BestHub
Sign in
Operations 15 min read

Essential SSH Commands and Configuration Guide for Linux and Windows

This article provides a comprehensive guide to installing, configuring, and using SSH on Linux and Windows, covering common connection commands, key management, file transfer, port forwarding, service control, security best practices, and troubleshooting tips for reliable remote access.

Raymond Ops
Raymond Ops
Raymond Ops
Essential SSH Commands and Configuration Guide for Linux and Windows

Common SSH Commands

SSH Installation (Ubuntu)

sudo apt update # update repository
sudo apt install openssh-server # install OpenSSH server
vi /etc/ssh/sshd_config # edit configuration, uncomment port=22
sudo service ssh restart # restart service

1. SSH Connection Commands

# Basic connection
ssh username@hostname

# Connect to a non‑standard port
ssh -p 2222 username@hostname

# Use a private key for authentication
ssh -i /path/to/private_key username@hostname

2. SSH Key Management

# Generate an RSA key pair (4096‑bit)
ssh-keygen -t rsa -b 4096

# Copy the public key to the remote server
ssh-copy-id username@hostname

# View known hosts
cat ~/.ssh/known_hosts

3. SSH File Transfer (scp)

# Download a file from the server
scp username@servername:/path/filename /var/www/local_dir

# Upload a local file to the server
scp /path/filename username@servername:/path

# Recursively download a directory
scp -r username@servername:/var/www/remote_dir/ /var/www/local_dir

# Recursively upload a directory
scp -r local_dir username@servername:remote_dir

4. SSH Port Forwarding

# Local port forwarding
ssh -L local_port:target_host:target_port username@hostname

# Remote port forwarding
ssh -R remote_port:target_host:target_port username@hostname

# Dynamic (SOCKS) forwarding
ssh -D local_port username@hostname

# Common options
-L [local_ip:]local_port:target_ip:target_port   # local forwarding
-R [remote_ip:]remote_port:target_ip:target_port # remote forwarding
-D [local_ip:]local_port                       # dynamic forwarding
-N   # do not execute remote command (used for forwarding only)
-f   # run in background
-C   # enable compression
-q   # quiet mode
-v   # verbose (debug)
-4   # force IPv4
-6   # force IPv6
-p <port>   # specify server port
-i <key>    # specify private key file

5. SSH Configuration Management

# Edit user‑level configuration
vim ~/.ssh/config

# Example entry
Host myserver
    HostName hostname
    User username
    Port 2222
    IdentityFile ~/.ssh/id_rsa

Comparison of Common Uses

Security

Password login: convenient but less secure

Key‑based login: more secure and recommended

Transfer Method scp: simple, suitable for occasional transfers rsync: supports incremental sync, better for large or frequent transfers

Port Forwarding

Local forwarding – access remote internal services

Remote forwarding – allow remote access to local services

Dynamic forwarding – create a SOCKS proxy

Connection Management

One‑off connections – use directly

Frequent connections – configure

~/.ssh/config

Usage Recommendations

Prefer key‑based authentication.

Change the default port 22 for critical servers.

Configure frequent connections in ~/.ssh/config.

Use rsync instead of scp for large file transfers.

Protect private key files carefully.

Managing SSH Service on Ubuntu

Installation

sudo apt update
sudo apt install openssh-server

Service Control Methods

Traditional service command

# start
sudo service ssh start
# stop
sudo service ssh stop
# restart
sudo service ssh restart
# status
sudo service ssh status
/etc/init.d

scripts

# start
sudo /etc/init.d/ssh start
# stop
sudo /etc/init.d/ssh stop
# restart
sudo /etc/init.d/ssh restart
# status
sudo /etc/init.d/ssh status

Systemd systemctl (modern)

# start
sudo systemctl start sshd
# stop
sudo systemctl stop sshd
# restart
sudo systemctl restart sshd
# status
sudo systemctl status sshd

Directly start the daemon

# start daemon
sudo /usr/sbin/sshd
# start with a specific config file
sudo /usr/sbin/sshd -f /path/to/sshd_config

Service Names by Distribution

Ubuntu/Debian – service name ssh CentOS/RHEL – service name

sshd

Common Administrative Tasks

Use systemctl on modern systems (it wraps service).

Traditional /etc/init.d scripts are still supported.

Directly launching sshd is mainly for debugging.

Configuration File

# Main configuration file
sudo vim /etc/ssh/sshd_config

# Typical settings
Port 22                # SSH port
PermitRootLogin no     # Disallow root login
PasswordAuthentication yes  # Allow password auth (set to no for key‑only)

Checking Service Status

# Verify SSH process is running
ps aux | grep ssh

# Check if SSH port is listening
sudo netstat -tulpn | grep ssh

# Verify firewall allows SSH
sudo ufw status

Firewall Configuration

# Allow default SSH port
sudo ufw allow ssh

# Allow a custom port (e.g., 2222)
sudo ufw allow 2222/tcp

Troubleshooting

Service fails to start

# View detailed logs
sudo journalctl -u ssh
# Test configuration syntax
sudo sshd -t

Permission issues

# Fix directory permissions
sudo chmod 755 /etc/ssh
# Fix private key permissions
sudo chmod 600 /etc/ssh/ssh_host_*_key
# Fix public key permissions
sudo chmod 644 /etc/ssh/ssh_host_*_key.pub

Security Recommendations

Basic hardening:

PermitRootLogin no
PasswordAuthentication no
MaxAuthTries 3
Protocol 2

Use key‑based authentication:

# Generate key pair on client
ssh-keygen -t rsa -b 4096
# Copy public key to server
ssh-copy-id username@server_ip

Maintenance Commands

View current SSH connections

who
w
# View SSH login logs
sudo cat /var/log/auth.log | grep ssh

Backup configuration file

sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.backup

After modifying the SSH configuration, restart the service to apply changes:

sudo systemctl restart ssh

SSH Connection Timeout Issue

To keep idle SSH connections alive, add the following to ~/.ssh/config (or use the command‑line options):

Host *
    ServerAliveInterval 60   # send a keep‑alive every 60 seconds
    ServerAliveCountMax 3    # abort after 3 unanswered keep‑alives

Alternatively, specify the options directly when connecting:

ssh -o ServerAliveInterval=60 -o ServerAliveCountMax=3 user@remote-server

Closing Background SSH Connections on Windows (‑Nf)

Task Manager – locate ssh.exe and end the process.

PowerShell – Get-Process ssh | Stop-Process or taskkill /F /IM ssh.exe.

Git Bash – ps aux | grep ssh then kill <PID>.

When using -Nf, you can store the process ID for later termination:

ssh -Nf ... &
 echo $! > ssh_pid.txt

Or create batch files to start and stop the tunnel:

@echo off
rem start_ssh.bat
ssh -Nf ... & echo %ERRORLEVEL% > ssh_pid.txt

rem stop_ssh.bat
for /f %%i in (ssh_pid.txt) do taskkill /PID %%i /F
 del ssh_pid.txt
Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

NetworkingWindowsSystem Administration
Raymond Ops
Written by

Raymond Ops

Linux ops automation, cloud-native, Kubernetes, SRE, DevOps, Python, Golang and related tech discussions.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment