The ssh command is used to connect to an ssh server. The syntax of the ssh command is ssh user@hostname. Replace user with a user on the SSH server. Replace hostname with the hostname or IP address of the SSH server.
In this example, an ssh connection is made to the "server1.example.com" SSH server as John Doe.
~]# ssh firstname.lastname@example.org
Regardless if you are using a password or a public / private key pair for authentication, if the public certificate of the SSH server (server1 in this example) is not listed in the /etc/ssh/ssh_known_hosts or /home/username/.ssh/known_hosts file on the client, a prompt will appear stating The authenticity of host 'hostname (ip address)' can't be established. If you are certain you are connecting to a trusted SSH server, type yes and press enter.
~]# ssh email@example.com The authenticity of host 'server1 (192.168.0.5)' can't be established DSA key fingerprint is BB37 83F2 5E3A 7A4C 6C84 F047 D97B DD4E 38BB 2082 Are you sure you want to continue connecting (yes/no)?
A message appears stating Permanently added 'hostname' (protocol) to the list of known hosts is displayed.
Warning: Permanently added 'server1' (DSA) to the list of known hosts.
The prior message means that the public certificate of the SSH server was added to the /home/username/.ssh/known_hosts file on the client. The /home/username/.ssh/known_hosts file will contain the hostname and public certificate of the SSH server.
~]# cat /home/username/.ssh/known_hosts server1 dsa-sha2-nistp256 AAAAASKVndklvjMAPALKJnasdasldfkjaAAODHFAKa=
Once the public certificate of the SSH server has been added to /home/username/.ssh/known_hosts, the next time you connect to the SSH server, the prior prompts will no longer appear, because the client now trusts the SSH server. Or, more specifically, in the SSH connection, the client will send the public certificate to the SSH server. As long as the SSH server still has the private key that is matematically related to the public certificate, the connection will be considered trusted. This can be seen using the -v (verbose) flag.
~]# ssh firstname.lastname@example.org -v Server host key: Host 'server1.example.com' is known and matches the ECDSA host key. Found key in /home/username/.ssh/known_hosts ssh_ecdsa_verify: signature correct
When there are numerous users on the client machine that will be connecting to the SSH server, it is preferable to add public certificate to the /etc/ssh/ssh_known_hosts file. The /etc/ssh/ssh_known_hosts file is a system-wide file that applies to all users on the system. The paste command can be used to copy the contents of the /home/username/.ssh/known_hosts file into the /etc/ssh/ssh_known_hosts file.
~]# paste -s -d '\N' /home/username/.ssh/known_hosts >> /etc/ssh/ssh_known_hosts server1 dsa-sha2-nistp256 AAAAASKVndklvjMAPALKJnasdasldfkjaAAODHFAKa=
If the SSH server is configured to use password authentication, there will be a prompt to enter the password.
~]# ssh email@example.com john.doe@server1 password:
After entering the password, you will be connected to the SSH server. Once connected, the hostname command can be used to verify that you are connected to the SSH server. The hostname of the SSH server should be displayed (server1 in this example).
~]# hostname server1
As long as the password entered is valid, the connection should be successful, and the last login date and time should be displayed. Also included will be the hostname of the host machine (server1.example.com in this example).
Last login: Thu Jan 26 13:05:01 2017 from server1.example.com
Public / private key pair authenticaiton
If you do not specify the private key that should be used, by default, SSH will attempt certain default private keys. The ssh command with the -v (verbose) option will display the default private keys. Ssh-keygen can be used to create the private key.
~]# ssh -v firstname.lastname@example.org . . . debug1: Trying private key: .ssh/id_rsa debug1: Trying private key: .ssh/id_dsa debug1: Trying private key: .ssh/id_ecdsa debug1: Trying private key:.ssh/id_ed25519
Or, the -i option followed by your private key can be used.
~]# ssh -i myPrivate.key email@example.com
If the public / private key pair has a passphrase, there will next be a prompt to enter the passphrase of the public / private key pair. Ssh-agent can be used so that you do not need to type the passphrase.
Enter passphrase for key '.ssh/id_dsa':
Once the correct passphrase has been entered, you will be connected to the SSH server. The hostname command can be used to verify that you are connected to the SSH server. The hostname of the SSH server should be displayed (server1 in this example).
~]# hostname server1
Use the exit command to disconnect from the SSH server.