The Complete SSH Guide:

Server and Client Setup

#ssh
SSH (Secure Shell Protocol) is a cryptographic network
protocol for secure remote access to systems and services.

What is SSH?
SSH operates on a client-server model:

 SSH Server (sshd): Runs on the remote machine

 SSH Client (ssh): Runs on your local machine
Key benefits: encryption, authentication, integrity, port
forwarding.

SSH SERVER CONFIGURATION

1️⃣ Install OpenSSH Server
sudo apt update

 sudo – runs the command as a superuser (admin).

 apt – package manager for Debian/Ubuntu.
 update – refreshes the list of available software packages.

sudo apt install openssh-server

 Installs the OpenSSH server package, which allows your computer to accept SSH
connections from clients.

(On CentOS/RHEL, yum install openssh-server does the same thing.)

2️⃣ Enable and Start the SSH Service

sudo systemctl enable ssh
  systemctl – controls system services.
 enable – makes the SSH service start automatically every time the system boots.
 ssh – the name of the SSH daemon service.

sudo systemctl start ssh

 Starts the SSH service immediately (without waiting for reboot).

3️⃣ Check Service Status

sudo systemctl status ssh

 Displays whether the SSH server is running, stopped, or failed.

 Also shows logs and the listening port.

4️⃣ Edit the SSH Server Configuration

sudo nano /etc/ssh/sshd_config

 Opens the main SSH configuration file using nano text editor.
 This file controls how the SSH server behaves (authentication methods, ports,
permissions, etc.).

Important Settings:

Setting Description
Port 22
Defines which port SSH listens on. Changing it (e.g. to 2222) can
reduce random attack attempts.
PermitRootLogin no Disallows direct root login for security.
PasswordAuthentication
no Disables password logins, enforcing key-based access only.
PubkeyAuthentication yes Enables public/private key authentication.
AllowUsers alice bob Restricts login to specific users only.

5️⃣ Restart SSH to Apply Changes

sudo systemctl restart ssh

 Reloads the SSH service so new settings take effect.

6️⃣ Generate Host Keys (if missing)
sudo ssh-keygen -A

 ssh-keygen – generates SSH keys.

 -A – automatically generates all default host key types (RSA, ECDSA, etc.) that the SSH
server needs.

💻 SSH CLIENT CONFIGURATION

7️⃣ Install SSH Client
sudo apt install openssh-client

 Installs the SSH client program, which allows connecting to remote SSH servers.
 Usually already included by default on most systems.

8️⃣ Generate a Client Key Pair

ssh-keygen -t ed25519 -C "user@hostname"

 ssh-keygen – tool to create public/private key pairs.

 -t ed25519 – specifies the key type (Ed25519 = modern, secure, fast).
 -C "user@hostname" – optional comment added to the key (helps identify it later).
 Creates two files:
o ~/.ssh/id_ed25519 → private key (keep secret)
o ~/.ssh/id_ed25519.pub → public key (safe to share)

9️⃣ Copy the Public Key to the Server

ssh-copy-id username@server_ip

 Automatically appends your public key to the remote user’s ~/.ssh/authorized_keys

file.
 Allows passwordless SSH login (after initial authentication).

If ssh-copy-id isn’t available:

cat ~/.ssh/id_ed25519.pub | ssh username@server_ip "mkdir -p ~/.ssh && cat >>

~/.ssh/authorized_keys"
  cat ~/.ssh/id_ed25519.pub → prints your public key.
 | → pipes the output into another command.
 ssh username@server_ip → connects to the server via SSH.
 "mkdir -p ~/.ssh" → ensures .ssh directory exists.
 cat >> ~/.ssh/authorized_keys → appends your key to the authorized list.

🔟 Create Client Configuration File

nano ~/.ssh/config

 Opens or creates your SSH client configuration file.

Example:

Host myserver
HostName [Link]
User alice
Port 2222
IdentityFile ~/.ssh/id_ed25519

Explanation:

 Host myserver – nickname for this connection.

 HostName – actual IP or domain of the server.
 User – username used for SSH login.
 Port – SSH port (default is 22).
 IdentityFile – path to your private key.

Now you can simply run:

ssh myserver

instead of typing the full connection command.

1️⃣1️⃣ Connect to the SSH Server

ssh username@server_ip

 Starts an encrypted connection to the server.

