{"id":13228,"date":"2025-12-16T11:12:29","date_gmt":"2025-12-16T05:42:29","guid":{"rendered":"https:\/\/www.youstable.com\/blog\/?p=13228"},"modified":"2025-12-16T11:12:32","modified_gmt":"2025-12-16T05:42:32","slug":"use-ssh-on-linux","status":"publish","type":"post","link":"https:\/\/www.youstable.com\/blog\/use-ssh-on-linux","title":{"rendered":"How to Use SSH on Linux Server in 2026? &#8211; Secure Access Guide"},"content":{"rendered":"\n<p><strong>SSH (Secure Shell) is the encrypted protocol<\/strong> used to securely access and manage a Linux server from anywhere. <\/p>\n\n\n\n<p><strong>To use SSH on a Linux server<\/strong>, install OpenSSH, ensure the SSH service is running and reachable through the firewall, connect with <code>ssh user@server<\/code>, and secure access with SSH keys, hardened settings, and best practices.<\/p>\n\n\n\n<p>Learning how to use SSH on a Linux server is essential for safe remote administration, deployments, and file transfers. <\/p>\n\n\n\n<p>In this guide, you\u2019ll get a practical, step by step walkthrough from your first SSH connection to key based authentication, hardening, tunnels, and troubleshooting written with hands on server experience to help you work faster and more securely.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"what-is-ssh-and-why-it-matters\"><strong>What is SSH and Why it Matters<\/strong>?<\/h2>\n\n\n\n<p>SSH <strong>(Secure Shell)<\/strong> creates an encrypted channel between your device (client) and a remote Linux server. It replaces insecure protocols like Telnet by protecting passwords, commands, and data in transit. <\/p>\n\n\n\n<p><strong>SSH uses public key cryptography<\/strong>, supports password and key based logins, and enables secure shell access, file transfers, and encrypted tunnels.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"ssh-vs-telnet-and-rdp\"><strong>SSH vs. Telnet and RDP<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Security:<\/strong> SSH encrypts traffic; Telnet does not. RDP is graphical; SSH is command-line.<\/li>\n\n\n\n<li><strong>Use Cases:<\/strong> SSH is ideal for server administration, automation, Git operations, and tunneling.<\/li>\n\n\n\n<li><strong>Portability:<\/strong> SSH clients are built into Linux and macOS; Windows 10+ includes OpenSSH.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"prerequisites-and-quick-start\"><strong>Prerequisites and Quick Start<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"1-ensure-ssh-client-and-server-are-installed\"><strong>1. Ensure SSH Client and Server Are Installed<\/strong><\/h3>\n\n\n\n<p>On most Linux and macOS systems, the OpenSSH client is preinstalled. On servers, install and enable the OpenSSH server package:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Debian\/Ubuntu\nsudo apt update &amp;&amp; sudo apt install -y openssh-server\nsudo systemctl enable --now ssh\n\n# RHEL\/CentOS\/AlmaLinux\/Rocky\nsudo dnf install -y openssh-server\nsudo systemctl enable --now sshd\n\n# Check service\nsystemctl status ssh || systemctl status sshd<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"2-allow-ssh-through-the-firewall\"><strong>2. Allow SSH Through the Firewall<\/strong><\/h3>\n\n\n\n<p>Open TCP port 22 (or your custom port) on the server. Example with UFW (Debian\/Ubuntu):<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ufw allow 22\/tcp\nsudo ufw reload\nsudo ufw status<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n<p><!