How to Connect to a Remote Server via SSH from Windows, Linux, or Mac

Introduction

SSH (Secure Shell) is a cryptographic protocol for securely connecting to a remote server
over an unsecured network. It is essential for managing remote systems, networking, and
communicating with remote servers.
The protocol provides a secure connection between a client and a server. It enables managing
other computers, transferring files, and executing commands on a remote machine.
This guide explains how to SSH to a remote server from Windows, Linux, or Mac.

Prerequisites
 Active network connection on a remote computer.
 The IP address or the name of the remote machine.
 Permission to access the remote computer.
 Firewall settings to allow SSH connections.

What Is SSH?

Secure Shell, sometimes called Secure Socket Shell, is a protocol that allows you to
securely connect to a remote computer or a server using a text-based interface.
When a secure SSH connection is established, a shell session starts. It enables manipulating
the server by typing commands using the client on your local computer.
System and network administrators use this protocol to manage remote servers and machines.
Anyone who requires managing a computer remotely in a highly secure manner uses SSH.
Note: SSH and SFTP protocols are frequently conflated, but have unique and distinct roles.
Learn about the similarities and differences between SSH and SFTP.

How Does SSH Work?

Both the client and server participate in establishing a secure SSH communication channel.
Creating an SSH connection relies on the following components and steps:
 Client-side component. A client-side component is an application or program used to
connect to another machine. The client uses remote host information to initiate the
connection. If the credentials are verified, the program establishes an encrypted
connection.
 Server-side component. On the server's side, an SSH daemon constantly listens to a
specific TCP/IP port (the default SSH port number is 22) for possible client
connection requests. Once a client initiates a connection through the defined port, the
SSH daemon responds with the software and the protocol versions it supports. The
default protocol version for SSH communication is version two, while version one is
deprecated.
 Authentication. When establishing a connection, the client provides identification data
to the server (as a username/password, key pairs, or multi-factor authentication). If the
provided information is correct, SSH creates a new encrypted communication session.
Note: For more details, check out our comprehensive guide on how SSH works.

How to Enable SSH Connection

Since creating an SSH connection requires both a client and a server component, ensure they
are installed on the local and remote servers. The sections below demonstrate how to install a
client-side and server-side component depending on the OS.
Install SSH Component on Mac
macOS typically has an SSH client preinstalled. Open the terminal and check with the
following command:
ssh -V

The command shows the installed SSH version. To use a third-party SSH application, such as
OpenSSH, use the following Homebrew command:
brew install openssh

Note: If you don't have Homebrew installed, check out our guide on how to install
Homebrew on Mac.

The installation allows managing a separate version from the system's default SSH
component. Alternatively, install PuTTY on macOS to use a GUI-based SSH client.
To enable SSH server remote login on a macOS, do the following:
1. Go to System Settings.
2. Click General in the left menu.
3. Locate and open Sharing.

4. Enable Remote Login to allow SSH access to the device.

Install SSH Component on Linux
Some Linux distributions do not have an SSH component installed by default. Typical
solutions are installing OpenSSH or a GUI solution, such as the PuTTY client for Ubuntu.
To install the OpenSSH client and server component, use your system's default package
manager:
1. Access the command line and enter the installation command for your distribution:
Distribution Command to Install SSH Client and Server
Debian/Ubuntu sudo apt install openssh-client openssh-server
Fedora/RHEL sudo dnf install openssh-clients openssh-server
Arch Linux sudo pacman -S openssh
openSUSE sudo zypper install openssh
Alpine Linux sudo apk add openssh-client openssh
2. The SSH service (sshd) starts automatically after installing the components. To check if the
service is running, enter the following command:
systemctl status sshd

If the service is not running, start it manually with:

sudo systemctl start sshd
The command does not produce output if the service starts successfully.
3. Enable the sshd service to start automatically on boot:
sudo systemctl enable sshd
The sshd service is now configured to start whenever the system boots.
Note: On some systems, sshd may be an alias, and the commands above might not work. In
such cases, replace sshd with ssh in the commands.

Install SSH Component on Windows

Many Windows users prefer to use GUI-based clients, like PuTTY, to establish remote
connections via SSH. If this is your preference, refer to this short guide on installing PuTTY
for Windows.
Note: PuTTY is a dependable terminal emulator, but many PuTTY alternatives offer a
broader range of features.
Windows 10 and later versions include a native OpenSSH app. However, users who prefer to
use Command Prompt or PowerShell to establish SSH connections may need to manually
enable the native OpenSSH client on Windows.
To enable SSH on Windows:
1. Type Add an optional feature in the Windows search bar and press Enter to access the
Optional features menu.

