Recipe 6.1 Logging into a Remote Host

6.1.1 Problem

You want to log into a remote host securely.

6.1.2 Solution

$ ssh -l remoteuser remotehost

For example:

$ ssh -l smith server.example.com

If your local and remote usernames are the same, omit the -l option:

$ ssh server.example.com

6.1.3 Discussion

The client program ssh establishes a secure network connection to a remote machine that's running an SSH server. It authenticates you to the remote machine without transmitting a plaintext password over the network. Data that flows across the connection is encrypted and decrypted transparently.

By default, your login password serves as proof of your identity to the remote machine. SSH supports other authentication methods as we'll see in other recipes. [Recipe 6.4][Recipe 6.8]

Avoid the insecure programs rsh, rlogin, and telnet when communicating with remote hosts.^[1] They do not encrypt your connection, and they transmit your login password across the network in the clear. Even if the local and remote hosts are together behind a firewall, don't trust these programs for communication: do you really want your passwords flying around unencrypted even on your intranet? What if the firewall gets hacked? What if a disgruntled coworker behind the firewall installs a packet sniffer? [Recipe 9.19] Stick with SSH.

^[1] And avoid ftp in favor of scp or sftp for the same reasons. [Recipe 6.3]

6.1.4 See Also

ssh(1). We keep lots of SSH tips at http://www.snailbook.com. The official OpenSSH site is http://www.openssh.com.