-- \/wp:post-content --><\/p>\n<p><!-- wp:heading --><\/p>\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"first-connection-password-authentication\"><strong>First Connection: Password Authentication<\/strong><\/h2>\n<p><!-- \/wp:heading --><\/p>\n<p><!-- wp:paragraph --><\/p>\n<p>Connect for the first time using the server\u2019s IP or hostname. Replace <code>user<\/code> with your Linux account (often <code>root<\/code> on fresh VPS, then switch to a sudo user):<\/p>\n<p><!-- \/wp:paragraph --><\/p>\n<p><!-- wp:code --><\/p>\n<pre class=\"wp-block-code\"><code>ssh user@your_server_ip\n# Custom port\nssh -p 2222 user@your_server_ip<\/code><\/pre>\n<p><!-- \/wp:code --><\/p>\n<p><!-- wp:paragraph --><\/p>\n<p>On first connect, SSH asks you to verify the server\u2019s fingerprint (host key). Type <code>yes<\/code> to trust it, and it\u2019s recorded in <code>~\/.ssh\/known_hosts<\/code> to prevent man-in-the-middle attacks. If you later see a changed host key warning, investigate before proceeding.<\/p>\n<p><!-- \/wp:paragraph --><\/p>\n<p><!-- wp:heading --><\/p>\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"set-up-ssh-key-authentication-recommended\"><strong>Set Up SSH Key Authentication (Recommended)<\/strong><\/h2>\n<p><!-- \/wp:heading --><\/p>\n<p><!-- wp:paragraph --><\/p>\n<p>SSH keys enable secure, passwordless login and are far stronger than passwords. Generate a key pair on your local machine, then install the public key on the server.<\/p>\n<p><!-- \/wp:paragraph --><\/p>\n<p><!-- wp:heading --><\/p>\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"generate-a-key-pair\"><strong>Generate a Key Pair<\/strong><\/h3>\n<p><!-- \/wp:heading --><\/p>\n<p><!-- wp:code --><\/p>\n<pre class=\"wp-block-code\"><code># Modern, fast, secure:\nssh-keygen -t ed25519 -C \"your_email@example.com\"\n\n# If your environment requires RSA:\nssh-keygen -t rsa -b 4096 -C \"your_email@example.com\"<\/code><\/pre>\n<p><!-- \/wp:code --><\/p>\n<p><!-- wp:paragraph --><\/p>\n<p>Accept the default path (<code>~\/.ssh\/id_ed25519<\/code>) and set a strong passphrase. Your public key is .pub; your <a href=\"https:\/\/www.youstable.com\/blog\/private-key-for-ssl-certificate\/\">private key<\/a> must remain secret and never be shared.<\/p>\n<p><!-- \/wp:paragraph --><\/p>\n<p><!-- wp:heading --><\/p>\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"copy-your-public-key-to-the-server\"><strong>Copy Your Public Key to the Server<\/strong><\/h3>\n<p><!-- \/wp:heading --><\/p>\n<p><!-- wp:code --><\/p>\n<pre class=\"wp-block-code\"><code># Easiest method\nssh-copy-id user@your_server_ip\n\n# Manual method if ssh-copy-id isn't available\ncat ~\/.ssh\/id_ed25519.pub | ssh user@your_server_ip \"mkdir -p ~\/.ssh &amp;&amp; chmod 700 ~\/.ssh &amp;&amp; cat &gt;&gt; ~\/.ssh\/authorized_keys &amp;&amp; chmod 600 ~\/.ssh\/authorized_keys\"<\/code><\/pre>\n<p><!-- \/wp:code --><\/p>\n<p><!-- wp:paragraph --><\/p>\n<p>Test key login:<\/p>\n<p><!-- \/wp:paragraph --><\/p>\n<p><!-- wp:code --><\/p>\n<pre class=\"wp-block-code\"><code>ssh user@your_server_ip<\/code><\/pre>\n<p><!-- \/wp:code --><\/p>\n<p><!