SSH Basics: How to Log Into a Remote Server Safely

SSH is how you reach a server that lives somewhere else and run commands on it as if you were sitting in front of it. Learn what SSH is, how the connection works, the difference between passwords and keys, and the everyday commands you'll actually use — explained from zero.

Published September 24, 202610 min readBy ACY Partner Indonesia
SSH basics — logging into a remote server securely over an encrypted connection
300 × 250Ad Space AvailablePlace your ad here

At some point, the website or app you’re building stops living on your laptop and moves onto a real server — a machine that’s always online, sitting in a data center you’ll probably never see. That raises an obvious question: if you can’t sit in front of it, how do you actually control it? How do you install software, edit files, restart things, and check what went wrong?

The answer, almost universally, is SSH. It’s the tool that lets you open a terminal on a computer that’s thousands of kilometers away and type commands as if you were right there. Once you understand SSH, a server stops feeling like a distant black box and starts feeling like just another machine you can reach. Let’s build that understanding from the ground up.

What SSH actually is

SSH stands for Secure Shell. Break that into two halves and the whole idea falls into place.

A shell is the program that reads the commands you type and runs them — it’s the thing behind the command-line prompt. When you open a terminal on your own machine, you’re talking to a shell. SSH gives you a shell on a different machine, over the network. You type, the remote computer runs the command, and the output comes back to your screen.

The secure part is just as important. Everything you send over an SSH connection — your commands, your password, the files you transfer, the results that come back — is encrypted. Even if someone is watching the network between you and the server, all they see is scrambled noise. That’s a big deal, because SSH replaced older tools like Telnet that sent everything, passwords included, in plain readable text.

So put simply: SSH is a secure way to log into and control a computer remotely. If you’ve heard people say “ssh into the server,” that’s exactly what they mean — opening one of these encrypted remote sessions.

One protocol, two pieces

SSH describes a protocol — an agreed-upon way for two computers to talk securely. In practice it shows up as two cooperating programs. The SSH client runs on your machine (you start it by typing ssh). The SSH server runs on the remote machine, usually a program called sshd (the “d” is for daemon, a background service). The client connects, the server answers, and the encrypted session begins. Almost every Linux server runs sshd by default, which is why SSH is the standard way in.

How an SSH connection works

You don’t need to memorize the cryptography, but a mental model of what happens when you connect makes everything afterward less mysterious. Here’s the sequence, simplified:

  1. You start the connection. Your client reaches out to the server’s address, on a specific port (SSH uses port 22 by default).
  2. The server proves who it is. The server hands over its host key — a unique fingerprint that identifies this exact server. Your client checks it. The first time you ever connect, you’ll be asked to confirm you trust it.
  3. An encrypted tunnel is set up. The two machines agree on a shared secret using some clever math, and from this point on everything in both directions is scrambled.
  4. You prove who you are. Now the server needs to confirm you’re allowed in — either with a password or, much better, with a key (more on that below).
  5. You get a shell. Authentication passes, and a prompt appears. You’re now typing commands that run on the remote machine.
   YOUR LAPTOP                        REMOTE SERVER
   (ssh client)                       (sshd, port 22)
        │                                   │
        │  1. connect ─────────────────────►│
        │                                   │
        │◄──── 2. "here's my host key" ─────│
        │                                   │
        │═══ 3. encrypted tunnel agreed ════│
        │                                   │
        │  4. "here's who I am" ───────────►│
        │◄──── 5. welcome — here's a shell ─│
        │                                   │
   you type commands  ───────────────────►  they run over there

Every keystroke after that travels through the encrypted tunnel. The experience feels instant and local, but you’re really driving a machine that could be on the other side of the planet.

Connecting: the ssh command

The command itself is refreshingly short. The basic form is:

ssh username@host
  • username is the account you want to log in as on the server (for example jane or deploy).
  • host is where the server lives — either an IP address like 203.0.113.10 or a domain name like srv.acypartner-indonesia.example.

So a real connection might look like this:

ssh jane@203.0.113.10

If the SSH server listens on a non-default port (some are moved off 22 to cut down on automated noise), you tell ssh with -p:

ssh -p 2222 jane@203.0.113.10

The very first time you connect to a new server, you’ll see something like this:

The authenticity of host '203.0.113.10' can't be established.
ED25519 key fingerprint is SHA256:Xy9k...3Qz.
Are you sure you want to continue connecting (yes/no)?

