Mastering SSH + tmux: The Ultimate Linux Ops Workflow

What is SSH?

SSH (Secure Shell) is the encrypted replacement for telnet, providing secure remote login, file transfer, and port forwarding. The client program is ssh (OpenSSH‑client) and the server daemon is sshd (OpenSSH‑server).

SSH configuration files

Two main files are used:

Client: ~/.ssh/config Server: /etc/ssh/sshd_config Key server parameters include:

Port – default 22; changing to e.g. 2222 hides the service.

PermitRootLogin – set to no or prohibit-password to block root password logins.

PasswordAuthentication – switch to no after enabling key authentication.

PubkeyAuthentication – must be yes.

MaxAuthTries – reduce from 6 to 3.

LoginGraceTime – timeout in seconds (default 120).

ClientAliveInterval and ClientAliveCountMax – heartbeat settings to drop idle sessions.

AllowUsers – whitelist specific users, often paired with DenyUsers.

Password‑less (key‑based) login

Generate a key pair locally and copy the public key to the server: ssh-keygen -t ed25519 -C "[email protected]" Recommended algorithm: ed25519 (faster and more secure than RSA). ssh-copy-id user@remote-server This adds the public key to ~/.ssh/authorized_keys on the server. ssh user@remote-server Subsequent connections no longer require a password.

Alias a host in ~/.ssh/config for convenience:

Host myserver
HostName 192.168.1.100
User root
Port 2222
IdentityFile ~/.ssh/id_ed25519

Then connect with ssh myserver.

SSH port forwarding

Local forwarding (-L)

Forward a remote service to a local port: ssh -L 3307:localhost:3306 dbadmin@remote-server Now localhost:3307 connects to the remote MySQL instance.

Remote forwarding (-R)

Expose a local service on the remote side: ssh -R 9090:localhost:8080 user@public-server Clients accessing public-server:9090 reach the local port 8080.

To allow external access, set GatewayPorts yes in sshd_config.

Dynamic forwarding (-D)

Creates a SOCKS5 proxy on the client: ssh -D 1080 user@remote-server Configure the browser to use 127.0.0.1:1080 and all traffic is tunneled through the SSH server.

Summary of differences:

-L – local forwarding, pulls remote service to local.

-R – remote forwarding, pushes local service to remote.

-D – dynamic forwarding, provides a generic SOCKS5 proxy.

tmux: terminal multiplexer

tmux lets you run multiple terminal windows and panes inside a single SSH session, preserving processes when the connection drops.

Core concepts

Session – top‑level workbench.

Window – tab‑like container inside a session.

Pane – split view inside a window.

Common commands

tmux new -s mywork

tmux ls

tmux attach -t mywork

Detach without terminating: press Ctrl+b then d.

tmux kill-session -t mywork

Pane management

Ctrl+b %

– vertical split. Ctrl+b " – horizontal split. Ctrl+b <arrow> – move focus. Ctrl+b z – toggle zoom. Ctrl+b x – close pane.

tmux configuration

Typical ~/.tmux.conf:

# Change prefix to Ctrl+a
set -g prefix C-a
unbind C-b
bind C-a send-prefix

# Enable mouse support
set -g mouse on

# Windows start at 1
set -g base-index 1

# 256‑color support
set -g default-terminal "screen-256color"

# Increase history limit
set -g history-limit 50000

Reload with :source-file ~/.tmux.conf inside tmux.

Combining SSH and tmux

Long‑running tasks

Start a tmux session after SSH, run the task, detach ( Ctrl+b d). Re‑attach later with tmux attach -t backup.

Collaborative sessions

Multiple users can attach to the same session, seeing each other's commands in real time.

Auto‑enter tmux on login

# In ~/.bashrc
if [ -n "$SSH_CONNECTION" ] && [ -z "$TMUX" ]; then
  tmux attach -t default 2>/dev/null || tmux new -s default
fi

This creates or re‑attaches to a session named default on every SSH login.

Advanced SSH tricks

One‑step jump host

Host inner-server
HostName 10.0.0.50
User admin
ProxyJump jump-host

Now ssh inner-server hops through jump-host automatically.

Connection multiplexing

Host *
ControlMaster auto
ControlPath ~/.ssh/control-%r@%h:%p
ControlPersist 600

Subsequent connections reuse the initial TCP channel, speeding up logins.

SCP shortcuts

# Upload
scp local_file user@remote:/path/
# Download
scp user@remote:/path/file .
# Recursive copy
scp -r local_dir user@remote:/path/

Conclusion

SSH provides encrypted remote access, key‑based login, and versatile port forwarding. tmux adds persistent, multiplexed sessions and collaborative capabilities. Together they form a complete remote‑operations workflow: key‑based SSH → automatic tmux → port forwarding → resilient long‑running tasks.