1. Overview

As more and more sensitive information is transmitted across the Internet, the need for secure, encrypted connections between servers rises.

In this tutorial, we’ll learn about ssh, a protocol and set of tools that provides secure, encrypted communication between servers.

Notably, all commands shown here are tested using Bash. However, they should work with any POSIX-compliant terminal.

2. Configuration

Almost all Unix- and Linux-based operating systems (including macOS) provide a pre-configured ssh client. On the Microsoft Windows operating system, we can use something like PuTTY or git-bash for Windows to install ssh.

The nice thing about SSH is that we don’t usually need to do anything else for traffic to be encrypted. By default, ssh uses the Diffie-Hellman key exchange to negotiate and swap cryptographic keys and subsequently chooses an encryption algorithm for us.

So, once we have ssh on our machine, we can simply start connecting.

3. Accessing a Remote Host

A common use for SSH is connecting to a remote server.

For instance, let’s connect to the host remote-server.com with user my-userid:

$ ssh [email protected]

After we enter the password for the user on the remote host, that remote host provides a terminal where we can execute commands as if we were using a shell on the local host.
Also, as usual, we can refer to the remote system with a top-level domain, an IP address, or a host alias.

4. Port Forwarding

One very useful feature of SSH is port forwarding, which enables connecting to a local port that relays the connection to a remote system. What’s more, the remote system can further serve as a proxy for connections to another machine. This can be in the local network of the remote host or yet another Internet SSH server.

To enable this type of forwarding tunnel, we use the -L option:

$ ssh -L 8888:localhost:8080 [email protected] 

In this example, localhost:8080 is relative to the remote system remote-server.com. In other words, if we access the local port 8888, we actually make a request to port 8080 of remote-server.com as represented by localhost.
To access a port on a different system available to the remote system remote-server.com, we replace localhost respectively:

ssh -L 8888:another-remote-server.com:8080 [email protected] 

Here, the local connection to port 8888 is relayed across a secure channel to the 8080 port of the another-remote-server.com system which is available to the remote-server.com system.

Further, by using the -R option, we can also do reverse port forwarding, enabling the remote system to access ports and hosts on the local network.

Again, when leveraging port forwarding, we can refer to the remote or local systems with top-level domains, IP addresses, or host aliases defined on the remote host.

5. Remote Commands

If we don’t need a shell and just want to execute a single command, we can just provide the path to that command on the remote system:

$ ssh [email protected] /usr/local/bin/some-command

Thus, we run /usr/local/bin/some-command on remote-server.com in a non-interactive session. As usual, the output displays any stderr or stdout message in the local terminal, and the command terminates the connection when it completes execution.

Further, any strings we append after the command or its path are treated as command-line arguments to the remote command, not ssh.

6. X11

Many programs on Unix- and Linux-based systems use a graphical user interface (GUI) compatible with the X Window System.

If X11 runs on a remote system, we can use -X to show the same interface locally via SSH:

$ ssh -X [email protected]

This way, the remote GUI is also forwarded along with or instead of a shell.

7. Copying Files

In addition to local-to-remote connections and command execution, we can use an encrypted channel to copy files.

There are a few programs that provide this ability.

7.1. SFTP

One protocol that enables copying through a secure tunnel is SFTP, a secure version of FTP. To use it, we just connect using the sftp command:

$ sftp [email protected]

Once we see a prompt, we can enter commands similar to those for FTP.

Before SSH, the File Transfer Protocol (FTP) was the standard for file transfers from one system to another. However, FTP is now mostly deprecated due to its plain text transfers and general lack of built-in security.

7.2. SCP

Another program we can use is scp, which provides secure copying to a remote server:

$ scp ./my-local-file.txt [email protected]

We can also use scp to copy files from the remote server to the local host:

$ scp [email protected]:my-remote-file.txt ./my-local-copy-of-my-remote-file.txt

This is usually the standard way of copying files through an SSH tunnel.

7.3. rsync

Finally, the rsync command much like scp and ftp can copy files from the local host to a remote server:

$ rsync ./my-local-file.txt [email protected]:/

It can also copy files back from the remote server:

$ rsync [email protected]:/my-remote-file.txt ./my-local-copy-of-my-remote-file.txt

Generally, rsync is faster than sftp and scp.

8. Conclusion

In this article, we explored how SSH can provide secure communication under many different circumstances.

First, we checked the basic configuration. After that, we turned to simple connections. Next, we discussed port forwarding. Then, we showed examples of remote command execution. Later, we saw an example of GUI relaying. Finally, we talked about file transfers via SSH.


« 上一篇: Linux read 命令指南