That’s step 2 from earlier — your client showing you the server’s host key and asking if you trust it. Type yes, and the fingerprint gets saved to a file called known_hosts on your machine. From then on, your client quietly checks that the server still matches. If that fingerprint ever changes unexpectedly, SSH will loudly refuse to connect — its way of warning you that something might be impersonating your server.

Don't blindly click through a changed host key

A host key warning that pops up after you’ve connected before is not something to ignore. It usually means the server was rebuilt or reinstalled (innocent), but it can also mean someone is sitting between you and the real server. If you didn’t expect a change, stop and verify with whoever runs the server before you remove the old key and reconnect. The whole point of the host key is to catch exactly this situation.

Passwords vs. SSH keys

When the server asks you to prove who you are, there are two common ways to do it. This is the part beginners most often get wrong, so it’s worth slowing down.

Password authentication

The simplest method: you type the account’s password, the server checks it, and you’re in. It works, and it’s how a lot of people start. But it has real weaknesses. Passwords can be guessed, reused across sites, or worn down by automated bots that hammer servers trying thousands of common ones per minute. A password also has to travel (encrypted, thankfully) on every login.

Key-based authentication

The better way is a key pair — two matching files generated together:

  • A private key that stays on your machine and that you never share with anyone.
  • A public key that you copy onto the server.

When you connect, the two halves prove they belong together using cryptography, without your private key ever leaving your computer. The result: logins that are both more convenient (no password to type each time) and far more secure (a good key is effectively impossible to guess). For any real server, keys are the standard you should aim for.

You generate a key pair once, with:

ssh-keygen -t ed25519 -C "jane@acy-partner-indonesia"

That creates two files in your ~/.ssh/ folder: id_ed25519 (the private key — guard it) and id_ed25519.pub (the public key — safe to share). The -C part is just a comment so you can tell your keys apart later.

Then you copy the public key to the server:

ssh-copy-id jane@203.0.113.10

After that, ssh jane@203.0.113.10 logs you in using the key — no password prompt. Behind the scenes, your public key got added to a file called ~/.ssh/authorized_keys in your account on the server, which is the list of public keys allowed to log in as you.

   YOUR MACHINE                      THE SERVER
 ┌──────────────────┐            ┌──────────────────────┐
 │ id_ed25519       │  private   │ authorized_keys      │
 │  (PRIVATE, stays)│            │  holds your PUBLIC   │
 │ id_ed25519.pub ──┼──copy────► │  key, lets you in    │
 └──────────────────┘            └──────────────────────┘

Treat your private key like a house key

Your private key is the one thing that must never leak. Don’t email it, don’t paste it into a chat, don’t commit it to a Git repository, and don’t copy it onto shared machines. If you want an extra layer, protect it with a passphrase when you create it — then even someone who steals the file can’t use it without that phrase. Losing a private key isn’t a disaster (you just generate a new pair and update the server), but a leaked one is, so handle it carefully.

Doing things once you’re in

After you connect, you’re simply at a Linux prompt — the same kind of shell you’d use locally. If you’ve spent any time with the command line, everything you know applies here, just on the remote machine. You can move around with cd and ls, read and edit files, check running services, and install software.

A few things worth knowing about working over SSH:

  • The prompt usually tells you where you are. Something like jane@srv01:~$ reminds you which user you are (jane) and which machine (srv01). That small detail saves you from accidentally running a command on the wrong server.
  • To leave, type exit (or press Ctrl+D). That closes the session and drops you back to your own machine’s prompt.
  • You can run a single command without a full session. Tack the command onto the end and SSH runs it, returns the output, and disconnects:
ssh jane@203.0.113.10 "uptime"

That’s handy for quick checks or scripts that need to ask a server one thing.

Which account you log in as matters, too. Logging in as a regular user and using elevated privileges only when needed is far safer than logging in as the all-powerful root user for everything. If that distinction is fuzzy, the article on users and groups covers who’s allowed to do what, and file permissions explains why not every account can touch every file.

