SSH everyhwere

Notes published the
4 - 5 minutes to read, 1036 words
Categories: scripting shell
Keywords: bash powershell scripting sh shell ssh

Just a couple of notes on why I prefer ssh over other protocols, and how to configure it.

Avoid passwords, use keys

It makes it easier to automate jobs (like copying files in a script) and avoid typing passwords

First, generate the key with ssh-keygen.

Then, add to ~/.ssh/config something like

Host <name of remote>
    HostName <ip or name of machine>
    Port <port to connect>
    User <username>
    IdentityFile <path to generated key>
    #IdentitiesOnly yes

# otherwise ssh tries all keys
Host *
    IdentitiesOnly yes

for copying the public key on the remote machine: ssh-copy-id -i ~/.ssh/mykey <name of remote>.

Notice that because of ~/.ssh/config, we do not need to specify the actual name of the remote (or its IP address), nor the username or port.

Once the public key has been successfully copied, change ~/.ssh/config to

Host <name of remote>
    HostName <ip or name of machine>
    Port <port to connect>
    User <username>
    IdentityFile <path to generated key>
    IdentitiesOnly yes

# otherwise ssh tries all keys
Host *
    IdentitiesOnly yes

In other words: uncomment the first IdentitiesOnly yes.

At last, you should be able to connect with ssh <name of remote> without typing the password. It is possible to use ssh -v <name of remote> to see that ssh tries to use the indicated key.

Use tmux or screen

If the connection is lost, one generally cannot reopen the previous console with the program running.

If all programs are execute from tmux or screen, this is a non-issue.

As using nested tmux or screen session is unpractical, it is recommended to add at least a second modifier for the nested session.

I currently use a function similar to

ssht () {
  ssh -t "$@" "tmux new-session -A -s ssh_session\; set-option -g prefix2 C-a"

This way, by typing ssht remote, when I’m connecting to remote, I’ll be presented to the already existent or newly created if not existent session ssh_session. Also tmux session on the remote will use both Ctrl+a and Ctrl+b as prefix modifier (unless configured otherwise). Thus when using nested tmux session (one on the remote, the other on the host) Ctrl+b is used for controlling the tmux session on the host, Ctrl+a for controlling the session on the remote.


VirtualBox makes it easy to open a connection between the host and guest operating system.

Under Settings, if the connection is NAT, add something similar to port forwarding

name| protocol | host ip   | host port | guest ip | guest port
ssh | tcp      | | 2222      |          | 22

It is possible to also add those setting from the command line

vboxmanage modifyvm <name of vm> --natpf1 "ssh,tcp,,2222,,22"

22 is the default port on the guest for ssh, while 2222 is an unused port on the host. A possible ~/.ssh/config on the host could then look like

Host vdebian
    Port 2222
    User debian
    IdentityFile ~/.ssh/id_rsa_vdebian
    IdentitiesOnly yes

Starting the virtual machine and connecting (omit the first command if the VM is already running) is just vboxmanage startvm vdebian --type headless && ssh vdebian.

Note that if you want to reach the virtual machine with ssh, then you should leave the host ip empty:

vboxmanage modifyvm <name of vm> --natpf1 "ssh,tcp,,2222,,22"


Windows uses by default other protocols for connecting to remote machines. ssh is only recently (since Windows 10) a first-class citizen, thus it is not as ubiquitous as ssh on other systems.

Native ssh

To install and configure ssh, follow the official documentation:

# query if OpenSSH is available, and which versions
Get-WindowsCapability -Online | Where-Object Name -like 'OpenSSH*'

# suppose output is similar top
#  Name  : OpenSSH.Client~~~~
#  State : Installed
#  Name  : OpenSSH.Server~~~~
#  State : NotPresent

# install client
Add-WindowsCapability -Online -Name OpenSSH.Client~~~~

# install server
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~

# Start the sshd service
Start-Service sshd

# start service automatically
Set-Service -Name sshd -StartupType 'Automatic'

Notice that ssh-copy-id won’t work for deploying keys, so it needs to be done manually

# note: because the default shell is cmd, use \ instead of / for representing a PATH
ssh <win remote> mkdir 'C:\Users\username\.ssh';
scp <public key> <win remote>:'C:\Users\username\.ssh\authorized_keys';

The default shell is cmd, which is…​ let’s change the default ssh shell at least to PowerShell. I could not find any user-specific settings, only a global one.

ssh <win remote> reg add 'HKLM\SOFTWARE\OpenSSH' /v DefaultShell /t REG_SZ /d 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe'

In case your user is also an administrator, you might want to give a look at this (unfortunately closed) issue. The Windows openssh port has some non-standard behaviour, the TLDR is to comment following lines from C:/ProgramData/ssh/sshd_config out

Match Group administrators
       AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys


The main advantage compared to the integrated ssh, is that Cygwin comes with a bash shell, and thus a more familiar environment (tmux and screen included).

Download the setup from the Cygwin website, and execute it as administrator. While installing Cygwin, remember to select the openssh and cygrunsrv packages.

Once the installation has finished, open a Cygwin terminal as administrator(!), and execute ssh-host-config. An interactive setup will ask some basic questions about how to configure the service.

Afterward, I needed to add a new firewall rule

New-NetFirewallRule -Name 'Cygwin-sshd' -DisplayName 'Cygwin-sshd' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22

Contrary to the integrated windows ssh package, with Cygwin it is possible to deploy the key with ssh-copy-id:

ssh-copy-id -i <key> <win remote>


The most profitable way to use ssh on Android is by using Termux (updated versions are available on F-Droid). For security reasons, connecting with a password is disabled. This is generally a good thing, but also means that ssh-copy-id will not work for deploying the first public key. It needs to be added manually to ~/.ssh/authorized_keys.

GNU/Linux distributions

If not available, install the ssh package provided by your distribution. Everything should work out of the box.

Do you want to share your opinion? Or is there an error, some parts that are not clear enough?

You can contact me anytime.