Glossary

SSH

SSH (Secure Shell) is a cryptographic network protocol for securely connecting to remote computers, enabling remote command execution, file transfer (SCP/SFTP), and encrypted tunneling over an unsecured network.

Explanation

SSH uses public-key cryptography for authentication and symmetric encryption for the data channel. You generate a key pair (private key at ~/.ssh/id_ed25519, public key at ~/.ssh/id_ed25519.pub). Copy the public key to the server's ~/.ssh/authorized_keys. When connecting, you prove you have the private key without transmitting it — the server sends a challenge encrypted with your public key; you decrypt it with your private key. Passwords can be brute-forced; key pairs cannot. Common SSH uses: remote server administration (ssh ubuntu@server.com), secure file transfer (scp file.txt server:/path/ or sftp), Git remote access (GitHub uses SSH for repo access), SSH tunneling (ssh -L 5432:localhost:5432 server — forward a remote database to your local machine), and CI/CD pipelines (GitHub Actions SSHes into servers to deploy). The ~/.ssh/config file simplifies SSH by naming hosts: instead of ssh -i ~/.ssh/key.pem ec2-user@203.0.113.1 -p 22, configure Host myserver and run ssh myserver. Key security practices: disable password authentication (PasswordAuthentication no in /etc/ssh/sshd_config), disable root login (PermitRootLogin no), use ed25519 keys (more secure and smaller than RSA), and always protect private keys with a passphrase.

Code Example

bash 
# Generate an SSH key pair (ed25519 is the modern standard)
ssh-keygen -t ed25519 -C 'your-email@example.com'
# Creates: ~/.ssh/id_ed25519 (private) and ~/.ssh/id_ed25519.pub (public)

# Copy public key to server
ssh-copy-id -i ~/.ssh/id_ed25519.pub ubuntu@server.com

# ~/.ssh/config — name your servers
Host myserver
    HostName 203.0.113.1
    User     ubuntu
    IdentityFile ~/.ssh/id_ed25519
    Port     22

Host staging
    HostName staging.myapp.com
    User     deploy
    IdentityFile ~/.ssh/deploy-key

# Now just: ssh myserver

# SSH tunnel: access remote PostgreSQL locally
ssh -L 5432:localhost:5432 myserver -N
# Connect to localhost:5432 — it routes to server's PostgreSQL

# Secure /etc/ssh/sshd_config settings
# PasswordAuthentication no   (force key auth only)
# PermitRootLogin no           (no direct root access)
# MaxAuthTries 3               (limit brute force attempts)

Why It Matters for Engineers

SSH is how you interact with production servers. Understanding key-based authentication, SSH config files, and tunneling makes you self-sufficient with server administration — a skill relevant for any role that touches production infrastructure. SSH security configuration is also directly tied to server security. Servers with password authentication enabled are targeted by automated brute-force bots constantly. Disabling password auth and requiring key-based auth is one of the highest-impact server hardening steps you can take.

Related Terms

Git · CI/CD · Environment Variable · Docker

Learn This In Practice

Go deeper with the full module on Beyond Vibe Code.

DevOps Fundamentals → →