Master SSH: Essential Commands, Configuration, and Troubleshooting Guide

SSH Common Commands

Installation (Ubuntu)

sudo apt update # update repository
sudo apt install openssh-server # install openssh
vi /etc/ssh/sshd_config # edit config, uncomment port=22
sudo service ssh restart # restart service

1. SSH connection commands

# Basic connection
ssh username@hostname

# Specify port
ssh -p 2222 username@hostname

# Use key
ssh -i /path/to/private_key username@hostname

2. SSH key management

# Generate key pair
ssh-keygen -t rsa -b 4096

# Copy public key to remote
ssh-copy-id username@hostname

# View known hosts
cat ~/.ssh/known_hosts

3. File transfer with scp

# Download file
scp username@servername:/path/filename /local/dir

# Upload file
scp /local/file username@servername:/remote/dir

# Recursive copy
scp -r username@servername:/remote/dir /local/dir
scp -r /local/dir username@servername:/remote/dir

4. Port forwarding

# Local forwarding
ssh -L local_port:target_host:target_port username@hostname

# Remote forwarding
ssh -R remote_port:target_host:target_port username@hostname

# Dynamic (SOCKS) forwarding
ssh -D local_port username@hostname

# Common options
-L [local_ip:]local_port:target_ip:target_port
-R [remote_ip:]remote_port:target_ip:target_port
-D [local_ip:]local_port
-N   # no remote command
-f   # background
-C   # compression
-q   # quiet
-v   # verbose
-p port   # server port
-i key    # private key file

5. SSH configuration management

vim ~/.ssh/config
# Example:
Host myserver
    HostName hostname
    User username
    Port 2222
    IdentityFile ~/.ssh/id_rsa

Comparison of common uses

Security : password login is convenient but less secure; key login is more secure and recommended.

Transfer method : scp simple for occasional transfers; rsync supports incremental sync for large data.

Port forwarding : local forwarding accesses remote internal services; remote forwarding lets remote access local services; dynamic creates SOCKS proxy.

Connection management : one‑off connections vs persistent config file for frequent servers.

Recommendations

Prefer key‑based authentication.

Change default port 22 for important servers.

Use a config file for frequently accessed hosts ( ~/.ssh/config).

For large file transfers use rsync instead of scp.

Protect private key files.

Ubuntu SSH service management

Installation

sudo apt update
sudo apt install openssh-server

Service control (traditional)

sudo service ssh start
sudo service ssh stop
sudo service ssh restart
sudo service ssh status

/etc/init.d script

sudo /etc/init.d/ssh start
sudo /etc/init.d/ssh stop
sudo /etc/init.d/ssh restart
sudo /etc/init.d/ssh status

systemd (systemctl)

sudo systemctl start sshd
sudo systemctl stop sshd
sudo systemctl restart sshd
sudo systemctl status sshd

Direct sshd execution

sudo /usr/sbin/sshd
sudo /usr/sbin/sshd -f /path/to/sshd_config

Service name differs: Ubuntu/Debian uses ssh, CentOS/RHEL uses sshd.

Configuration file

sudo vim /etc/ssh/sshd_config
# Example settings
Port 22
PermitRootLogin no
PasswordAuthentication yes

Check service status

ps aux | grep ssh
sudo netstat -tulpn | grep ssh
sudo ufw status

Firewall

sudo ufw allow ssh
sudo ufw allow 2222/tcp

Common issues

Service fails to start : check logs with journalctl -u ssh and syntax with sshd -t.

Permission problems : ensure correct permissions on /etc/ssh and key files.

Security hardening

# Edit /etc/ssh/sshd_config
PermitRootLogin no
PasswordAuthentication no
MaxAuthTries 3
Protocol 2

Keep SSH connections alive

Add to ~/.ssh/config:

Host *
    ServerAliveInterval 60
    ServerAliveCountMax 3

Or use client options -o ServerAliveInterval=60 -o ServerAliveCountMax=3 or server settings ClientAliveInterval 60 and ClientAliveCountMax 3.