-- wp:heading --><\/p>\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"secure-your-ssh-server-hardening-checklist\"><strong>Secure Your SSH Server (Hardening Checklist)<\/strong><\/h2>\n<p><!-- \/wp:heading --><\/p>\n<p><!-- wp:heading --><\/p>\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"harden-sshd_config\"><strong>Harden sshd_config<\/strong><\/h3>\n<p><!-- \/wp:heading --><\/p>\n<p><!-- wp:paragraph --><\/p>\n<p>Edit the server\u2019s SSH daemon configuration at <code>\/etc\/ssh\/sshd_config<\/code>:<\/p>\n<p><!-- \/wp:paragraph --><\/p>\n<p><!-- wp:code --><\/p>\n<pre class=\"wp-block-code\"><code># Change default port (optional but reduces noise)\nPort 2222\n\n# Protocol and host keys\nProtocol 2\n\n# Disable root password login (use sudo user + keys)\nPermitRootLogin prohibit-password\n\n# Enforce key-based auth\nPasswordAuthentication no\nPubkeyAuthentication yes\nChallengeResponseAuthentication no\nKbdInteractiveAuthentication no\n\n# Restrict users or groups\nAllowUsers deploy adminuser\n\n# Secure algorithms (OpenSSH defaults are strong; ensure modern ciphers\/MACs if customizing)\n# Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com\n# MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com\n\n# Limit auth attempts and add login grace\nMaxAuthTries 3\nLoginGraceTime 20\n\n# Reduce info leakage\nPermitEmptyPasswords no\nX11Forwarding no\nUsePAM yes<\/code><\/pre>\n<p><!-- \/wp:code --><\/p>\n<p><!-- wp:paragraph --><\/p>\n<p>Apply changes:<\/p>\n<p><!-- \/wp:paragraph --><\/p>\n<p><!-- wp:code --><\/p>\n<pre class=\"wp-block-code\"><code>sudo sshd -t        # syntax check\nsudo systemctl restart ssh || sudo systemctl restart sshd<\/code><\/pre>\n<p><!-- \/wp:code --><\/p>\n<p><!-- wp:heading --><\/p>\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"firewall-rate-limiting-and-2fa\"><strong>Firewall, Rate Limiting, and 2FA<\/strong><\/h3>\n<p><!-- \/wp:heading --><\/p>\n<p><!-- wp:list --><\/p>\n<ul class=\"wp-block-list\">\n<li><strong>Firewall:<\/strong> Allow only your SSH port; optionally restrict by source IP.<\/li>\n<li><strong>Fail2ban\/SSHGuard:<\/strong> Ban repeated failed logins to block brute-force attempts.<\/li>\n<li><strong>2 Factor Auth:<\/strong> Use PAM modules (e.g., Google Authenticator) for high-security environments.<\/li>\n<li>Updates: Keep OpenSSH and the OS updated to patch vulnerabilities.<\/li>\n<\/ul>\n<p><!-- \/wp:list --><\/p>\n<p><!-- wp:heading --><\/p>\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"day-to-day-ssh-usage\"><strong>Day-to-Day SSH Usage<\/strong><\/h2>\n<p><!-- \/wp:heading --><\/p>\n<p><!-- wp:heading --><\/p>\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"run-remote-commands-and-manage-sessions\"><strong>Run Remote Commands and Manage Sessions<\/strong><\/h3>\n<p><!-- \/wp:heading --><\/p>\n<p><!-- wp:code --><\/p>\n<pre class=\"wp-block-code\"><code># Interactive shell\nssh user@host\n\n# One-off command (no interactive shell)\nssh user@host \"uname -a &amp;&amp; df -h\"\n\n# Allocate TTY for sudo or interactive tools\nssh -t user@host \"sudo systemctl status nginx\"<\/code><\/pre>\n<p><!-- \/wp:code --><\/p>\n<p><!-- wp:paragraph --><\/p>\n<p>End a session with <code>exit<\/code> or <code>Ctrl+D<\/code>. For long-running commands, consider <code>tmux<\/code> or <code>screen<\/code> to keep tasks alive after disconnects.<\/p>\n<p><!-- \/wp:paragraph --><\/p>\n<p><!