A small comfort: the SSH config file

Typing ssh -p 2222 jane@203.0.113.10 every time gets old fast. SSH lets you save shortcuts in a file at ~/.ssh/config. Add an entry like this:

Host acy-server
    HostName 203.0.113.10
    User jane
    Port 2222

Now this is all you type:

ssh acy-server

The client looks up acy-server in the config, fills in the address, user, and port for you, and connects. For anyone juggling more than one or two servers, this small file turns a chore into a habit you barely notice.

Why SSH matters

SSH is the front door to nearly every server you’ll ever touch. Deploying a website, fixing a bug in production, reading logs at 2 a.m. to figure out why something broke, transferring files, automating a routine task — almost all of it starts with an SSH connection. It’s not an advanced topic you can put off; it’s day-one, foundational plumbing for anyone working with servers.

It’s also the secure foundation that a lot of other tools quietly build on. File-transfer methods like SCP and SFTP run over SSH, using the same encrypted tunnel and the same keys. Deployment scripts and configuration tools connect through SSH under the hood. Learn it well once, and you’ve unlocked a whole layer of how servers are managed.

Wrapping up

Here’s everything in one place:

  • SSH (Secure Shell) is a secure, encrypted way to log into and control a remote computer’s command line over a network.
  • It’s split into a client (on your machine, the ssh command) and a server (sshd, listening on port 22 by default).
  • Connecting checks the server’s host key (so you know it’s really your server), sets up an encrypted tunnel, then verifies you.
  • You authenticate with a password or, much better, an SSH key pair — a private key you guard and a public key you place on the server.
  • The basic command is ssh username@host; you leave with exit, and an ~/.ssh/config file saves you from retyping connection details.

Once you’re comfortable opening a session, the natural next step is moving files between your machine and the server — copying a build up, pulling a backup down. That’s the job of file transfer over SSH, and the keys you just set up carry straight over to it.

Tags:sshlinuxserverremote-accessbeginner
728 × 90Ad Space AvailablePlace your ad here

Related Articles

See All Articles

You Might Also Like

SSL and encryption at rest — data protected in transit and on disk
Server / Server Security

SSL and Encryption at Rest: Protecting Data Both in Transit and on Disk

Encryption protects your data in two places: while it travels the network (in transit) and while it sits on disk (at rest). Learn the difference, why you need both, how TLS, full-disk encryption, and key management actually fit together, and the practical mistakes to avoid — explained from the.

Nov 9, 202613 min read
Securing ports and services — closing the doors on a server you don't use
Server / Server Security

Securing Ports and Services: Closing the Doors You Don't Use

Every open port on a server is a door someone could try to walk through. Learn what ports and services really are, why an exposed service is your biggest risk, and the simple discipline of closing everything you don't need — explained from the ground up.

Nov 8, 202611 min read
Principle of least privilege — granting only the minimum access each user and process needs
Server / Server Security

The Principle of Least Privilege: Give Everything Only the Access It Truly Needs

Least privilege is the quiet rule behind almost every solid security setup: every user, process, and key gets the minimum access required to do its job, and nothing more. Learn what it means, why it limits the blast radius of any breach, and how to apply it across users, services, files, and keys.

Nov 7, 202613 min read
Fail2ban and intrusion basics — watching logs and automatically banning repeated abusers
Server / Server Security

Fail2ban and Intrusion Basics: Automatically Banning the Bots Hammering Your Server

Attackers don't stop after one failed guess — they keep hammering, thousands of times a day. Learn how intrusion attempts actually look, what fail2ban does, how it watches your logs and bans abusers automatically, and how to set it up sensibly without locking yourself out — explained from zero.

Nov 6, 202613 min read
Keeping software updated — closing known security holes before attackers use them
Server / Server Security

Keeping Software Updated: The Boring Habit That Stops Most Server Breaches

Most servers don't get hacked through clever new attacks — they get hacked through old, known holes that a simple update would have closed. Learn why updates matter, what to update, how to do it safely without breaking things, and how to make it a habit instead of a panic.

Nov 5, 202610 min read
Firewall configuration — a default-deny rule set that opens only the ports you need
Server / Server Security

Firewall Configuration: Setting Up Default-Deny Rules Without Locking Yourself Out

Knowing what a firewall is and actually configuring one well are two different skills. Learn how to write a default-deny rule set, order rules correctly, allow your own access first, handle IPv6 and cloud security groups, and test before you commit — a practical, vendor-neutral guide from zero.

Nov 4, 202615 min read