I'm using the convention here that user settings are written in all caps (like USERNAME
and SERVER
).
Note: Variable SERVER
is either a url or an IP.
- The basic command is
ssh USERNAME@SERVER
. - The default SSH Server Port is 22, but a custom port can be specified like this:
ssh USERNAME@SERVER -p PORT
. - Running Command immediately after connecting:
ssh -t USERNAME@SERVER tmux attach
runstmux attach
command in the server. Note that-t
command allocates a pseudo-terminal (which is required bytmux
). Non-interactive command likels
doesn't need this, so-t
can be omitted.
If the SSH command gives error Corrupted mac on input, then you can specify the correct MACs (Message Authentication Codes) manually
like this: ssh USERNAME@SERVER -m hmac-sha2-512
.
Here a single MAC hmac-sha2-512
is specified, but multiple MACs can be set using comma seperated values. For example:
hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
The RSA Private Key
is stored by default in file ~/.ssh/id_rsa
.
But many people also store it in PEM files - these have the same file format, just the file extension is .pem
.
The location of this Private Key file is specified as: ssh USERNAME@SERVER -i PATH_TO_PEM_FILE
.
Note: If you get the error Permissions for 'private-key' are too open
, then do the following and try again:
- Linux / Mac:
chmod 600 PATH_TO_PEM_FILE
- This makes the current user the file owner with Read & Write permissions, and no permissions for any other non-root user. - Windows: Use the script in this StackOverflow answer to disable inheritance,
make yourself owner and remove all permissions from other users. Make sure to replace the value of
Key
variable in the script with the path to your PEM file.
This is a less secure method than using Public & Private Keys, but is still used by some servers. There are 2 options:
- Connect to server with command
ssh USERNAME@SERVER
. This should show a password prompt. Enter your password here. - Install sshpass and use it like this:
sshpass -p PASSWORD ssh USERNAME@SERVER -p PORT
.
Open ~/.ssh/config
(create it if it doesn't exist) and enter the following in it:
Host USER_GIVEN_CONNECTION_NAME
User USERNAME
IdentityFile PATH_TO_PEM_FILE
HostName SERVER
Port PORT
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
# 1 minute Keep-Alive to avoid unwanted disconnect
ServerAliveInterval 60
Here, only User
and HostName
are required fields, rest are all optional.
Now we can connect to the SSH Server simply with: ssh USER_GIVEN_CONNECTION_NAME
. This is equivalent to entering all the details in
command itself like this:
ssh -o ServerAliveInterval=60 USERNAME@SERVER -p PORT -i PATH_TO_PEM_FILE -m hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
In above example ServerAliveInterval
setting was set to 60. This means that if SSH Connection is left idle for 60 seconds,
then an empty packet will be sent to the SSH server to prevent SSH connection from disconnecting.
Sometimes, an encrypted PEM file may be provided for SSH login. So its passphrase will have to be entered every time when connecting.
This can be inconvinient - see here for how to decrypt PEM file using ssh-keygen -p
so that passphrase doesn't need to be entered!
Note: While doing ssh-keygen -p
, if UNPROTECTED PRIVATE KEY FILE error shows, make the PEM file secure by following this answer.
This can be done using scp
command:
- Download:
scp USERNAME@SERVER:/server/path/to/file /local/path/where/file/to/be/downloaded
- Upload:
scp /local/path/where/file/to/be/uploaded USERNAME@SERVER:/server/path/to/file