Sign in Subscribe
DevOps

Top 10 Ways to Use SSH: A Practical Guide for Everyday DevOps

Mark Allen

4 min read

Secure Shell, SSH, sits at the heart of modern DevOps. You use it to log in, move files, forward ports, run commands remotely, and stitch systems together. Many engineers treat SSH as a simple “remote terminal.” That’s only a fraction of what it can do.

Below are the top ten ways DevOps engineers use SSH in real-world environments.

0. Create an SSH Key (Start Here)

Before you can use SSH, you need a key pair. Think of it as a lock and key , your public key goes on the server, and your private key stays with you.

Generate a new SSH key

ssh-keygen -t ed25519 -C "your_email@example.com"

When prompted:

  • Press Enter to accept the default file location
  • Optionally add a passphrase for extra security

This creates two files:

  • ~/.ssh/id_ed25519 → your private key (never share this)
  • ~/.ssh/id_ed25519.pub → your public key (safe to share)

Add the key to your SSH agent

eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_ed25519

This allows SSH to use your key without re-entering the passphrase each time.

Copy the public key to a server

ssh-copy-id user@server

Or manually copy it:

cat ~/.ssh/id_ed25519.pub

Paste it into the server’s ~/.ssh/authorized_keys file.

Test your connection

ssh user@server

If it connects without asking for a password, you’re good to go.

Why this matters

SSH keys are:

  • More secure than passwords
  • Required for automation
  • Essential for CI/CD and production access

Once this is set up, everything else becomes smoother.

1. Remote Login (The Classic Use-Case)

SSH gives you secure access to servers. It’s the foundation of almost every DevOps workflow.

ssh user@server

If you’ve configured key-based authentication correctly, this should log you in without a password.

Disable Login Prompts and Banners (Clean SSH Access)

Once SSH keys are working, you can remove unnecessary login prompts and messages. This makes automation cleaner and reduces noise when connecting.

Edit the SSH server config:

sudo nano /etc/ssh/sshd_config

Update or add the following settings:

# Disable password authentication
PasswordAuthentication no

# Disable challenge-response authentication
ChallengeResponseAuthentication no

# Disable PAM (optional but common for servers)
UsePAM no

# Disable login banners
PrintMotd no
PrintLastLog no
Banner none

Then restart SSH:

sudo systemctl restart sshd

What this does

  • Prevents password-based logins
  • Removes login banners and “last login” messages
  • Makes SSH output clean and script-friendly
  • Improves security by enforcing key-only access

Test your setup

Open a new terminal and connect:

ssh user@server

If it connects cleanly without prompts or banners, you’re done.

⚠️ Safety tip
Always keep an active SSH session open while testing config changes.
If you misconfigure SSH, you don’t want to lock yourself out.

2. Execute Commands Without Logging In

You can run a command on a server without opening a full session.

ssh user@server "systemctl status nginx"

Pipe output into local tools:

ssh user@server "cat /var/log/nginx/access.log" | grep 404

3. Copy Files Securely (SCP & SFTP)

Upload:

scp ./config.yaml user@server:/etc/myapp/

Download:

scp user@server:/var/log/app.log ./logs/

Interactive transfer:

sftp user@server

4. SSH Tunneling for Secure Port Forwarding

You can route local traffic through a remote server. This helps you access private resources without exposing them.

Local port forward:

ssh -L 8080:localhost:3000 user@server

Now localhost:8080 accesses the remote service.

Remote port forward:

ssh -R 9000:localhost:5432 user@server

Useful for secure database access in development.

5. Create Secure Jump Hosts (SSH ProxyJump)

In production, you rarely SSH directly into private hosts. You hop through a bastion:

ssh -J bastion.example.com user@private-host

Or bake it into your config:
~/.ssh/config

Host private
  HostName private-host
  User user
  ProxyJump bastion.example.com

6. Multiplexing: Speed Up SSH Connections

SSH can reuse an existing connection. This makes repeated commands feel snappy.

Enable it:
~/.ssh/config

Host *
  ControlMaster auto
  ControlPath ~/.ssh/cm-%r@%h:%p
  ControlPersist 5m

Now every new SSH command piggybacks on a warm connection.

7. SSH Agent Forwarding

Imagine you need to pull from GitHub from inside a remote server, but you don’t want to copy private keys onto that machine. Agent forwarding solves that.

ssh -A user@server

Your keys stay local. The server borrows them temporarily.

Use with caution. Only forward to hosts you trust.

8. SSH-Based Git Operations

Most engineers use SSH for Git without thinking about it. You authenticate using your SSH keys and skip passwords entirely.

git clone git@github.com:markcallen/everyday-devops.git

SSH guarantees secure, stable communication which critical for CI/CD pipelines and private repos.

9. Automate Using SSH in CI/CD Pipelines

Pipelines often need to run commands on remote servers. SSH slots right in.

Example deployment step:

ssh deploy@server "cd /var/www/app && git pull && systemctl restart app"

Use key-based auth and restricted deploy users for safety.

10. Transfer Directories with rsync

Rsync moves files efficiently by copying only the differences. It’s ideal for backups, migrations, and syncing build artifacts.

rsync -avz ./dist/ user@server:/var/www/app/

This beats SCP for large or incremental transfers.

Bonus: SSH Config Is Your Power Tool

One file can simplify your entire workflow.

~/.ssh/config

Host prod
  HostName 203.0.113.10
  User ubuntu
  IdentityFile ~/.ssh/prod_key
  Port 22

Now connect with:

ssh prod

Final Thoughts

SSH is more than a remote terminal, it’s a toolkit for secure automation. DevOps teams lean on it for deployments, debugging, network access, backups, and workflow acceleration. Learn these ten patterns and you’ll work faster with fewer mistakes.