Chapter 38: Bash Remote Connect (ssh)
Bash Remote Connect (ssh) — the ssh command, which stands for Secure SHell.
This is probably the most powerful and most used remote access tool in the entire world of Linux, servers, cloud, DevOps, and development. In 2026, almost every VPS (like DigitalOcean, AWS EC2, Linode, Hetzner), every Git server, every Raspberry Pi at home, every company server — they all use SSH to let you connect safely from your laptop in Hyderabad.
Think of ssh like this: Your laptop is in your room in Hyderabad. A server is in a data center in Bangalore / Mumbai / USA / Germany. ssh opens a secure, encrypted tunnel through the internet so you can sit in your room and control that far-away computer as if you were physically sitting in front of it.
No mouse, no desktop — just a black terminal window, but you can run any command, edit files, restart services, install software — everything!
What SSH Really Does (Simple English)
- Encrypts everything you type/send (passwords, commands, output) — nobody in between (on public WiFi, ISP) can spy.
- Lets you log in with password (easy but less safe) or SSH keys (super safe, no password typing).
- Gives you a full remote shell (like opening a new terminal on that machine).
- Can run single commands without full login.
- Can forward ports, copy files (with scp), even tunnel traffic.
Step 1: Basic Connection (The Most Important Command)
Syntax:
|
0 1 2 3 4 5 6 |
ssh username@hostname_or_ip |
Real examples:
|
0 1 2 3 4 5 6 7 8 9 |
ssh webliance@192.168.1.100 # local network Raspberry Pi ssh ubuntu@123.45.67.89 # AWS EC2 public IP ssh root@my-server.example.com # domain name ssh devuser@server.webliance.in # your own domain |
What happens first time:
- You see a warning like:
|
0 1 2 3 4 5 6 7 8 |
The authenticity of host '123.45.67.89' can't be established. ECDSA key fingerprint is SHA256:xxxxxxxxxxxxxxxxxxxxxxxxxxxx. Are you sure you want to continue connecting (yes/no/[fingerprint])? |
→ Type yes → it adds the server’s fingerprint to your ~/.ssh/known_hosts (so next time no warning).
- Then it asks for password (if no key setup):
|
0 1 2 3 4 5 6 |
webliance@123.45.67.89's password: |
Type password → Enter → you’re in!
Now your prompt changes:
|
0 1 2 3 4 5 6 |
webliance@my-server:~$ |
→ You are now on the remote server! Run pwd, ls, whoami, uptime — all commands run there.
To exit → type exit or press Ctrl+D.
Step 2: Common & Very Useful Options (Flags)
| Flag | Meaning | Example Command | When to use |
|---|---|---|---|
| -p | Custom port (default is 22) | ssh -p 2222 user@host | Server uses non-standard port (security) |
| -i | Use specific private key | ssh -i ~/.ssh/mykey user@host | Multiple keys or non-default name |
| -v / -vv / -vvv | Verbose (debug) | ssh -vvv user@host | Connection fails → see why |
| -X | Enable X11 forwarding | ssh -X user@host → then run firefox | See GUI apps remotely (slow) |
| -L | Local port forwarding | ssh -L 8080:localhost:80 user@host | Tunnel web server to your laptop |
| -R | Remote port forwarding | ssh -R 2222:localhost:22 user@host | Reverse tunnel |
| -N | No remote command (tunnel only) | ssh -N -L 5432:db.internal:5432 user@host | Pure tunnel (no shell) |
| -f | Fork to background | ssh -f -N -L … | Run tunnel in background |
| -o | Custom option | ssh -o ServerAliveInterval=60 user@host | Keep connection alive |
Most useful daily combo:
|
0 1 2 3 4 5 6 |
ssh -i ~/.ssh/id_rsa_dev -p 2222 webliance@server.example.com |
Step 3: Passwordless Login – SSH Keys (The Best Way – Do This!)
Passwords are okay for learning, but keys are 100× safer and faster.
- Generate key pair on your laptop (once!):
|
0 1 2 3 4 5 6 7 |
ssh-keygen -t ed25519 -C "your_email@example.com" # or older: ssh-keygen -t rsa -b 4096 |
Press Enter for defaults → it creates:
- ~/.ssh/id_ed25519 → private key (keep secret!)
- ~/.ssh/id_ed25519.pub → public key (share this)
- Copy public key to server (easiest way):
|
0 1 2 3 4 5 6 7 8 |
ssh-copy-id webliance@123.45.67.89 # or manual: cat ~/.ssh/id_ed25519.pub | ssh user@host "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys" |
- Now connect — no password!
|
0 1 2 3 4 5 6 |
ssh webliance@123.45.67.89 |
→ Instant login!
Step 4: Run Single Command Without Full Shell
Super useful in scripts:
|
0 1 2 3 4 5 6 7 8 |
ssh user@host "uptime" ssh user@host "df -h" ssh user@host "sudo apt update && sudo apt upgrade -y" |
Multiple commands:
|
0 1 2 3 4 5 6 |
ssh user@host "cd /var/www && git pull && systemctl restart nginx" |
Step 5: Practice Safely Right Now (If You Have a Server or VM)
If you don’t have a remote server yet:
- Install VirtualBox + Ubuntu VM on your laptop
- Or use free trial VPS (DigitalOcean $200 credit, AWS free tier)
- Or practice syntax with dry-run: just read, don’t run dangerous commands
Safe local test (if you have ssh server on same machine):
|
0 1 2 3 4 5 6 7 8 |
# Install openssh-server if needed: sudo apt install openssh-server ssh localhost # or ssh 127.0.0.1 |
Quick Summary Table
| What you want | Command Example | Pro Tip |
|---|---|---|
| Basic login | ssh user@host | First time: type yes |
| Custom port | ssh -p 2222 user@host | Change default 22 for security |
| Use key | ssh -i ~/.ssh/mykey user@host | Safer than password |
| Passwordless setup | ssh-keygen → ssh-copy-id user@host | Do this once! |
| Run one command | ssh user@host “ls -la /var/log” | Great for automation |
| Keep alive (no timeout) | ssh -o ServerAliveInterval=60 user@host | Long sessions |
| Debug connection | ssh -vvv user@host | When “connection refused” |
Got it, boss? SSH is the door to every server in the world — master it and you can control clouds, websites, bots, everything from your Hyderabad laptop.
Any confusion? Want next: “Teacher, explain scp (copy files over ssh)” or “how to setup ssh config file” or “port forwarding examples” or “ssh vs mosh”?
Tell me — teacher is ready! Practice safely, never share private key, and keep your servers updated. 🐧🔑🌍 From Hyderabad! 😄
