Secure command-line login

User ID:

The ssh program (secure shell) is now the standard tool for remote command-line access to Linux and other systems. Free ssh clients are available for all platforms:

Linux, and other Unix-like systems
The OpenSSH suite is available for Linux, *BSD, and other Unix-derived systems, and is typically installed by default.
There are several free and commercial clients available for Windows. We recommend PuTTY.
OpenSSH is available for OS X, and is usually installed by default.
One option is ConnectBot.

Remote login

On Linux, and Unix-like systems, you can use ssh for remote login, whether it's to a dedicated server, a virtual server, or a shell account. Specify your username on the remote server, followed by @, followed by the full domain name of the server you are logging into:

ssh username@server

File copying

Often you will need to copy files to or from one of our systems, for example, when you are uploading a website to a hosting server. The scp command is a simple command-line file copier, modelled after the cp command.

A friendlier option is sftp, with which you can interactively examine the remote filesystem, move around it, and copy files in both directions. It is modelled on the old ftp program. There are also GUI versions available.

You can even use the sshfs file system to map a remote file system into your local namespace using the SSH protocol to provide secure communication. Details are beyond the scope of this tutorial.


Whichever program you are using to connect, it will use the underlying SSH protocol to authenticate you to the remote system. Initially this is likely to be using a password. This is secure, since the password is only ever sent encrypted, but it is not always convenient.

You can create a public key pair to make logging in more convenient. Use the ssh-keygen command to create the key pair; protect it with a passphrase; and then upload the public half of the key to the remote server. This is normally to the file ~/.ssh/authorized_keys, although some of our services have alternative arrangements for uploading the key.

Once your public key has been correctly installed on the remote server, you will need to supply your passphrase when you log in, to decrypt the private half of the key. However, you normally only need to do this once per session, as your desktop environment (or failing that, ssh-agent) will arrange to securely store the private key.

Other protocols

We do not allow login access using any of the insecure forerunners of ssh (such as telnet or rsh). The protocols used by these programs require you to send your password in-the-clear over the network, leaving it open to password sniffers. There is no need to ever use them, given the widespread availability of free ssh clients.

We do still permit plain ftp, but this has the same issue that it sends unecrypted passwords across the network. We strongly advise you to use sftp instead. If you must use ftp, try not to use it on an insecure network, such as at an Internet café.