SSH (Secure Shell) is the standard protocol for securely connecting to remote servers over an encrypted connection. Beyond basic login, SSH enables tunneling, port forwarding, file transfers via SCP, and running remote commands — making it the backbone of modern DevOps and cloud workflows.
LinuxSSHRemoteSecurityssh user@hostname
user with your username and hostname with the server IP or domain. SSH connects on port 22 by default and prompts for a password if no key is configured.ssh -p 2222 user@hostname
-p to specify a non-standard port. Many hardened servers run SSH on a custom port to reduce automated brute-force attempts against the default port 22. This is a common security practice for public-facing servers.ssh -i ~/.ssh/mykey.pem user@hostname
-i flag specifies a private key file for authentication. AWS EC2, DigitalOcean Droplets, and other cloud providers use key-pair authentication. The private key must have restrictive permissions: chmod 600 mykey.pem.ssh user@hostname 'ls -la /var/www && df -h'
scp localfile.txt user@hostname:/remote/path/
scp user@hostname:/remote/file.txt ./
./ saves it in the current local directory. Useful for retrieving logs, database exports, or generated reports from production servers.scp -r ./localdir user@hostname:/remote/path/
-r flag copies directories recursively including all subdirectories and files. For large or frequently synced directories, rsync -avz is more efficient as it only transfers changed files.ssh -L 8080:localhost:80 user@hostname
http://localhost:8080 in your browser to reach the remote service. Essential for accessing databases, admin panels, or web apps behind a firewall.ssh -fN -L 5432:localhost:5432 user@hostname
-f sends SSH to the background after authentication. -N tells SSH not to execute a remote command (port forwarding only). This creates a persistent tunnel to a remote PostgreSQL database without occupying a terminal session.ssh-copy-id user@hostname
ssh-copy-id isn't available: cat ~/.ssh/id_rsa.pub | ssh user@host 'cat >> ~/.ssh/authorized_keys'.ssh-keygen -t ed25519.ssh-copy-id user@hostname.ssh user@hostname for passwordless key-based login.~/.ssh/config with Host aliases to avoid typing long options.SSH is the protocol for remote terminal access and command execution. SCP (Secure Copy) is a utility built on SSH specifically for transferring files. Both use the same authentication and encryption, so your SSH keys work for SCP automatically with no extra setup.
This usually means the server doesn't have your public key, or local key permissions are wrong. Verify your public key is in ~/.ssh/authorized_keys on the server. Locally, ensure the private key has permissions of 600: chmod 600 ~/.ssh/id_rsa.
Add entries to ~/.ssh/config: Host myserver / HostName 1.2.3.4 / User ubuntu / IdentityFile ~/.ssh/mykey.pem. Then connect with just ssh myserver instead of specifying all options each time.