1. To securely connect to the remote server using SSH, you need to generate a key pair and configure the client and server. First, execute ssh-keygen to generate the key and set passphrase protection, add the public key to the server authorized_keys file to achieve password-free login; 2. Configure alias by editing ~/.ssh/config and enable connection reuse to improve connection efficiency; 3. Modify sshd_config to prohibit root login, turn off password authentication, and restrict logged in users to enhance security; 4. When connecting to an intranet server, you can transfer through the springboard machine through the -J parameter or ProxyJump configuration. Properly managing keys and optimizing configuration ensures that SSH connections are both convenient and secure.
Using SSH to connect to a remote server is a very basic and important operation in system management and daily operations. As long as it is properly configured, SSH can provide encrypted communication, authentication, and secure transmission capabilities. Here are some key points and practical suggestions to help you securely connect to remote servers with SSH.
Generate and log in with a key pair
Compared to password login, using SSH keys is more secure and more convenient. You can generate a pair of keys by following the steps below:
- Execute the
ssh-keygencommand to generate the default RSA key (you can also add-t ed25519to use a more modern algorithm) - Set an optional passphrase (password-like protection mechanism) to increase security
- Add the public key (usually
~/.ssh/id_rsa.pubor~/.ssh/id_ed25519.pub) content to the target server's~/.ssh/authorized_keysfile
Once set up, you can log in without password next time you connect.
Tip: Don’t copy private key files at will and store them everywhere, it is equivalent to your "digital ID card". If multiple devices are required to log in, different keys can be generated for each device and added to the server separately.
Configure SSH client options to improve experience
The default behavior of SSH is enough, but a little tweaking of the configuration can make the connection process easier. These configurations are written in the local user's ~/.ssh/config file:
- You can alias common servers, such as:
Host myserver HostName example.com User yourname IdentityFile ~/.ssh/id_ed25519
- Enable connection multiplexing can speed up multiple connections:
ControlMaster auto ControlPath ~/.ssh/sockets/%r@%h-%p ControlPersist 600
(Provided that you created the
.ssh/socketsdirectory)
In this way, you only need to enter ssh myserver to quickly connect.
Restrict SSH permissions on the server
In order to further improve security, you can make some restrictive configurations on the server, modify the /etc/ssh/sshd_config file and restart the sshd service to take effect:
- Disable root login:
PermitRootLogin no - Close password login, only key login is allowed:
PasswordAuthentication no - Change the default port (not recommended if not necessary):
Port 2222 - Restrict users who are allowed to log in:
AllowUsers user1 user2
Remember to confirm that you have other ways to access the server before modifying it, otherwise you may lock yourself outside.
Use springboard machine or proxy to connect to the intranet server
If you are connecting to an intranet server without a public IP, you can connect indirectly through a springboard machine (Jump Host). There are two methods:
Use the
-Jparameter to specify the springboard machine at one time:ssh -J user@gateway user@internal-server
Configure ProxyJump in
~/.ssh/config:Host internal-server HostName 192.168.1.10 User appuser ProxyJump gateway-user@gateway-host
In this way, even if the target server is not on the public network, it can be used like a direct connection.
Basically that's it. SSH is very powerful, but mastering the above common practices can meet the needs of most scenarios. The key is to manage the key well and configure the client and server reasonably, so that the connection is fast and safe.
The above is the detailed content of How to use ssh to connect securely to a remote server?. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undress AI Tool
Undress images for free
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
How to troubleshoot DNS issues on a Linux machine?
Jul 07, 2025 am 12:35 AM
When encountering DNS problems, first check the /etc/resolv.conf file to see if the correct nameserver is configured; secondly, you can manually add public DNS such as 8.8.8.8 for testing; then use nslookup and dig commands to verify whether DNS resolution is normal. If these tools are not installed, you can first install the dnsutils or bind-utils package; then check the systemd-resolved service status and configuration file /etc/systemd/resolved.conf, and set DNS and FallbackDNS as needed and restart the service; finally check the network interface status and firewall rules, confirm that port 53 is not
Install Guacamole for Remote Linux/Windows Access in Ubuntu
Jul 08, 2025 am 09:58 AM
As a system administrator, you may find yourself (today or in the future) working in an environment where Windows and Linux coexist. It is no secret that some big companies prefer (or have to) run some of their production services in Windows boxes an
How to find my private and public IP address in Linux?
Jul 09, 2025 am 12:37 AM
In Linux systems, 1. Use ipa or hostname-I command to view private IP; 2. Use curlifconfig.me or curlipinfo.io/ip to obtain public IP; 3. The desktop version can view private IP through system settings, and the browser can access specific websites to view public IP; 4. Common commands can be set as aliases for quick call. These methods are simple and practical, suitable for IP viewing needs in different scenarios.
How to Install NodeJS 14 / 16 & NPM on Rocky Linux 8
Jul 13, 2025 am 09:09 AM
Built on Chrome’s V8 engine, Node.JS is an open-source, event-driven JavaScript runtime environment crafted for building scalable applications and backend APIs. NodeJS is known for being lightweight and efficient due to its non-blocking I/O model and
System requirements to install linux
Jul 20, 2025 am 03:49 AM
Linuxcanrunonmodesthardwarewithspecificminimumrequirements.A1GHzprocessor(x86orx86_64)isneeded,withadual-coreCPUrecommended.RAMshouldbeatleast512MBforcommand-lineuseor2GBfordesktopenvironments.Diskspacerequiresaminimumof5–10GB,though25GBisbetterforad
How to Install MySQL 8.0 on Rocky Linux and AlmaLinux
Jul 12, 2025 am 09:21 AM
Written in C, MySQL is an open-source, cross-platform, and one of the most widely used Relational Database Management Systems (RDMS). It’s an integral part of the LAMP stack and is a popular database management system in web hosting, data analytics,
Ubuntu 25.04 'Plucky Puffin”: A Bold Leap Forward with GNOME 48 and HDR Brilliance
Jul 12, 2025 am 09:28 AM
Ubuntu has long stood as a bastion of accessibility, polish, and power in the Linux ecosystem. With the arrival of Ubuntu 25.04, codenamed “Plucky Puffin”, Canonical has once again demonstrated its commitment to delivering a
How to Install MongoDB on Rocky Linux and AlmaLinux
Jul 12, 2025 am 09:29 AM
MongoDB is a high-performance, highly scalable document-oriented NoSQL database built to manage heavy traffic and vast amounts of data. Unlike traditional SQL databases that store data in rows and columns within tables, MongoDB structures data in a J
