get-WindowsCapability -Online | ? Name -like 'OpenSSH*'

This is the kind of result you should get from the command:

Name  : OpenSSH.Client~~~~
State : NotPresent
Name  : OpenSSH.Server~~~~
State : NotPresent

The package can be installed once its name has been determined by typing:

You Might Be Interested In
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~

If all goes well, the result will look like this:

Path          :
Online        : True
RestartNeeded : False

Installing OpenSSH Client on macOS

OpenSSH client is installed on macOS by default.

How to Use the ssh Command

To log into a remote machine using SSH, you must meet the following requirements:

  1. On the remote machine, an SSH server must be running.
  2. The remote machine’s firewall must have the SSH port open.
  3. You must know the remote account’s username and password. For remote login, the account needs to have the rights it needs.

The ssh command has this basic syntax:

ssh [OPTIONS] [[email protected]]:HOST

To use the ssh command, launch Terminal or PowerShell and enter ssh followed by the remote hostname:


When you initially connect to a remote machine using SSH, you will see the notice shown below.

The authenticity of host ' (' can't be established.
ECDSA key fingerprint is SHA256:Vybt22mVXuNuB5unE++yowF7lgA/9/2bLSiO3qmYWBY.
Are you sure you want to continue connecting (yes/no)?

The /.ssh/known hosts file contains a fingerprint for each host.

If you want to save the remote fingerprint, enter your password after you press agree.

Warning: Permanently added '' (ECDSA) to the list of known hosts.
[email protected]'s password:

Once you enter the password, you will be logged into the remote machine.

You Might Be Interested In

When the username is not given, the ssh command uses the current system login name.

To log in as a different user, specify the username and the host in the following format:

ssh [email protected]

The username can also be specified with the -l option:

ssh -l username hostname

By default, when no port is given, the SSH client will try to connect to the remote server on port 22. On some servers, administrators are changing the default SSH port to add an extra layer of security to the server by reducing the risk of automated attacks.

To connect on a non-default port, use the -p option to specify the port:

ssh -p 5522 [email protected]

If you are experiencing authentication or connection issues, use the -v option to tell ssh to print debugging messages:

ssh -v [email protected]

To increase the level of verbosity, use -vv or -vvv.

The ssh command accepts a number of options.

For a complete list of all options read the ssh man page by typing man ssh in your terminal.

You Might Be Interested In

SSH Config File

If you are connecting to multiple remote systems over SSH on a daily basis, you’ll find that remembering all of the remote IP addresses, different usernames, non-standard ports, and various command-line options is difficult, if not impossible.

The OpenSSH client reads the options set in the per-user configuration file (~/.ssh/config). In this file, you can store different SSH options for each remote machine you connect to.

A sample SSH config is shown below:

Host dev
User pcplanet
Port 4422

When you type ssh xyz to start the ssh client, it will read the /.ssh/config file and use the connection information for the dev host. ssh xyz is the same as the following in this case:

ssh -p 4422 [email protected]

For more information, check the article on SSH config file .

Public Key Authentication

Several ways of proving your identity can be used with the SSH protocol.

The public key-based authentication system lets you log in to the remote server without having to type in your password.

For this method to work, a pair of cryptographic keys that are used for authentication must be made. The client device stores the private key, and the public key is sent to each remote server where you want to log in. The remote server needs to be set up to accept authentication with a key.

If you don’t already have an SSH key pair on your local machine, you can make one by typing:

You Might Be Interested In
ssh-keygen -t rsa -b 4096 -C "[email protected]"

A password or passphrase will be required. It’s up to you if you want to use a passphrase or not.

If you already have your key pair and the remote server’s public key:

ssh-copy-id [email protected]

The public key will be added to the remote user authorized keys file after the remote user password is entered.

You won’t need to enter a password to access the remote server once the key has been uploaded.

Setting up key-based authentication will make login easier and boost server security in general.

Port Forwarding

An encrypted SSH connection between a client and server system is possible with the help of SSH tunneling or SSH port forwarding.

SSH forwarding is helpful for accessing geo-restricted content, getting through intermediary firewalls, and transmitting network data for services like VNC or FTP that use an unencrypted protocol. In essence, you can tunnel communication over any TCP port using a secure SSH connection.

SSH port forwarding comes in three different varieties:

Local Port Forwarding

A connection initiated on a client host can be forwarded to an SSH server host and from there to the desired host port using local port forwarding.

You Might Be Interested In

To have the ssh client construct a local port forwarding, you must use the -L option.


By default, the ssh command will prompt for a remote command to perform, but you can tell it not to do so using the -f and -N options.

Remote Port Forwarding

In contrast to local port forwarding, remote port forwarding occurs through a network. The port on the server host is forwarded to the port on the client host, and then on to the port on the destination host.

With the -R option, ssh is instructed to open a forwarded port on a remote host.


Dynamic Port Forwarding

In order to facilitate communication over many ports, a SOCKS proxy server is set up automatically when dynamic port forwarding is enabled.

Use the ssh client’s -D option to set up dynamic port forwarding (SOCKS):

ssh -D [LOCAL_IP:]LOCAL_PORT  -N -f [email protected]


To establish an SSH connection to a remote server, use ssh followed by the remote username and hostname (ssh [email protected]).

In order to administer remote servers, familiarity with the ssh command is required.

Just post a remark below if you have any inquiries.

You Might Be Interested In

Leave a Comment

Copyright @2022-2023 All Right Reserved – PCPlanet

Adblock Detected

The only intrusive ad here is the google vignette, help support me by disabling your adblocker.