-- wp:heading --><\/p>\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"secure-file-transfers-scp-sftp-rsync\"><strong>Secure File Transfers: SCP, SFTP, rsync<\/strong><\/h3>\n<p><!-- \/wp:heading --><\/p>\n<p><!-- wp:code --><\/p>\n<pre class=\"wp-block-code\"><code># Copy a file to server\nscp file.tar.gz user@host:\/var\/www\/\n\n# Copy a directory from server\nscp -r user@host:\/etc\/nginx\/ conf_backup\/\n\n# SFTP interactive session\nsftp user@host\n\n# rsync over SSH (fast, resumes, excludes)\nrsync -avz -e ssh --progress .\/site\/ user@host:\/var\/www\/site\/<\/code><\/pre>\n<p><!-- \/wp:code --><\/p>\n<p><!-- wp:heading --><\/p>\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"port-forwarding-and-tunneling\"><strong>Port Forwarding and Tunneling<\/strong><\/h3>\n<p><!-- \/wp:heading --><\/p>\n<p><!-- wp:list --><\/p>\n<ul class=\"wp-block-list\">\n<li><strong>Local Forward (-L):<\/strong> Access a remote service through a local port.<\/li>\n<li><strong>Remote Forward (-R):<\/strong> Expose a local service on the remote server.<\/li>\n<li><strong>Dynamic Proxy (-D):<\/strong> Create a SOCKS proxy for secure browsing through the server.<\/li>\n<\/ul>\n<p><!-- \/wp:list --><\/p>\n<p><!-- wp:code --><\/p>\n<pre class=\"wp-block-code\"><code># Local: open localhost:8080 to reach remote-db:5432 via the server\nssh -L 8080:remote-db:5432 user@server\n\n# Remote: expose local service:8000 on server port 9000\nssh -R 9000:localhost:8000 user@server\n\n# Dynamic: SOCKS5 proxy on localhost:1080\nssh -D 1080 user@server<\/code><\/pre>\n<p><!-- \/wp:code --><\/p>\n<p><!-- wp:paragraph --><\/p>\n<p>Use cases include safely viewing admin panels, <a href=\"https:\/\/www.youstable.com\/blog\/error-establishing-database-connection\/\">connecting to databases<\/a> without exposing their ports, or browsing securely in untrusted networks.<\/p>\n<p><!-- \/wp:paragraph --><\/p>\n<p><!-- wp:heading --><\/p>\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"speed-up-ssh-with-config-and-multiplexing\"><strong>Speed Up SSH with Config and Multiplexing<\/strong><\/h3>\n<p><!-- \/wp:heading --><\/p>\n<p><!-- wp:paragraph --><\/p>\n<p>Create a per-host config to simplify commands and speed up connections via multiplexing:<\/p>\n<p><!-- \/wp:paragraph --><\/p>\n<p><!-- wp:code --><\/p>\n<pre class=\"wp-block-code\"><code>mkdir -p ~\/.ssh &amp;&amp; chmod 700 ~\/.ssh\nnano ~\/.ssh\/config\n\n# Example\nHost prod\n  HostName 198.51.100.10\n  User deploy\n  Port 2222\n  IdentityFile ~\/.ssh\/id_ed25519\n  ServerAliveInterval 30\n  ServerAliveCountMax 3\n  ControlMaster auto\n  ControlPath ~\/.ssh\/cm-%r@%h:%p\n  ControlPersist 10m<\/code><\/pre>\n<p><!-- \/wp:code --><\/p>\n<p><!-- wp:paragraph --><\/p>\n<p>Now connect with <code>ssh prod<\/code>. Multiplexing reuses a single TCP connection for speed across multiple sessions, SCP, and rsync.<\/p>\n<p><!-- \/wp:paragraph --><\/p>\n<p><!-- wp:heading --><\/p>\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"troubleshooting-ssh-on-linux-server\"><strong>Troubleshooting SSH on Linux Server<\/strong><\/h2>\n<p><!-- \/wp:heading --><\/p>\n<p><!-- wp:heading --><\/p>\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"common-errors-and-fixes\"><strong>Common Errors and Fixes<\/strong><\/h3>\n<p><!-- \/wp:heading --><\/p>\n<p><!