SSH & working remotely
Key takeaways
SSH (Secure Shell) gives you an encrypted shell on another machine over the
network — the normal way to run a server or a headless Raspberry Pi you never
plug a monitor into. Log in with ssh user@host, then use the remote shell just
like your own. Prefer key-based auth over passwords: it’s both safer and
silent once set up. Move files with scp for quick copies and rsync for
syncing directories. Closing the connection kills your foreground programs, so
run long jobs as a service or inside tmux.
Everything you’ve learned about the command line so far assumed you were typing at the machine in front of you. SSH lifts that restriction: the same shell, the same commands, but on a computer across the room or across the world. It’s how nearly every server and single-board computer is run.
Logging in — ssh
To open a session on another machine, give SSH a username and a hostname (or IP address):
$ ssh alice@192.168.1.50
The first time you connect to a machine, SSH shows its host key and asks you to confirm:
The authenticity of host '192.168.1.50' can't be established.
ED25519 key fingerprint is SHA256:Xh8k...9pQ.
Are you sure you want to continue connecting (yes/no/[fingerprint])?
This is SSH proving the remote machine is who it claims to be. Type yes and the
key is remembered, so you won’t be asked again unless it changes. After you
authenticate, you land in a normal shell on the remote machine — your prompt
changes to show its hostname, and every command you run now runs there.
Keys beat passwords
You can log in with the remote account’s password, but a far better way is an
SSH key pair. A key pair has two halves: a private key that never leaves
your machine, and a public key you install on the machines you want to reach.
Generate one with ssh-keygen:
$ ssh-keygen -t ed25519 -C "you@example.com"
Then copy the public half to the remote machine — ssh-copy-id does this for
you and appends it to the right file:
$ ssh-copy-id alice@192.168.1.50
From then on, ssh alice@192.168.1.50 logs you in silently, with nothing to
type. Key-based login is both more secure — there’s no password to guess, phish,
or leak — and more convenient. If you’ve already set up
SSH keys for Git, these are the same keys; you
can reuse them here.
Copying files
Two tools move files over the same SSH connection. Use scp (“secure copy”)
for a quick, one-off transfer — the syntax mirrors cp, with user@host: in
front of the remote path:
$ scp report.txt alice@192.168.1.50:/home/alice/ # local -> remote
$ scp alice@192.168.1.50:/var/log/app.log ./ # remote -> local
Use rsync to sync whole directories efficiently. It transfers only the parts that changed, so re-running it to update a large folder is fast:
$ rsync -av ./captures/ alice@192.168.1.50:/home/alice/captures/
The trailing slashes matter to rsync — they mean “the contents of this directory.” Reach for scp when copying a file or two, and rsync when keeping directories in step.
Running commands & staying connected
You don’t have to open an interactive session to run one command. Put the command in quotes after the host and SSH runs it, prints the output, and exits:
$ ssh alice@192.168.1.50 "uptime"
14:22:05 up 6 days, 3:41, 1 user, load average: 0.08, 0.04, 0.01
Typing full user@host addresses gets old fast. A ~/.ssh/config file lets you
define short aliases:
Host pi
HostName 192.168.1.50
User alice
Now ssh pi is enough. One catch: a program you start in the foreground over
SSH is tied to that session, so closing the connection kills it. For anything
long-running, detach it from the session — run it as a
systemd service, or start it inside a
terminal multiplexer like tmux or screen, which keeps
the process alive after you disconnect and lets you
reattach later.
Managing a headless machine
A headless machine — a Raspberry Pi or server with no monitor, keyboard, or mouse — is administered entirely over SSH. You flash its storage, put it on the network, and from then on every configuration change, update, and log check happens through an SSH session from your laptop. This is the everyday reality of running a single-board computer or a home server.
It’s also exactly how you’d run GopherTrunk on a Linux box: SSH in, start it as a service so it survives your disconnect, and check on it remotely whenever you like. No monitor ever gets plugged in.
Quick check: what's more secure than a password for SSH login?
Recap
- SSH gives you an encrypted shell on another machine;
ssh user@hostlogs you in, and the first connection asks you to confirm the host key. - Once in, you have a normal shell on the remote machine — every command runs there.
- Prefer key-based auth:
ssh-keygento make a key,ssh-copy-idto install the public half. Safer and silent — the same keys you may use for Git. - Copy files with scp for one-offs and rsync for efficient directory syncs.
- Closing the connection kills foreground programs — use a service or tmux for long-running work, and administer headless machines entirely over SSH.
Next up: services & systemd