Close Menu

    How To Use The SSH Login Command

    WillieBy Updated:No Comments6 Mins Read

    The SSH login command lets you open an encrypted shell session on a remote machine over any network. It replaced older, insecure protocols like Telnet and rlogin and has been the standard for remote server access for over two decades. This guide covers the exact syntax, platform-specific steps, key-based authentication, and the flags you’ll actually use day to day.

    SSH Login Command Syntax

    The base syntax is straightforward. You pass a username and a host — either a domain name or an IP address — separated by @:

    ssh username@hostname_or_ip

    SSH defaults to TCP port 22. If the remote server runs on a different port, add the -p flag. For the full list of accepted flags, the full ssh command reference on commandlinux.com covers every option in detail.

    Once connected, your terminal prompt changes to reflect the remote machine. Everything you type after that runs on the server, not your local system.

    What You Need Before Connecting

    Before the ssh login command works, a few things have to be in place:

    RequirementDetails
    OpenSSH clientPre-installed on Linux, macOS, and Windows 10+
    Server running sshdThe remote machine needs the OpenSSH daemon active
    Network accessPort 22 (or the configured port) must be reachable
    Valid credentialsA username with either a password or an SSH key pair

    The remote side runs sshd, the OpenSSH daemon. For its configuration options and behavior, the sshd daemon documentation explains every directive in /etc/ssh/sshd_config.

    How to Use the SSH Login Command on Linux

    Linux ships with an SSH client. Open a terminal and run:

    ssh [email protected]

    The first time you connect to a host, SSH displays the server’s fingerprint and asks you to confirm. Type yes. The fingerprint gets saved to ~/.ssh/known_hosts and future connections skip this step.

    After that, enter your password when prompted. There’s no visual feedback — the cursor won’t move — but keystrokes are being captured. Press Enter when done.

    To end the session, type exit or press Ctrl+D.

    How to Use the SSH Login Command on Windows

    Windows 10 and later include OpenSSH by default. Open Command Prompt or PowerShell and run the same command:

    ssh username@server_ip

    If the client isn’t available, go to Settings → Apps → Optional Features and install “OpenSSH Client.” Alternatively, PuTTY provides a GUI-based option for older Windows versions.

    Windows Subsystem for Linux (WSL2) also gives you a native Linux environment, which brings OpenSSH along with it.

    SSH Key-Based Authentication

    Passwords work, but SSH keys are faster and more secure. The approach uses a key pair — a private key that stays on your machine and a public key that gets placed on the server.

    Authentication Method — Security Comparison
    SSH Key (Ed25519)
    96%
    96/100
    SSH Key (RSA 4096)
    91%
    91/100
    Password + 2FA
    72%
    72/100
    Password only
    38%
    38/100

    Security scores based on resistance to brute-force, credential reuse, and man-in-the-middle attacks.

    Generating SSH Keys

    Run ssh-keygen to create a key pair. Ed25519 is the current recommendation:

    ssh-keygen -t ed25519 -C "[email protected]"

    The command asks where to save the keys (default: ~/.ssh/id_ed25519) and lets you set an optional passphrase. The ssh-keygen man page documents all key types and generation options.

    Copying the Public Key to the Server

    Use ssh-copy-id to install the public key on the remote host:

    ssh-copy-id username@server_ip

    This appends your public key to the server’s ~/.ssh/authorized_keys file. After that, the ssh login command authenticates via key automatically. The complete behavior of this utility is documented in the ssh-copy-id manual.

    Once keys are working, disable password authentication in /etc/ssh/sshd_config by setting PasswordAuthentication no. This blocks brute-force attempts entirely.

    Common SSH Login Command Options

    Connecting on a Custom Port

    If the server runs SSH on port 2222 instead of the default:

    ssh -p 2222 username@server_ip

    Using a Specific Identity File

    When you have multiple keys, specify which one to use with -i:

    ssh -i ~/.ssh/id_project username@server_ip

    You can also load keys into ssh-agent so you don’t have to type the passphrase on every connection. The ssh-add reference explains how to manage identities in the agent.

    Running a Remote Command Without Opening a Shell

    Append a command to run it on the server and return output to your local terminal:

    ssh username@server_ip 'df -h'

    The session closes as soon as the command finishes. This is useful for one-off tasks or scripts.

    SSH Tunneling with Port Forwarding

    Local port forwarding lets you route traffic from your machine through the SSH connection to a remote service:

    ssh -L 8080:localhost:3306 username@server_ip

    This forwards local port 8080 to port 3306 on the server — handy for accessing a remote database without exposing it publicly.

    SSH Command Flags — Quick Reference
    FlagPurposeExample
    -pCustom portssh -p 2222 user@host
    -iIdentity filessh -i ~/.ssh/key user@host
    -LLocal port forwardingssh -L 8080:localhost:80 user@host
    -vVerbose / debug outputssh -v user@host
    -NNo remote command (tunnel only)ssh -N -L 9000:localhost:9000 user@host
    -tForce pseudo-terminalssh -t user@host sudo su

    Troubleshooting SSH Login Issues

    If the connection fails, run with -v for verbose output. It shows each handshake step and usually pinpoints the problem — wrong port, key not found, or a permission error on ~/.ssh.

    Permission errors are common. SSH refuses to use keys if file permissions are too open. Set them correctly:

    chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_ed25519
chmod 644 ~/.ssh/id_ed25519.pub

    If root login fails, check whether PermitRootLogin is set to no in /etc/ssh/sshd_config on the server. Most distributions disable it by default as a security measure.

    Connection timeouts often come from a firewall blocking port 22. Confirm the port is open on the server side with ss -tlnp | grep 22, then check any cloud firewall or security group rules that might be filtering the traffic.

    FAQs

    What is the basic SSH login command syntax?
    The syntax is ssh username@hostname. Replace username with your remote account name and hostname with the server’s IP or domain. SSH connects on port 22 by default.

    How do I use the SSH login command with a different port?
    Add the -p flag: ssh -p 2222 username@server_ip. Replace 2222 with the actual port the remote sshd is configured to listen on.

    How do I SSH login without a password?
    Generate an SSH key pair with ssh-keygen, copy the public key to the server using ssh-copy-id username@server_ip, then connect normally. SSH authenticates via the key automatically.

    Why is my SSH login command connection refused?
    “Connection refused” means either sshd isn’t running on the server, the port is wrong, or a firewall is blocking access. Verify the daemon is active and the port is open.

    Can I use the SSH login command on Windows?
    Yes. Windows 10 and later include OpenSSH by default. Open PowerShell or Command Prompt and run ssh username@server_ip exactly as you would on Linux.

    Willie has over 15 years of experience in Linux system administration and DevOps. After managing infrastructure for startups and enterprises alike, he founded Command Linux to share the practical knowledge he wished he had when starting out. He oversees content strategy and contributes guides on server management, automation, and security.

    Related Posts