Figure taken from https://www.hostinger.com/tutorials/ssh-tutorial-how-does-ssh-work
SSH is the standard method to log into a remote Linux server. There is an SSH server program running in the remote machine monitoring any connection request from other machines. You can use an SSH client command or an SSH GUI to connect to that server:
$ ssh yourUserName@linux.server.name.or.ip
This is a lot of typing. If you log into the server frequently, you can reduce typing by saving some information in an
ssh configuration file. If you don’t understand the syntax of the command above, please read Linux 101 first.
$ cd # make sure that you are in your home directory $ mkdir .ssh # make a hidden directory called .ssh $ chmod 700 .ssh # make it only visible to yourself $ cd .ssh $ touch config # create an empty configuration file (only needed in MobaXterm) $ open config # works in macOS and MobaXterm, use 'mimeopen config' in Linux
The following is what’s inside of an example
config file that specifies a short nickname, “l”, for server, “linux.server.name.or.ip”.
Host l HostName linux.server.name.or.ip User YourUserName
Now you can log into the Linux server by only typing
$ ssh l
Two popular GUI SSH clients that work on Windows are
The default communication port for
ssh is 22. It is set from the server side. If there is no specific instruction from your server administrator on the port number, it is mostly the default 22, there is no need for you to change it.
$ scp localFile user@server:path/to/remote/copy #copy local file to remote machine $ scp user@server:path/to/remote/file localCopy #copy remote file to local machine $ scp user@server:/absolute/path/to/a/file localCopy #specify full path to a file $ scp user@server:path/relative/to/your/home/directory/file localCopy
MobaXterm in Windows provides a nice side panel that shows files in the current folder in the terminal. One can drag files in and out of it for copying. Mac users may want to try https://cyberduck.io/, or https://filezilla-project.org/, or https://osxfuse.github.io/. Linux users can try SSHFS.
Double click on a remote file shown in the MobaXterm side panel after you
ssh into a remote machine, the file will be open in the
MobaTextEditor. When you save your modification of the file, the updated version will be uploaded to the remote machine automatically. The same method works in Cyberduck and Filezilla.
Normally, a GUI SSH client can save your password to the server so that you don’t have to type it next time. This can also be achieved in the command line through a file called
~/.netrc. You can save your connection information (including the password) in this file:
$ touch ~/.netrc $ chmod 600 ~/.netrc # hide it from others $ open ~/.netrc # edit it, put the following into it: machine remote.server.name.or.ip login username password sZ\#Je/j@3
Your password is saved as it is in
~/.netrc. A better way is to use SSH keys. The basic idea is that you generate a pair of keys, one is private, one is public. You upload the public one to the server and keep the private one secretly in your
~/.ssh. Next time, when you log into the server, if the two keys match, you will be logged in without typing in your password.
We can edit remote files using local editors as we described in the previous section. We can also use remote editors to edit remote files. Many editors can work inside a terminal, others create their own GUI, which have to be displayed in a X Window server.
$ ssh -X user@server # enable forwarding X connections through ssh $ gedit remoteFile & # edit a remote file using a remote editor
To avoid typing
-X every time, you can add the following line to your existing
There are two problems in using X-window. First, it is slow. Second, there is no free X-window server in iOS. We need VNC to overcome these problems.
You can establish an VNC server in your remote machine following the steps below:
First, you need create a password for your VNC session using the following command:
The password will be saved automatically in
to start an VNC session. The command may also create
xstartup, a log file and a file containing the process id of the VNC session in
~/.vnc/. The VNC server will create an X Window server at the remote machine with a unique X DISPLAY number, which can be figured out by running
$ vncserver -list TigerVNC server sessions: X DISPLAY # PROCESS ID :2 10949
The “:2” (including “:”) is the DISPLAY number. Your VNC session is running at port 5900 + the X DISPLAY number, i.e., 5902 in this concrete example.
Last, you can kill this session by
$ vncserver -kill :2
The X DISPLAY number cannot be ignored.
You can put some commands in
~/.vnc/xstartup, which will be run automatically when the VNC server starts. An example
xstartup file would contain something like:
xterm # a terminal running in X Window
RealVNC provides viewers for most operating systems. MobaXterm includes a VNC client as well:
These GUI programs provide intuitive interfaces to setup your VNC connection. If there is no space for you to specify the port, you can attach it to the end of the remote machine name:
The port number must match the port number of your VNC server session.
The problem is that an VNC port (590x) is normally not allowed to accept connections from other machines. We need
ssh to be the middle man who forwards the connection request to that port through its encrypted connection line, which is called a tunnel. So ssh port forwarding is also called ssh tunneling. You can learn more about it at ssh.com and help.ubuntu.com. I personally like the explanation on stackexchange most.
The following command forwards
server.ip.address:5902 to port 56783 in your own PC:
$ ssh -L 56783:127.0.0.1:5902 server.ip.address
The port number
56783 is chosen randomly. But there are some general suggestions on the right range of this number. The IP address
127.0.0.1 is called the loopback address. It is an address pointing to the machine itself, or the so-called
localhost. In this example,
127.0.0.1 represents the same machine as
Port forwarding can also be specified in the ssh config file:
LocalForward 56783 127.0.0.1:5902
After this, you need to make an
ssh connection to the server to establish this tunnel. Now when you connect to port 56783 in your own machine, you are actually connected to port 5902 in the remote machine. Since the sole purpose of this connection is to establish the tunnel instead of doing any real work on your remote machine, you can turn on a few options of
$ ssh -fNT server.ip.address # run ssh in the background
man ssh to understand these options. To terminate a tunnel running in the background, use
$ pgrep ssh # find the process id of the running ssh tunnel $ kill -9 pid # replace pid with the real process id given by the previous command
There is an alternative to ssh port forwarding if you use MobaXterm’s VNC session setting:
The CLI version of this method can be found in Gentoo wiki.
When you establish a connection to the VNC session running on your remote machine through either ssh tunneling or jump host, you will be asked to type in the password you set for your VNC session using the
vncpasswd command as mentioned in the previous session. After that, you should be able to see a terminal which does not even have a title bar to drag around. You need a type of programs called X window managers to achieve this simple action. Please refer to wikipedia for more information about the X window manager. Run one of the following commands in the terminal that you see in your VNC session to use one of the many X window managers: