SSH and Remote Access
By the end of this lesson you'll be able to open an encrypted shell on a remote server, set up passwordless key-based login, recognise host-key prompts, and move files back and forth with scp and sftp — the everyday toolkit for working on machines you can't physically touch.
Learn SSH and Remote Access in our free Command Line course — an interactive lesson with worked examples, a practice exercise and a quick reference.
Part of the free Cli course at LearnCodingFast — hands-on lessons with examples you run in your browser, plus practice exercises and a quick quiz.
1. Opening a Remote Shell
SSH (Secure Shell) gives you an encrypted command line on another machine. The basic form is ssh user@host — your username on the server, then the address. SSH uses port 22 by default; if a server listens elsewhere, add -p , as in ssh -p 2222 user@host . You can also tack a command on the end to run it remotely and return immediately.
2. Host Keys & known_hosts
The first time you connect to a server, SSH has no record of it, so it prints the server's fingerprint and asks you to confirm. Say yes only if it matches what you expect. SSH then stores that host key in ~/.ssh/known_hosts . On every later connection it compares the server's key against this file — and warns you loudly if it changed, which is how SSH catches impersonation or a man-in-the-middle attack.
3. Generating a Key Pair
Key-based auth starts with ssh-keygen -t ed25519 -C "you@example.com" , which creates a key pair : a private key ( ~/.ssh/id_ed25519 ) you keep secret, and a public key ( ~/.ssh/id_ed25519.pub ) that's safe to share. You put the public key on servers; the private key never leaves your machine — don't email it, commit it, or paste it anywhere.
4. Installing Your Public Key
To enable passwordless login, your public key needs to live on the server. ssh-copy-id user@host does this for you: it appends your .pub key to the server's ~/.ssh/authorized_keys — the file listing every public key allowed to log in as you. It asks for your password just once to do the install; after that, ssh user@host logs you in automatically with your key.
5. Host Shortcuts with ~/.ssh/config
Typing ssh -p 2222 -i ~/.ssh/id_ed25519 ada@server.example.com every time is tedious. The ~/.ssh/config file lets you save those settings under a short nickname using a Host block with HostName , User , Port , and IdentityFile . Then you just run ssh myserver . Bonus: scp and sftp read this file too.
6. Transferring Files: scp & sftp
SSH also moves files. scp (secure copy) sends them over the same encrypted channel: scp localfile user@host:/path/ copies to the remote host, scp user@host:/path/file . copies one back , and -r copies a whole directory. For an interactive session where you browse and grab files, use sftp user@host .
Fill in the blank marked ___ using the # 👉 hint, then picture the prompt you'd land on.
Two blanks: pick the key type, and the tool that installs your public key on the server. Then check the output.
No blanks this time — just a brief and an outline. Wire up a ~/.ssh/config shortcut, confirm your key is on the server, then push a release file using your new nickname. Check your result against the goal in the comments.
Practice quiz
What is the default SSH port?
- 22
- 80
- 443
- 2222
Answer: 22. SSH listens on TCP port 22 by default. Use -p to connect to a different port.
Which key do you copy to the server so you can log in?
- The private key
- The host key
- The public key
- The passphrase
Answer: The public key. You install your PUBLIC key on the server (in authorized_keys). The private key stays on your machine.
Which key must you keep secret and never share?
- The public key
- The private key
- The known_hosts file
- The server fingerprint
Answer: The private key. The private key (for example ~/.ssh/id_ed25519) must stay secret. Only the public key is safe to share.
What does ssh-copy-id do?
- Generates a new key pair
- Deletes the known_hosts file
- Forwards the ssh-agent
- Installs your public key into the server's authorized_keys
Answer: Installs your public key into the server's authorized_keys. ssh-copy-id appends your public key to the remote ~/.ssh/authorized_keys so key-based login works.
Which file stores the fingerprints of servers you have connected to?
- ~/.ssh/known_hosts
- ~/.ssh/config
- ~/.ssh/authorized_keys
- ~/.ssh/id_ed25519
Answer: ~/.ssh/known_hosts. known_hosts records each server's host key so SSH can warn you if a host's identity changes.
Which command copies a file to a remote host over SSH?
- ftp
- scp
- rsh
- telnet
Answer: scp. scp (secure copy) transfers files over SSH, for example: scp localfile user@host:/path/
What does ~/.ssh/config let you do?
- Generate key pairs automatically
- Store your password in plain text
- Disable encryption
- Save per-host connection settings and shortcuts
Answer: Save per-host connection settings and shortcuts. The config file defines Host blocks (HostName, User, Port, IdentityFile) so you can just type ssh myserver.
Key-based authentication compared with passwords:
- Keys require typing a password every time
- Keys disable encryption
- Keys are more secure and allow passwordless login
- Passwords are always more secure
Answer: Keys are more secure and allow passwordless login. Key auth is stronger and enables passwordless login; many servers disable password auth entirely.
What does ssh-keygen -t ed25519 create?
- A copy of the known_hosts file
- A key pair: a private key and a public key
- A single shared password
- A connection to a remote host
Answer: A key pair: a private key and a public key. ssh-keygen generates a pair: a private key (kept secret) and a matching .pub public key.
What does ssh -A do?
- Forwards your ssh-agent to the remote host
- Changes the SSH port
- Adds a new public key
- Aborts the connection
Answer: Forwards your ssh-agent to the remote host. ssh -A forwards the agent so the remote host can use your keys; only forward to trusted hosts.