-- wp:list --><\/p>\n<ul class=\"wp-block-list\">\n<li><strong>Permission denied (publickey):<\/strong> Ensure <code>~\/.ssh\/authorized_keys<\/code> exists, set <code>chmod 700 ~\/.ssh<\/code> and <code>chmod 600 ~\/.ssh\/authorized_keys<\/code>, and confirm you\u2019re using the correct key and user.<\/li>\n<li><strong>Connection refused or timed out:<\/strong> Verify the SSH service is running, the correct port is open in the firewall\/security group, and you have the right IP\/DNS.<\/li>\n<li><strong>Host key changed:<\/strong> Confirm if the server was reinstalled or IP reassigned. Compare fingerprints out-of-band; only then remove the old entry from <code>~\/.ssh\/known_hosts<\/code>.<\/li>\n<li><strong>Agent\/Passphrase issues:<\/strong> Start <code>ssh-agent<\/code> and add your key with <code>ssh-add<\/code>. On macOS, use the Keychain integration; on Linux, use your desktop\u2019s keyring or <code>ssh-agent<\/code>.<\/li>\n<\/ul>\n<p><!-- \/wp:list --><\/p>\n<p><!-- wp:heading --><\/p>\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"useful-diagnostics\"><strong>Useful Diagnostics<\/strong><\/h3>\n<p><!-- \/wp:heading --><\/p>\n<p><!-- wp:code --><\/p>\n<pre class=\"wp-block-code\"><code># Client-side verbose output\nssh -vvv user@host\n\n# Server logs (Debian\/Ubuntu)\nsudo journalctl -u ssh -f\n# Server logs (RHEL family)\nsudo journalctl -u sshd -f\n\n# Test if port is listening\nsudo ss -tlnp | grep ssh\nsudo lsof -i :22<\/code><\/pre>\n<p><!-- \/wp:code --><\/p>\n<p><!-- wp:heading --><\/p>\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"best-practices-for-teams-and-production\"><strong>Best Practices for Teams and Production<\/strong><\/h2>\n<p><!-- \/wp:heading --><\/p>\n<p><!-- wp:list --><\/p>\n<ul class=\"wp-block-list\">\n<li>Use unique user accounts with sudo, not shared root.<\/li>\n<li>Enforce <a href=\"https:\/\/www.youstable.com\/blog\/ssh-keys-vs-password-authentication\/\">SSH key authentication and disable password<\/a> logins.<\/li>\n<li>Rotate keys on offboarding; use <code>AuthorizedKeysCommand<\/code> with centralized IAM for larger teams.<\/li>\n<li>Use a bastion\/jump host and restrict direct internet access to private servers.<\/li>\n<li>Limit SSH by source IP where possible; monitor and alert on auth logs.<\/li>\n<li>Automate hardened baselines via Ansible\/Terraform and test changes in staging first.<\/li>\n<li>Back up critical configs (<code>sshd_config<\/code>, <code>authorized_keys<\/code>) and document your process.<\/li>\n<\/ul>\n<p><!-- \/wp:list --><\/p>\n<p><!-- wp:paragraph --><\/p>\n<p>If you need a reliable environment to practice and deploy, YouStable\u2019s VPS hosting provides full root access, IPv4, fast NVMe storage, and SSH pre-enabled out of the box. Our support team can help you get secure, key-based access running smoothly without guesswork.<\/p>\n<p><!-- \/wp:paragraph --><\/p>\n<p><!-- wp:heading --><\/p>\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"ssh-commands-cheat-sheet\"><strong>SSH Commands Cheat Sheet<\/strong><\/h2>\n<p><!-- \/wp:heading --><\/p>\n<p><!