DevOps Essentials

View on GitHub



ssh – OpenSSH SSH client (remote login program)


ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec] [-D [bind_address:]port] [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11] [-i identity_file] [-J [user@]host[:port]] [-L address] [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port] [-Q query_option] [-R address] [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]] [user@]hostname [command][-w local_tun[:remote_tun]] [user@]hostname [command]


ssh (SSH client) is a program for logging into a remote machine and for executing commands on a remote machine. It is intended to provide secure encrypted communications between two untrusted hosts over an insecure network.

ssh connects and logs into the specified hostname (with optional user name). The user must prove his/her identity to the remote machine using one of several methods (see below).

The options are as follows:


ssh app@

If you want to use a different key file then

ssh -i keyFileName app@


$ ssh -o StrictHostKeyChecking=no app@$newHostname

Port - Specifies the port number to connect on the remote host. The default is 22.

$ ssh -v -o Port=2222 oracle@

To login into remote host with X11 forwarding enabled use the following command. For more details see xclock

localUser@DESKTOP:~$ ssh remoteUser@ -X

Setting up ssh login between local and remote vm


localUser@DESKTOP:~$ uname -a
Linux DESKTOP 4.4.0-18362-Microsoft #1-Microsoft Mon Mar 18 12:02:00 PST 2019 x86_64 x86_64 x86_64 GNU/Linux
localUser@DESKTOP~$ ssh-keygen


remoteUser@test-instance:~$ uname -a
Linux test-instance 4.9.0-11-amd64 #1 SMP Debian 4.9.189-3 (2019-09-02) x86_64 GNU/Linux
remoteUser@test-instance:~$ ssh-keygen

Copy the ~/.ssh/ of localUser to ~/.ssh/authorized_keys of remoteUser with permission 600


remoteUser@test-instance:~/.ssh$ vi authorized_keys
remoteUser@test-instance:~/.ssh$ chmod 600 ~/.ssh/authorized_keys

Try logging in to the remote machine using ssh from the local machine


localUser@DESKTOP:~$ ssh remoteUser@

To login using the bastion server

$ ssh -o ProxyCommand="ssh -i private_key_to_login.pem -W %h:%p" -i private_key_to_login.pem ubuntu@ -vvvvv

To run a command on another machine (like node01) from local (say controlplane)

controlplane $ ssh node01 ifconfig ens3
Warning: Permanently added 'node01,' (ECDSA) to the list of known hosts.
ens3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet  netmask  broadcast
        inet6 fe80::42:acff:fe11:19  prefixlen 64  scopeid 0x20<link>
        ether 02:42:ac:11:00:19  txqueuelen 1000  (Ethernet)
        RX packets 136298  bytes 155301021 (155.3 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 50435  bytes 5498608 (5.4 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0