SSH (Secure Shell) is a way to securely connect to another computer over a network. You can run commands on a remote server as if you were sitting in front of it.

It's how developers connect to web servers, how sysadmins manage systems, and how you authenticate with GitHub.

Basic Connection

ssh username@hostname

Example:

ssh john@192.168.1.100
ssh deploy@myserver.com

You'll be asked for a password (or use SSH keys, covered below).

What You Can Do With SSH

  • Manage web servers - Deploy code, restart services, check logs
  • Connect to cloud instances - AWS, DigitalOcean, etc.
  • Access remote machines - Work computers, Raspberry Pi
  • Authenticate with GitHub - Push/pull without entering passwords
  • Transfer files - Using scp or sftp

SSH Keys vs Passwords

Two ways to authenticate:

Method How it works
Password Type password each time
SSH Keys Cryptographic key pair, no password needed

SSH keys are more secure and more convenient.

Creating SSH Keys

Generate a key pair:

ssh-keygen -t ed25519 -C "your_email@example.com"

Press Enter to accept the default location (~/.ssh/id_ed25519).

Optionally add a passphrase for extra security.

This creates two files:

  • ~/.ssh/id_ed25519 - Private key (never share this)
  • ~/.ssh/id_ed25519.pub - Public key (this goes on servers)

Adding Your Key to a Server

Copy your public key to the server:

ssh-copy-id username@hostname

Or manually:

cat ~/.ssh/id_ed25519.pub | ssh username@hostname "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"

Now you can connect without a password.

Adding Your Key to GitHub

  1. Copy your public key:

    pbcopy < ~/.ssh/id_ed25519.pub

  2. Go to GitHub → Settings → SSH and GPG keys → New SSH key

  3. Paste and save

  4. Test the connection:

    ssh -T git@github.com

The ~/.ssh Folder

Your SSH configuration lives here:

File Purpose
id_ed25519 Your private key
id_ed25519.pub Your public key
known_hosts Servers you've connected to
config Connection shortcuts

SSH Config File

Create shortcuts for frequent connections:

nano ~/.ssh/config

Add:

Host myserver
    HostName 192.168.1.100
    User john
    IdentityFile ~/.ssh/id_ed25519

Host work
    HostName work.company.com
    User jsmith
    Port 2222

Now connect with just:

ssh myserver
ssh work

Common SSH Commands

# Connect to a server
ssh user@hostname

# Connect on a different port
ssh -p 2222 user@hostname

# Run a single command remotely
ssh user@hostname "ls -la"

# Copy file to server
scp file.txt user@hostname:/path/

# Copy file from server
scp user@hostname:/path/file.txt ./

# Copy folder recursively
scp -r folder/ user@hostname:/path/

SSH Agent

The SSH agent remembers your keys so you don't re-enter passphrases:

# Start the agent
eval "\$(ssh-agent -s)"

# Add your key
ssh-add ~/.ssh/id_ed25519

On Mac, add to your ~/.ssh/config:

Host *
    AddKeysToAgent yes
    UseKeychain yes

Troubleshooting

"Permission denied (publickey)":

  • Your key isn't on the server
  • Wrong key being used
  • Key permissions wrong (should be 600)

Fix permissions:

chmod 600 ~/.ssh/id_ed25519
chmod 644 ~/.ssh/id_ed25519.pub
chmod 700 ~/.ssh

"Host key verification failed":

  • Server's identity changed (could be a new server or security issue)
  • Remove old entry: ssh-keygen -R hostname

Connection timeout:

  • Server is down
  • Firewall blocking port 22
  • Wrong hostname/IP

Security Tips

  1. Never share your private key - It's like your password
  2. Use passphrases - Protects your key if someone gets your computer
  3. Use ed25519 keys - More secure than older RSA keys
  4. Disable password auth on servers - Once keys work, turn off passwords

Keep Learning

SSH is essential for working with remote servers. The free course covers Terminal fundamentals that make SSH easier to use.

Check it out at Mac Terminal for Humans.