2. Click Add a feature.

3. Search for and install the OpenSSH app.

Enabling this setting allows you to run Windows Command Prompt or PowerShell SSH
commands.
Note: The Windows Subsystem for Linux (WSL2) is becoming a popular alternative for
managing Windows systems. It allows you to run a full Linux environment on Windows,
which includes native SSH tools.
How to Connect via SSH
After installing and setting up the SSH client and server on each machine, you can establish a
secure remote connection. To connect to a server using your credentials, do the following:
1. Open the command line/terminal window and run the following ssh command:
ssh [username]@[host_ip_address]
Provide the username and host IP address. If the username is the same as the local machine,
omit the username from the command. To test if SSH is installed correctly, try creating an
SSH connection to localhost.
2. When connecting to the server for the first time, a message appears asking to confirm the
connection. Type yes and press Enter to confirm the remote server identification on the local
machine.
3. Provide the password when prompted and press Enter. The screen does not display
characters as you are typing.
A digital signature ECDSA key fingerprint helps authenticate the machine and establishes a
connection to the remote server.
If the computer you are trying to connect to is on the same network, then it is best to use a
private IP address instead of a public IP address.
Note: Learn about the differences between a private and public IP address and the roles of
each.
Additionally, ensure the correct TCP port listens for connection requests, and that port
forwarding settings are correct. The default port number is 22 unless the configuration has
been changed. You may also append the port number after the host IP address.
When using a port number, the following two examples are valid:
ssh [username]@[host_ip_address]:[port]
ssh [username]@[host_ip_address] -p [port]
If there are any issues connecting to the remote server, make sure that:
 The IP address of the remote machine is correct.
 The port the SSH daemon is listening to is not blocked by a firewall or forwarded
incorrectly.
 The username and password are correct.
 The SSH software is installed correctly.
Note: If SSH responds with a message "Connection refused", please refer to our article How
to Fix The SSH "Connection Refused" Error for possible reasons and solutions.
Securing an SSH Connection to a Remote Server
After establishing an SSH connection, you need to take additional steps to improve SSH
security. Leaving default values unchanged makes your server vulnerable to attacks. Some of
the suggested steps require editing the SSH configuration file.
Below is a list of practical steps to secure the SSH connection:
 Change the default TCP listening port. Instead of using default port 22, select a high,
random port number. Avoid using easy-to-guess numbers, such as 222, 2222, or
22222, as attackers often target these. After changing the port number, ensure it is
open in your firewall settings.
 Use SSH key pairs for authentication. Key-based authentication is safer than
password authentication. It allows passwordless logins with an SSH key pair, which is
more secure and convenient, especially if you want to automate remote tasks.
  Disable password-based logins. If you have set up passwordless SSH logins and
verified they work, turn off password access to prevent attackers from using a
compromised password to log in to your system.
 Disable root access. Removing default root access on your server makes it harder for
attackers to target the root account. Use a regular account with the su - command to
switch to a root user when elevated privileges are required.
 Use TCP wrappers. TCP wrappers allow you to restrict access to specific IP
addresses or hostnames manually. By editing the /etc/hosts.allow and /etc/hosts.deny
files, you can configure which host can connect to the server. Settings in the
/etc/hosts.allow file take precedence over those in /etc/hosts.deny, which means you
can block entire IP ranges while granting access to individual addresses.
 Employ multilayer security. Use advanced tools like Fail2Ban to block IPs after
multiple failed login attempts and automate traffic filtering tasks. You can also
implement additional verification tools like MFA to protect SSH administrative and
employee accounts.
Implementing these steps significantly reduces the attack surface of your SSH server.
Securing VNC Using SSH
In a Virtual Network Computing (VNC) environment, it is possible to encrypt connections
using SSH port forwarding (tunneling) via the ssh command or through PuTTY.
To tunnel VNC connections over SSH, run the following command in the terminal or
command line:
ssh -L [local_address]:[local_port]:[VNC_server_address]:[VNC_server_port] -N -f -l
[username] [hostname_or_IP]
The command does the following:
 ssh. Starts the SSH client program on your local machine and enables secure
connection to the SSH server on a remote computer.
 -L [local_address]:[local_port]:[VNC_server_address]:[VNC_server_port].
Forwards the local address and port to the specified VNC server host and port on the
remote machine.
 -N. Forwards ports without executing a remote command.
 -f. Sends SSH to the background after the password is provided. This allows you to
continue typing commands in the local terminal.
 -l [username]. The username for connecting to the SSH server.
 [hostname_or_IP]. The hostname or IP of the SSH server.
You can also connect to a remote server via SSH tunnel using PuTTY. In the PuTTY
configuration window, do the following:
1. Go to Connection -> SSH -> Tunnels.
2. Enter the local port number in the Source port field.
3. Type the VNC server address and port in the Destination field.
4. Click Add to save the tunnel configuration.
5. Select Open to start the SSH session.
6. Connect to your server with a VNC client of your choice.
The VNC connection is now encrypted and secure by tunneling through SSH.
Conclusion
You should now be able to connect to a remote server via SSH. Follow the section for your
operating system to make sure an SSH client is installed correctly.
Next, see how to mount a remote file system using SSH with the SSHFS on Windows and
Linux or SSHFS on macOS.
Was this article helpful?
YesNo
Share on X (Twitter)Share on FacebookShare on LinkedIn
Share on Email
Vladimir Kaplarevic
Vladimir is a resident Tech Writer at phoenixNAP. He has more than 7 years of experience in
implementing e-commerce and online payment solutions with various global IT services
providers. His articles aim to instill a passion for innovative technologies in others by
providing practical advice and using an engaging writing style.
Next you should read
Security SysAdmin
25 Common SSH Commands in Linux With Examples
September 5, 2024

