How to connect to a server via SSH: step-by-step guide for Windows, Linux, and macOS

What SSH Is and Why It Is Needed

Managing a remote server is one of the core tasks of any system administrator, DevOps engineer, or developer. To solve this, the SSH (Secure Shell) protocol is used — the standard way to securely connect to remote machines over a network.

In this article, we will break down how SSH works, which tools to use on different operating systems, and how to make your first connection to a server step by step — even if you are doing it for the first time.

Terminology

Before moving on to practice, let us define the key concepts that will appear in this guide.

SSH (Secure Shell) — a network protocol that provides an encrypted connection between a client and a server. It is used for remote command execution, file transfer, and traffic tunneling.

SSH client — a program on your computer that initiates a connection to the server. On Linux and macOS, this is the standard ssh utility. On Windows, it can be the built-in OpenSSH or third-party applications such as PuTTY.

SSH server — the sshd daemon running on the remote machine. It accepts incoming connections and manages access.

Password authentication — the simplest but less secure login method: you enter a username and password for each connection.

Key authentication — a more reliable method. A pair of keys is generated: a private key (stored by you) and a public key (placed on the server). When connecting, the server verifies the key match without requiring a password.

Port — by default, SSH works on port 22. Administrators often change it to a non-standard one to reduce the number of automated attacks.

Fingerprint — a unique string that identifies an SSH server. During the first connection, the client shows this fingerprint and asks you to confirm that you are connecting to the correct machine.

How SSH Works

When an SSH connection is established between a client and a server, several sequential steps take place.

Connection Establishment and Key Exchange

The client connects to the server using the specified IP address or domain name. The server responds with its public key — the same fingerprint you see during the first connection. If you confirm the connection, the client saves this fingerprint in the ~/.ssh/known_hosts file. During subsequent connections, the client compares the server key with the saved one — if they do not match, the connection is interrupted with a warning.

After the key is verified, the parties agree on the encryption algorithm and establish an encrypted channel through the Diffie–Hellman mechanism. All subsequent traffic, including passwords and commands, is transmitted in encrypted form.

User Authentication

After the encrypted channel is established, the server requests user identity confirmation. There are two main methods:

With password authentication, the user enters a password, which is verified on the server side.

With key authentication, the server sends the client an encrypted message. The client decrypts it using the private key and sends a response. If the response is correct, access is granted.

Practical Uses of SSH

SSH is used in many everyday tasks when working with server infrastructure.

Server administration: executing commands in the terminal, managing users, configuring services, viewing logs — all of this is done through SSH.

File transfer: the scp and sftp utilities work over SSH and provide secure file transfer between machines.

Tunneling and port forwarding: SSH makes it possible to create encrypted tunnels for accessing services that should not be exposed directly to the internet — for example, a database or an internal web application.

Automation and CI/CD: continuous integration systems use SSH to deploy code to servers, run scripts, and manage infrastructure.

Step-by-Step Connection Guide

Below, we will look at the connection process separately for each operating system.

Connecting from Linux

On most Linux distributions, the OpenSSH client is installed by default. If it is missing, install it.

On Debian/Ubuntu:

sudo apt update && sudo apt install openssh-client

On CentOS/RHEL/Fedora:

sudo dnf install openssh-clients

Basic connection

The minimal command for connecting looks like this:

ssh username@server_address

For example:

ssh admin@192.168.1.100

If the server is running on a port other than the standard 22, specify the port using the -p flag:

ssh -p 2222 admin@192.168.1.100

During the first connection, the client will show the server fingerprint and ask for confirmation. Enter yes and press Enter. Then enter the user password.

Connecting with an SSH key on Linux

Step 1. Generate a key pair on your computer:

ssh-keygen -t ed25519 -C "your_comment"

The utility will prompt you to choose a path for saving the keys (by default — ~/.ssh/id_ed25519) and set a passphrase to protect the private key. Using a passphrase is recommended, but not required.

Step 2. Copy the public key to the server:

ssh-copy-id -i ~/.ssh/id_ed25519.pub admin@192.168.1.100

The command will automatically add your public key to the ~/.ssh/authorized_keys file on the server.

Step 3. Connect without a password:

ssh admin@192.168.1.100

If you have multiple keys or the key is stored in a non-standard path, specify it explicitly:

ssh -i ~/.ssh/my_custom_key admin@192.168.1.100

Connecting from macOS

macOS comes with the OpenSSH client preinstalled. No additional installation is required — everything is available through the standard Terminal (Terminal.app) or alternative terminal emulators such as iTerm2.

The command syntax is exactly the same as on Linux. Basic connection:

ssh username@server_address

Working with keys on macOS

The process of generating and copying keys is the same as on Linux. However, on macOS, the private key can be added to Keychain — the system password store — so that you do not need to enter its passphrase for every connection.

Add the key to Keychain:

ssh-add --apple-use-keychain ~/.ssh/id_ed25519

To make the key load automatically each time the system starts, add the following to the ~/.ssh/config file:

Host *
  AddKeysToAgent yes
  UseKeychain yes
  IdentityFile ~/.ssh/id_ed25519

Connecting from Windows

Starting with Windows 10 (version 1809) and Windows Server 2019, OpenSSH is available as a built-in component. It is installed through “Settings” and provides a full SSH client directly in PowerShell or the Command Prompt.