-- wp:code --><\/p>\n<pre class=\"wp-block-code\"><code># Basic connect\nssh user@host\n\n# Custom port\nssh -p 2222 user@host\n\n# One-off command\nssh user@host \"uptime &amp;&amp; whoami\"\n\n# Generate keys\nssh-keygen -t ed25519\n\n# Copy key\nssh-copy-id user@host\n\n# File transfer\nscp local.txt user@host:\/tmp\/\nrsync -avz -e ssh dir\/ user@host:\/srv\/dir\/\n\n# Tunnels\nssh -L 8080:localhost:80 user@host\nssh -D 1080 user@host\n\n# Multiplexing (config)\n# ControlMaster auto; ControlPersist 10m\n\n# Restart sshd after changes\nsudo systemctl restart ssh   # Debian\/Ubuntu\nsudo systemctl restart sshd  # RHEL family<\/code><\/pre>\n<p><!-- \/wp:code --><\/p>\n<p><!-- wp:heading --><\/p>\n<p><!-- \/wp:heading --><\/p>\n<p><!-- wp:heading --><\/p>\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"faqs\"><strong>FAQ&#8217;s<\/strong><\/h2>\n<p><!-- \/wp:heading --><\/p>\n<p><!-- wp:rank-math\/faq-block {\"questions\":[{\"id\":\"faq-question-1765791200583\",\"title\":\"\\u003cstrong\\u003eWhat port does SSH use, and should I change it?\\u003c\/strong\\u003e\",\"content\":\"SSH listens on TCP port 22 by default. Changing the port (for example, to 2222) can reduce automated scans and log noise but isn\u2019t a substitute for strong security. Always pair a nonstandard port with key-only authentication, firewall rules, and intrusion prevention like Fail2ban.\",\"visible\":true},{\"id\":\"faq-question-1765791217238\",\"title\":\"\\u003cstrong\\u003eHow do I fix \u201cPermission denied (publickey)\u201d on SSH?\\u003c\/strong\\u003e\",\"content\":\"Ensure your public key is in \\u003ccode\\u003e~\/.ssh\/authorized_keys\\u003c\/code\\u003e on the server, with permissions \\u003ccode\\u003e700\\u003c\/code\\u003e for \\u003ccode\\u003e~\/.ssh\\u003c\/code\\u003e and \\u003ccode\\u003e600\\u003c\/code\\u003e for \\u003ccode\\u003eauthorized_keys\\u003c\/code\\u003e. Confirm you\u2019re using the right user, key file (\\u003ccode\\u003e-i\\u003c\/code\\u003e), and host. Check server logs with \\u003ccode\\u003ejournalctl -u ssh(-d)\\u003c\/code\\u003e and test with \\u003ccode\\u003essh -vvv\\u003c\/code\\u003e.\",\"visible\":true},{\"id\":\"faq-question-1765791225758\",\"title\":\"\\u003cstrong\\u003eIs SSH safe to use over public Wi\u2011Fi?\\u003c\/strong\\u003e\",\"content\":\"Yes\u2014SSH encrypts traffic end to end. Use key-based logins with a passphrase, verify host keys, and avoid bypassing warnings. For extra protection, enable two-factor authentication and consider a SOCKS proxy (\\u003ccode\\u003essh -D\\u003c\/code\\u003e) to tunnel your browsing through your server.\",\"visible\":true},{\"id\":\"faq-question-1765791233123\",\"title\":\"\\u003cstrong\\u003eWhat\u2019s the difference between SSH, SFTP, and SCP?\\u003c\/strong\\u003e\",\"content\":\"SSH provides the secure channel and shell access. SFTP is a file transfer subsystem over SSH with interactive commands. SCP is a simpler copy protocol over SSH. For large or incremental transfers, \\u003ccode\\u003ersync -e ssh\\u003c\/code\\u003e is often preferred due to speed and resume capability.\",\"visible\":true}]} --><\/p>\n<div class=\"wp-block-rank-math-faq-block\">\n<div class=\"rank-math-faq-item\">\n<h3 class=\"rank-math-question\" class=\"rank-math-question\" id=\"what-port-does-ssh-use-and-should-i-change-it\"><strong>What port does SSH use, and should I change it?<\/strong><\/h3>\n<div class=\"rank-math-answer\">SSH listens on TCP port 22 by default. Changing the port (for example, to 2222) can reduce automated scans and log noise but isn\u2019t a substitute for strong security. Always pair a nonstandard port with key-only authentication, firewall rules, and intrusion prevention like Fail2ban.