Secure Shell is an important protocol for anyone managing and controlling remote machines.
This guide covers...
Read more
Security SysAdmin
How to Enable SSH on Debian 12
March 20, 2024

If you are using Debian 12 to manage servers, you must ensure that the transfer of data is as...
Read more
Security SysAdmin
How to Generate SSH Keys on Ubuntu
March 7, 2024

Establishing a connection with a remote server without taking the proper security measures
can lead to severe...
Read more
Security SysAdmin Web Servers
How to Enable SSH on Ubuntu
October 3, 2024

When establishing a remote connection between a client and a server, a primary concern is
ensuring a secure...
Read more
     
           RECENT POSTS
  What Is Docker Compose: Definition, Usage, Benefits
 What Is a Reverse DNS Lookup and How Does It Work?
 How to Install Rancher on CentOS and Rocky Linux
 How to Create Sudo User on CentOS and Rocky Linux
 How to Install Vault on CentOS and Rocky Linux
 CATEGORIES
  SysAdmin
 Virtualization
 DevOps and Development
 Security
 Backup and Recovery
 Bare Metal Servers
 Web Servers
 Networking
 Databases
 COLOCATION
  Phoenix
 Ashburn
 Amsterdam
 Atlanta
 Belgrade
 Singapore
 PROMOTIONS
 SERVERS
  Dedicated Servers
 Database Servers
 Virtualization Servers
 High Performance Computing (HPC) Servers
 Dedicated Streaming Servers
 Dedicated Game Servers
 Dedicated Storage Servers
 SQL Server Hosting
 Dedicated Servers in Amsterdam
 Cloud Servers in Europe
 Big Memory Infrastructure
 BUY NOW
 CLOUD SERVICES
  Data Security Cloud
 VPDC
 Managed Private Cloud
 Object Storage
 SERVERS
  Disaster Recovery
 Web Hosting Reseller
 SaaS Hosting
 INDUSTRIES
  Web Hosting Providers
 Legal
 MSPs & VARs
 Media Hosting
 Online Gaming
 SaaS Hosting Solutions
 Ecommerce Hosting Solutions
 COMPLIANCE
  HIPAA Ready Hosting
  PCI Compliant Hosting
 NEEDS
  Disaster Recovery Solutions
 High Availability Solutions
 Cloud Evaluation
 COMPANY
  About Us
 GitHub
 Blog
 RFP Template
 Careers
 CONNECT
  Events
 Press
 Contact Us
 PhoenixNAP Home
 Blog
 Resources
 Glossary
 GitHub
 RFP Template
 Live Chat
 Get a Quote
 Support | 1-855-330-1509
 Sales | 1-877-588-5918

 Contact Us
 Legal
 Privacy Policy
 Terms of Use
 DMCA
 GDPR
 Sitemap
Privacy Center Do not sell or share my personal information
©2024 Copyright phoenixNAP | Global IT Services. All Rights Reserved.