Introduction

SSH, AKA Secure Shell or Secure Socket Shell,is a network protocol that gives remote users a secure way to access the computer over an unsecured network.

Common usage

The normal command to login with SSH is:

ssh -p port username@server-ip

The port number is your ssh server's port, default is 22, but for the security reason, it is offen assigned to an unprivileged port, like 20333,18992. When you login, you can manipulate your server like the local machine.

Basic Configuration

The configure files of SSH server reside in the /etc/ssh directory.Usually, the main file is /etc/ssh/sshd_config.

You can set the port number in this line: Port 23456

Set PasswordAuthentication to yes to ensure you can login with your password

SSH Keys and Public Key Authentication

The SSH protocol uses public key cryptography for authenticating hosts and users. The authentication keys, called SSH keys, are created using the keygen program.

SSH supports several public key algorithms for authentication keys. These include:

rsa - an old algorithm based on the difficulty of factoring large numbers. A key size of at least 2048 bits is recommended for RSA; 4096 bits is better. RSA is getting old and significant advances are being made in factoring. Choosing a different algorithm may be advisable. It is quite possible the RSA algorithm will become practically breakable in the foreseeable future. All SSH clients support this algorithm.

dsa - an old US government Digital Signature Algorithm. It is based on the difficulty of computing discrete logarithms. A key size of 1024 would normally be used with it. DSA in its original form is no longer recommended.

ecdsa - a new Digital Signature Algorithm standarized by the US government, using elliptic curves. This is probably a good algorithm for current applications. Only three key sizes are supported: 256, 384, and 521 (sic!) bits. We would recommend always using it with 521 bits, since the keys are still small and probably more secure than the smaller keys (even though they should be safe as well). Most SSH clients now support this algorithm.

ed25519 - this is a new algorithm added in OpenSSH. Support for it in clients is not yet universal. Thus its use in general purpose applications may not yet be advisable.

The algorithm is selected using the -t option and key size using the -b option. The following commands illustrate:

ssh-keygen -t rsa -b 4096

ssh-keygen -t dsa

ssh-keygen -t ecdsa -b 521

ssh-keygen -t ed25519

Copying SSH Keys to Servers

Once an SSH key has been created, the ssh-copy-id command can be used to install it as an authorized key on the server. Once the key has been authorized for SSH, it grants access to the server without a password.

ssh-copy-id -i ~/.ssh/mykey -p port user@host

Putty Usage

PuTTY is an SSH and telnet client, developed originally by Simon Tatham for the Windows platform. PuTTY is open source software that is available with source code and is developed and supported by a group of volunteers. The official website is here

launch "puttygen.exe" to generate key pair

1. Set the key type, ed25519 is recommended, or some other typies above.
2. Press the "Generate" button, then move your mouse until it's done.
3. save your public key to the file ~/.ssh/autorized_keys(ssh use loginuser's password), and save it to the local mechine.
4. Set key passphrase used for login in, or leave it empty(no recommend), then change the comment(optional).
5. save the private key to local mechine.

launch "putty.exe" to ssh to your server

1. Set the IP address and port in the "Session" tag
2. Select Connection>SSH>Auth, press the "Browse" button, then select the private key file we just save above.
3. Select Connection>Proxy, if you want connect via a proxy.
4. In the "Session" tag, input a name in the "Saved Sessions" field, then press the "Save" button. The next time, you can just double click the session name to start the ssh connection; or select the session name press the "Load" button, then press the "open" button to start the connection(or edit the session).
5. open the /etc/ssh/sshd_config file, set "PasswordAuthentication" to no to secure your server(This is optional).

launch "psftp.exe" to start the sftp connection

the SSH File Transfer Protocol (AKA, Secure File Transfer Protocol or SFTP) is a network protocol that provides file access, file transfer, and file management over any reliable data stream. So this is a secure and recommended way to download and upload your files.

1. Launch "psftp.exe" as administrator.
2. Input command: open session name. The session name is the name we saved above.
3. After login, use "put file" to upload file, and "get file" to download file.

Termux Usage

Termux is a free and open source terminal emulator for Android which allows for running a Linux environment on an Android device. In addition, various software can be installed through the application's package manager. The official website is here

1. Ensure that everything is up to date and package `openssh` is installed:
   pkg upgrade
   pkg install openssh
2. Generate a key pair:
   ssh-keygen -t ed25519 (can also be another type as above)
3. Copy the key to remote mechine:
   ssh-copy-id -p your_server_port -i id_ed25519.pub loginname@remote_ip
4. After that, use the private key to ssh the romote mechine:
   ssh -p your_server_port -i id_ed25519 loginname@remote_ip
5. Use sftp command to manage files:
   sftp -P your_server_port loginname@remote_ip