How to connect to an ssh server in Linux

Home > Search > How-to
  by

The ssh command is used to connect to an ssh server. The syntax of the ssh command is ssh user@hostname. Replace user with a user on the SSH server. Replace hostname with the hostname or IP address of the SSH server.

In this example, an ssh connection is made to the "server1.example.com" SSH server as John Doe.

~]# ssh john.doe@server1.example.com

 


Known hosts

Regardless if you are using a password or a public / private key pair for authentication, if the public certificate of the SSH server (server1 in this example) is not listed in the /etc/ssh/ssh_known_hosts or /home/username/.ssh/known_hosts file on the client, a prompt will appear stating The authenticity of host 'hostname (ip address)' can't be established. If you are certain you are connecting to a trusted SSH server, type yes and press enter.

~]# ssh john.doe@server1.example.com
The authenticity of host 'server1 (192.168.0.5)' can't be established
DSA key fingerprint is BB37 83F2 5E3A 7A4C 6C84  F047 D97B DD4E 38BB 2082
Are you sure you want to continue connecting (yes/no)?

 

A message appears stating Permanently added 'hostname' (protocol) to the list of known hosts is displayed. 

Warning: Permanently added 'server1' (DSA) to the list of known hosts.

 

The prior message means that the public certificate of the SSH server was added to the /home/username/.ssh/known_hosts file on the client. The /home/username/.ssh/known_hosts file will contain the hostname and public certificate of the SSH server.

~]# cat /home/username/.ssh/known_hosts
server1 dsa-sha2-nistp256 AAAAASKVndklvjMAPALKJnasdasldfkjaAAODHFAKa=

 

Once the public certificate of the SSH server has been added to /home/username/.ssh/known_hosts, the next time you connect to the SSH server, the prior prompts will no longer appear, because the client now trusts the SSH server. Or, more specifically, in the SSH connection, the client will send the public certificate to the SSH server. As long as the SSH server still has the private key that is matematically related to the public certificate, the connection will be considered trusted. This can be seen using the -v (verbose) flag.

~]# ssh john.doe@server1.example.com -v
Server host key: 
Host 'server1.example.com' is known and matches the ECDSA host key.
Found key in /home/username/.ssh/known_hosts
ssh_ecdsa_verify: signature correct

 

When there are numerous users on the client machine that will be connecting to the SSH server, it is preferable to add public certificate to the /etc/ssh/ssh_known_hosts file. The /etc/ssh/ssh_known_hosts file is a system-wide file that applies to all users on the system. The paste command can be used to copy the contents of the /home/username/.ssh/known_hosts file into the /etc/ssh/ssh_known_hosts file. 

~]# paste -s -d '\N' /home/username/.ssh/known_hosts >> /etc/ssh/ssh_known_hosts
server1 dsa-sha2-nistp256 AAAAASKVndklvjMAPALKJnasdasldfkjaAAODHFAKa=

 


Password authentication

If the SSH server is configured to use password authentication, there will be a prompt to enter the password.

~]# ssh john.doe@server1.example.com
john.doe@server1 password: 

 

After entering the password, you will be connected to the SSH server. Once connected, the hostname command can be used to verify that you are connected to the SSH server. The hostname of the SSH server should be displayed (server1 in this example).

~]# hostname
server1

 

As long as the password entered is valid, the connection should be successful, and the last login date and time should be displayed. Also included will be the hostname of the host machine (server1.example.com in this example). 

Last login: Thu Jan 26 13:05:01 2017 from server1.example.com

 


Public / private key pair authenticaiton

If you do not specify the private key that should be used, by default, SSH will attempt certain default private keys. The ssh command with the -v (verbose) option will display the default private keys. Ssh-keygen can be used to create the private key.

~]# ssh -v john.doe@server1.example.com
. . .
debug1: Trying private key: .ssh/id_rsa
debug1: Trying private key: .ssh/id_dsa
debug1: Trying private key: .ssh/id_ecdsa
debug1: Trying private key:.ssh/id_ed25519

 

Or, the -i option followed by your private key can be used.

~]# ssh -i myPrivate.key john.doe@server1.example.com

 

If the public / private key pair has a passphrase, there will next be a prompt to enter the passphrase of the public / private key pair. Ssh-agent can be used so that you do not need to type the passphrase.

Enter passphrase for key '.ssh/id_dsa':

 

Once the correct passphrase has been entered, you will be connected to the SSH server. The hostname command can be used to verify that you are connected to the SSH server. The hostname of the SSH server should be displayed (server1 in this example).

~]# hostname
server1

 

Use the exit command to disconnect from the SSH server.

~]# exit

 



Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.




Please enter in the box below so that we can be sure you are a human.




Comments