How it works?

  1. Local creates public_key ( & private_key (id_rsa).
  2. Only private_key can understand public_key.
  3. Remote sends messages encrypted based on public_key.
  4. Local has to use private_key to understand (decrypt) remote’s messages.

Generate a public key

  • Windows: Using below command, if it asks for a location, indicate C:\Users\dinha\.ssh\
  • Linux: /home/thi/.ssh/
     ssh-keygen -t rsa -b 4096 -C "[email protected]"
     # without email
     ssh-keygen -t rsa -f ~/.ssh/id_rsa.home

Multiple ssh keys

  1. Create key with different names, e.g. id_rsa.home,
  2. Add to ~/.ssh/config,
    Host home
    IdentityFile ~/.ssh/id_rsa.home
    User <your home acct>
    Host work
    IdentityFile ~/.ssh/
    User <your work acct>
  3. Add to ssh-agent (don’t need to retype password again)
    eval "$(ssh-agent -s)"
    ssh-add ~/.ssh/id_rsa.home
    ssh-add ~/.ssh/
  4. Don’t forget to clone you repo with git instead of https.

Add public key to remote

Suppose that we wanna connect to a remote host [email protected] from a local machine.

  1. On local machine, copy public key at C:/Users/dinha/.ssh (Windows) and ~/.ssh (Linux) (something like (copy its content).
  2. On remote server (Linux), go to ~/.ssh, open file authorized_keys by vim authorized_keys
    1. Be carefull, you can modify the current keys!
    2. Go to the end of this file (by W)
    3. Press I to enter to the editing mode, press Enter for a new line.
    4. Using mouse to copy/paste the key in the 1st step (on your local machine).
    5. Note that, each key stays in a separated line.
    6. ESC and then type :wq to quick and save.
    7. Try to connect again!


ssh [email protected]_host
ssh [email protected]_host -p remote_port
ssh -V
scp local_file [email protected]:/var/tmp/
scp [email protected]:/usr/local/bin/ .
# pass inside the command
sudo apt-get install sshpass
sshpass -p your_password ssh [email protected]

Command line parameters

ssh -C # use data compression

Usage: Access jupyter notebooks from remote server on local machine.

Below are some popular commands[ref] :

# check the full list
man ssh
# exit background running
netstat -lepunt

# kill a process, e.g. 29231/ssh
kill <pid> # eg. kill 29231


  • -C: use data compression.
  • -f: Requests ssh to go to background just before command execution
  • -L: local port forwarding[ref] .
  • -N: Do not execute a remote command. This is useful for just forwarding ports
  • -p <port>: port to connect.
  • -q: quiet mode.
  • -v: verbose mode.
  • -X: running GUI remote app locally.