Option 1: built-in OpenSSH

Step 1. Check whether OpenSSH is installed. Open PowerShell as administrator and run:

Get-WindowsCapability -Online | Where-Object Name -like 'OpenSSH*'

Step 2. If the client is not installed (status NotPresent), install it:

Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0

Step 3. Connect to the server. The syntax is identical to Linux and macOS:

ssh admin@192.168.1.100

Key generation and usage are the same. The ssh-keygen and ssh-copy-id commands (starting with the latest versions of OpenSSH for Windows) work the same as on Unix systems. Keys are stored in the C:\Users\your_name\.ssh\ folder.

Option 2: PuTTY

PuTTY is a popular SSH client with a graphical interface. It is convenient for users who prefer not to work in the command line, and it is compatible with older versions of Windows.

Step 1. Download PuTTY from the official website putty.org and install it.

Step 2. Open PuTTY. In the Host Name (or IP address) field, enter the server address, and in the Port field enter the port (22 by default). Make sure the SSH protocol is selected.

Step 3. Click Open. During the first connection, a warning with the server fingerprint will appear — click Accept to add it to the list of trusted hosts.

Step 4. In the opened terminal, enter the username and password.

Working with keys in PuTTY

PuTTY uses its own key format — .ppk. If you already have a key in OpenSSH format, it can be converted using the PuTTYgen utility included in the PuTTY package.

To generate a new key:

Step 1. Open PuTTYgen. Choose the key type EdDSA or RSA (4096 bits) and click Generate. Move the mouse around the empty area to generate random data.

Step 2. Set a passphrase to protect the key in the Key passphrase field and save the private key (Save private key) in .ppk format.

Step 3. Copy the text from the Public key for pasting into OpenSSH authorized_keys field and add it to the server in the ~/.ssh/authorized_keys file.

Step 4. In the PuTTY session settings, go to Connection → SSH → Auth and specify the path to the .ppk file.

Setting Up an SSH Config for Convenience

When you have more than one server, entering full addresses, usernames, and key paths every time is inconvenient. That is what the client configuration file — ~/.ssh/config — is for.

Example config with multiple servers:

Host prod-server
  HostName 203.0.113.10
  User deploy
  Port 2222
  IdentityFile ~/.ssh/id_ed25519_prod

Host staging
  HostName 203.0.113.20
  User ubuntu
  IdentityFile ~/.ssh/id_ed25519_staging

Host bastion
  HostName 203.0.113.1
  User admin
  IdentityFile ~/.ssh/id_ed25519

After saving the file, connecting to a server is done with one short command:

ssh prod-server

This is equivalent to the full command ssh -p 2222 -i ~/.ssh/id_ed25519_prod deploy@203.0.113.10.

Common Errors and How to Fix Them

Connection refused

This error means that the connection to the specified address and port was not accepted. Possible causes: the SSH server is not running, the wrong port was specified, or incoming connections are blocked by a firewall.

Check whether the SSH server is running on the remote machine:

sudo systemctl status sshd

Make sure the required port is open in the firewall rules:

sudo ufw status
sudo firewall-cmd --list-ports

Permission denied (publickey)

The server did not accept your key. The most common reasons are:

The public key was not added to ~/.ssh/authorized_keys on the server, or the file has incorrect permissions. Check the permissions:

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

Also make sure that key authentication is enabled in the server configuration /etc/ssh/sshd_config:

PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

Host key verification failed

This error appears if the server fingerprint has changed — for example, if the server was reinstalled. SSH warns you about a possible man-in-the-middle attack. If you are sure the server is legitimate, remove the old entry from known_hosts:

ssh-keygen -R 192.168.1.100

Connection timed out

A timeout usually means the server is unreachable over the network: the IP address is wrong, the server is turned off, or routing is unavailable. Check server availability using ping and make sure you are connected to the correct network.

Security Recommendations

SSH itself is secure, but incorrect server configuration can create vulnerabilities. Here are a few practices we recommend following.

Disable password login. After setting up key authentication, disable password login in /etc/ssh/sshd_config:

PasswordAuthentication no
PermitRootLogin no

After changing the config, restart the SSH server:

sudo systemctl restart sshd

Change the standard port. Moving SSH from port 22 to a non-standard one (for example, 2222 or anything above 10000) significantly reduces the number of automated password-guessing attacks. Specify the desired port in the Port directive in the server config.

Use modern key algorithms. We recommend ed25519 as the most secure and fast algorithm. RSA is acceptable with a key size of at least 4096 bits.

Restrict the user list. In sshd_config, you can allow SSH access only for specific users or groups:

AllowUsers deploy ubuntu admin

Protect the server from brute force attacks. The fail2ban utility automatically blocks IP addresses from which too many failed login attempts are received. Install and configure it on internet-facing servers.

Conclusion

SSH is a standard and reliable way to remotely manage servers. No matter which operating system you use, the basic principles remain the same: encrypted connection, key-based authentication, and flexible configuration through a config file.

We recommend setting up key authentication right away — it is both more convenient and more secure than using passwords. The ~/.ssh/config file will help organize access to multiple servers without having to memorize long commands.

If errors occur during connection, in most cases they are related to file permissions for keys, an incorrect port, or firewall rules — all of these issues are resolved using the algorithm described in the section above.