<\/div>\n<\/div>\n<div class=\"rank-math-faq-item\">\n<h3 class=\"rank-math-question\" class=\"rank-math-question\" id=\"how-do-i-fix-permission-denied-publickey-on-ssh\"><strong>How do I fix \u201cPermission denied (publickey)\u201d on SSH?<\/strong><\/h3>\n<div class=\"rank-math-answer\">Ensure your public key is in <code>~\/.ssh\/authorized_keys<\/code> on the server, with permissions <code>700<\/code> for <code>~\/.ssh<\/code> and <code>600<\/code> for <code>authorized_keys<\/code>. Confirm you\u2019re using the right user, key file (<code>-i<\/code>), and host. Check server logs with <code>journalctl -u ssh(-d)<\/code> and test with <code>ssh -vvv<\/code>.<\/div>\n<\/div>\n<div class=\"rank-math-faq-item\">\n<h3 class=\"rank-math-question\" class=\"rank-math-question\" id=\"is-ssh-safe-to-use-over-public-wi-fi\"><strong>Is SSH safe to use over public Wi\u2011Fi?<\/strong><\/h3>\n<div class=\"rank-math-answer\">Yes\u2014SSH encrypts traffic end to end. Use key-based logins with a passphrase, verify host keys, and avoid bypassing warnings. For extra protection, enable two-factor authentication and consider a SOCKS proxy (<code>ssh -D<\/code>) to tunnel your browsing through your server.<\/div>\n<\/div>\n<div class=\"rank-math-faq-item\">\n<h3 class=\"rank-math-question\" class=\"rank-math-question\" id=\"whats-the-difference-between-ssh-sftp-and-scp\"><strong>What\u2019s the difference between SSH, SFTP, and SCP?<\/strong><\/h3>\n<div class=\"rank-math-answer\">SSH provides the secure channel and shell access. SFTP is a file transfer subsystem over SSH with interactive commands. SCP is a simpler copy protocol over SSH. For large or incremental transfers, <code>rsync -e ssh<\/code> is often preferred due to speed and resume capability.<\/div>\n<\/div>\n<\/div>\n<p><!-- \/wp:rank-math\/faq-block --><\/p>","protected":false},"excerpt":{"rendered":"<p>SSH (Secure Shell) is the encrypted protocol used to securely access and manage a Linux server from anywhere. To use [&hellip;]<\/p>\n","protected":false},"author":21,"featured_media":13793,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[350],"tags":[],"class_list":["post-13228","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-knowledgebase"],"acf":[],"featured_image_src":"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/What-is-SSH-on-Linux-Server.jpg","author_info":{"display_name":"Sanjeet Chauhan","author_link":"https:\/\/www.youstable.com\/blog\/author\/sanjeet"},"_links":{"self":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/13228","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/users\/21"}],"replies":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/comments?post=13228"}],"version-history":[{"count":6,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/13228\/revisions"}],"predecessor-version":[{"id":13795,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/13228\/revisions\/13795"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/media\/13793"}],"wp:attachment":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/media?parent=13228"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/categories?post=13228"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/tags?post=13228"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}