🏠 HomeServersSSH & Remote Access

🔑 SSH & Remote Access

SSH lets you securely control a remote server from your terminal. Learn the essentials here.

🔍
🔑 SSH Fundamentals
Q1What is SSH and how does it work?Intermediate

SSH (Secure Shell) is a cryptographic network protocol for securely operating network services over an unsecured network. It gives you an encrypted terminal session to a remote server.

SSH uses public-key cryptography. You have a key pair: a private key (kept secret on your machine) and a public key (placed on the server). The server verifies your identity using this pair without transmitting your password.

# Basic SSH connection
ssh username@server-ip-address

# SSH on a custom port
ssh -p 2222 username@server-ip

# SSH with a key file
ssh -i ~/.ssh/my_key.pem username@server-ip
💡 SSH runs on port 22 by default. Many admins change it to a non-standard port to reduce automated brute-force attacks.
Q2How do I copy files to/from a server using SSH?Intermediate

Use SCP (Secure Copy Protocol) or rsync — both work over SSH and are encrypted.

# Copy local file TO server
scp myfile.html user@server:/var/www/html/

# Copy file FROM server to local
scp user@server:/var/log/nginx/error.log ./

# Copy entire folder TO server
scp -r ./my-site/ user@server:/var/www/html/

# rsync (smarter — only syncs changed files)
rsync -avz ./my-site/ user@server:/var/www/html/
💡 rsync is better than scp for deploying websites — it only uploads files that have changed, making it much faster for updates.
Q3What are SSH keys and why are they safer than passwords?Intermediate

SSH keys are mathematically linked pairs of cryptographic keys. They're safer than passwords because:

  • Keys are much longer and more complex than any password
  • Private key never leaves your machine — nothing is transmitted to "intercept"
  • Immune to brute-force (can't guess a 2048-bit key)
  • No risk of phishing (there's no password to type on a fake site)
# Generate an SSH key pair
ssh-keygen -t ed25519 -C "your-email@example.com"

# Copy public key to server (enables key-based login)
ssh-copy-id username@server-ip
⚠️ Once you've set up SSH key authentication, disable password authentication on the server in /etc/ssh/sshd_config by setting PasswordAuthentication no.