 After authentication, you get shell access to the remote machine.
🔐 1️⃣2️⃣ Security Add-ons

Disable Passwords (once keys work)

sudo nano /etc/ssh/sshd_config

# Change:
PasswordAuthentication no

Then:

sudo systemctl restart ssh

Use a Firewall

sudo ufw allow 2222/tcp

sudo ufw enable

 Opens the custom SSH port (here, 2222).

 Enables the firewall.

Prevent Brute Force (optional)

sudo apt install fail2ban

 Installs Fail2Ban, which blocks IPs that try too many failed logins.

File transfer in Linux using the three

main SSH-based tools:
✅ SCP (Secure Copy)
✅ RSYNC (Remote Synchronization)
✅ SFTP (Secure File Transfer Protocol)

All three work over SSH, which means they encrypt data and authentication.

🧱 1️⃣ SCP (Secure Copy)

🔍 What it is:
scp is the simplest SSH-based command to copy files between local and remote systems.
It behaves like the cp command, but supports remote targets.

🧾 Basic Syntax:
scp [options] source destination

📤 Copy from Local → Remote:

scp [Link] user@remote_host:/home/user/

Explanation:

 [Link] → the file to send

 user@remote_host → username and IP/hostname of remote system
 /home/user/ → destination directory on the remote system

✅ This will ask for your SSH password unless key-based authentication is set.

📥 Copy from Remote → Local:

scp user@remote_host:/home/user/[Link] /local/directory/

📁 Copy Directories:
scp -r myfolder user@remote_host:/home/user/

 -r → recursive (copies folders and subfolders)

⚙️Useful Options:

Option Meaning
-P 2222 Use a custom SSH port (default is 22)
-C Enable compression (faster for text files)
-v Verbose mode (debugging info)
-i keyfile Specify a private key for authentication

⚡ 2️⃣ RSYNC (Remote Synchronization)

🔍 What it is:

rsync synchronizes files or directories between local and remote systems.

It only transfers changed data, making it much faster and efficient than SCP for repeated
syncs.

🧾 Basic Syntax:
rsync [options] source destination

📤 Local → Remote:
rsync -avz [Link] user@remote_host:/home/user/

Explanation:

 -a → archive mode (preserves permissions, timestamps, etc.)

 -v → verbose
 -z → compress data during transfer

📥 Remote → Local:
rsync -avz user@remote_host:/home/user/[Link] /local/directory/

📁 Sync Entire Directory:

rsync -avz /home/localdir/ user@remote_host:/home/remotedir/

✅ The trailing slash / matters:

 /home/localdir/ → copies contents of localdir

 /home/localdir → copies the directory itself

🔁 Synchronize Two Directories:

rsync -avz --delete /home/localdir/ user@remote_host:/home/remotedir/

 --delete → removes files on the remote that no longer exist locally

 Useful for backups or mirroring
⚙️Useful Options:

Option Description
-e ssh Force rsync to use SSH (default behavior)
--progress Show real-time progress
--dry-run Test what would happen (no changes made)
--exclude 'pattern' Skip matching files/folders

🌐 3️⃣ SFTP (Secure File Transfer Protocol)

🔍 What it is:

An interactive, FTP-like shell for transferring files over SSH.

It supports commands like ls, cd, get, and put.

🧾 Start an SFTP Session:

sftp user@remote_host

You’ll see a prompt like:

sftp>

📋 Common SFTP Commands:

Command Description
ls List files on remote system
cd dir Change remote directory
pwd Show current remote directory
lpwd Show current local directory
lcd dir Change local directory
get file Download a file from remote to local
put file Upload a file from local to remote
mget *.txt Download multiple files
mput *.log Upload multiple files
mkdir dir Create a directory on remote
rm file Delete remote file
exit / bye Close the session
📤 Example (Upload a file):
sftp user@[Link]
sftp> put [Link]

📥 Example (Download a file):

sftp> get /home/user/[Link]

⚙️Non-Interactive SFTP (One-liner):

sftp user@remote_host:/remote/path/[Link] /local/path/

Or using batch mode:

sftp -b [Link] user@remote_host

Where [Link] contains SFTP commands (e.g., cd /data, mget *.log).

🔒 Comparison Summary
Resume
Tool Protocol Interactive? Efficient? Typical Use
Support
SCP SSH ❌ No ⚙️Basic copy ❌ No Quick one-time copy
✅ Very
RSYNC SSH ❌ No ✅ Yes Backups, syncing folders
efficient
Manual file browsing and
SFTP SSH ✅ Yes ⚙️Moderate ✅ Yes
transfer