SSH (Secure Shell) is a way to securely connect to another computer over the internet. When you “SSH into a server,” you’re opening a terminal on that remote machine and running commands as if you were sitting in front of it.
It’s how developers manage servers, deploy code, and transfer files — all encrypted so nobody can snoop on the connection.
What SSH looks like
ssh alice@192.168.1.100This connects to the machine at 192.168.1.100 as the user alice. You get a terminal prompt on that machine and can run any command.
alice@server:~$ ls /var/www
html my-app backups
alice@server:~$ sudo systemctl restart nginx
alice@server:~$ exitType exit to disconnect.
How SSH works (simplified)
- Your computer contacts the server: “I want to connect as alice”
- The server says: “Prove you’re alice”
- You prove it with either a password or an SSH key
- An encrypted tunnel is established
- Everything you type travels through that tunnel — encrypted
Nobody between you and the server can see what you’re doing. Not your ISP, not the coffee shop WiFi, nobody.
Passwords vs. SSH keys
Passwords — simple but weak:
- You type a password every time
- Can be brute-forced
- If someone sees you type it, they have access
SSH keys — the right way:
- You generate a key pair: a private key (stays on your computer) and a public key (goes on the server)
- The server challenges you, your private key proves your identity
- No password to type, no password to steal
- Much harder to crack than any password
# Generate a key pair
ssh-keygen -t ed25519 -C "your@email.com"
# Copy the public key to the server
ssh-copy-id alice@192.168.1.100
# Now connect without a password
ssh alice@192.168.1.100For the full setup guide, see the SSH cheat sheet.
Common uses
Managing servers:
ssh deploy@production-server
# Check logs, restart services, debug issuesGit (GitHub, GitLab):
git clone git@github.com:user/repo.git
# Uses SSH to authenticate with GitHubCopying files:
# Copy a file to the server
scp ./app.zip alice@server:/home/alice/
# Copy from the server
scp alice@server:/var/log/app.log ./Port forwarding (tunnels):
# Access a remote database through an SSH tunnel
ssh -L 5432:localhost:5432 alice@server
# Now connect to localhost:5432 to reach the server's PostgreSQLThis is incredibly useful when a database isn’t exposed to the internet but you need to access it from your laptop.
The SSH config file
Instead of typing long commands, save them in ~/.ssh/config:
Host prod
HostName 203.0.113.50
User deploy
IdentityFile ~/.ssh/deploy_key
Host staging
HostName 203.0.113.51
User deploy
IdentityFile ~/.ssh/deploy_keyNow just type:
ssh prod
ssh stagingCommon issues
- “Permission denied (publickey)” — your key isn’t on the server or has wrong permissions. See: Git permission denied fix
- “Connection refused” — the SSH server isn’t running or the port is wrong. See: ERR_CONNECTION_REFUSED fix
- “Host key verification failed” — the server’s identity changed (or you’re connecting for the first time)
SSH vs. other tools
| Tool | Use case |
|---|---|
| SSH | Terminal access, tunnels, file transfer |
| RDP | Windows remote desktop (graphical) |
| VNC | Remote desktop (any OS, graphical) |
| Telnet | Like SSH but unencrypted (never use this) |
SSH is the standard for server management. If you’re a developer, you’ll use it constantly.
Next steps
- Generate an SSH key:
ssh-keygen -t ed25519 - Add it to GitHub: Settings → SSH Keys → paste your public key
- Clone a repo with SSH:
git clone git@github.com:user/repo.git - Set up an
~/.ssh/configfile for servers you connect to often - Check out the full SSH cheat sheet for tunnels, agent forwarding, and more