Skip to content

How to connect via SSH

SSH (Secure Shell) is the standard way to securely access your server's command line. It is encrypted, fast, and designed for real operations: deployments, troubleshooting, log review, and maintenance.

This guide starts with the simplest connection method and scales up to professional workflows used by admins and developers.

Troubleshooting illustration

What you need before you connect

Collect these details first:

  • Server IP or hostname (example: 203.0.113.10 or server1.example.com)
  • SSH port (default is 22 unless you changed it)
  • Username
  • Common: root (VPS only), or a sudo user like gozen or deploy
  • Shared hosting typically does not provide full server SSH. If you have SSH on shared, it is usually jailed and limited to your account.
  • Authentication method
  • Password (beginner)
  • SSH key (recommended)

Where to find them at GOZEN HOST: - Client Area service details (server IP, hostname) - Your provisioning email (initial login details)

Quick start: SSH in one line (works on macOS, Linux, and Windows 10/11)

Open a terminal and run:

ssh username@SERVER_IP

If your SSH port is not 22:

ssh -p 2222 username@SERVER_IP

First connection note: - You may be asked to confirm the server fingerprint. This is normal. Confirm only if the IP and server are correct.

Windows: 3 ways to connect

Windows 10 and 11 include OpenSSH.

  1. Open Windows Terminal or PowerShell
  2. Run:
ssh username@SERVER_IP

Option B: PuTTY (classic UI tool)

PuTTY is popular if you prefer a GUI.

  1. Install PuTTY
  2. Host Name: SERVER_IP
  3. Port: 22 (or your custom port)
  4. Connection type: SSH
  5. Click Open
  6. Login with username + password, or load a private key

PuTTY key formats: - PuTTY uses .ppk - If you have an OpenSSH key, convert it in PuTTYgen (Load -> Save private key)

Option C: Tabby (modern UI, session manager)

Tabby is a good fit if you manage many servers. Create saved profiles and connect with one click.

macOS and Linux: OpenSSH (default)

Open Terminal and run:

ssh username@SERVER_IP

Useful extras:

  • Verbose output (great for troubleshooting): 

    ssh -vvv username@SERVER_IP

  • Specify a private key: 

    ssh -i ~/.ssh/id_ed25519 username@SERVER_IP

Mobile (emergency access)

For quick checks on the go, use a reputable SSH client:

  • iOS: Termius, Blink Shell
  • Android: Termius, JuiceSSH

Tip: Use SSH keys with a passphrase. Avoid storing plain passwords in apps.

Beginner method: Password login

If your server allows password login, you will be prompted:

  • Enter password (it will not show while typing)
  • You should land in a shell prompt

Good practice: - Change the initial password after first login - Create a non-root sudo user for daily work

SSH keys eliminate password guessing risk and speed up logins. This is the professional baseline.

Step 1: Generate a key pair

macOS / Linux / Windows:

ssh-keygen -t ed25519 -C "your-email@example.com"

Press Enter to accept the default path and set a passphrase.

Step 2: Add your public key to the server

If password login works, the easiest method is:

ssh-copy-id -i ~/.ssh/id_ed25519.pub username@SERVER_IP

If ssh-copy-id is not available (common on Windows), copy the public key:

cat ~/.ssh/id_ed25519.pub

Then on the server, append it to:

mkdir -p ~/.ssh
chmod 700 ~/.ssh
nano ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys

Paste the public key on a new line, save, exit.

Step 3: Test key login

ssh username@SERVER_IP

If it still asks for a password: - You might be using a different key than you think - The permissions on .ssh or authorized_keys might be wrong - The server might not allow public key auth

Intermediate: Make SSH easy with an SSH config file

Instead of typing long commands, create a profile in:

  • macOS / Linux: ~/.ssh/config
  • Windows: C:\Users\YOURUSER\.ssh\config

Example config:

Host gozen-prod
  HostName 203.0.113.10
  User deploy
  Port 22
  IdentityFile ~/.ssh/id_ed25519
  ServerAliveInterval 30
  ServerAliveCountMax 3

Then connect with:

ssh gozen-prod

This is how power users manage many servers without mistakes.

Advanced: Jump hosts (bastion) and ProxyJump

If your target server is not publicly accessible, you connect through a jump server.

One-off command:

ssh -J user@BASTION_IP user@PRIVATE_SERVER_IP

SSH config example:

Host gozen-bastion
  HostName 198.51.100.50
  User gozen
  IdentityFile ~/.ssh/id_ed25519

Host gozen-internal
  HostName 10.10.0.15
  User deploy
  ProxyJump gozen-bastion
  IdentityFile ~/.ssh/id_ed25519

Then:

ssh gozen-internal

Advanced: Port forwarding (tunnels)

Port forwarding lets you securely reach services that are not exposed to the public internet.

Local forwarding (most common)

Example: reach a database port only through SSH.

ssh -L 3306:127.0.0.1:3306 username@SERVER_IP

Then connect locally to 127.0.0.1:3306.

Remote forwarding

Expose a local service to the server side (use with care):

ssh -R 8080:127.0.0.1:8080 username@SERVER_IP

Dynamic forwarding (SOCKS proxy)

Useful for diagnostics and temporary secure browsing through a server:

ssh -D 1080 username@SERVER_IP

Security note: - Tunnels are powerful. Use them intentionally and shut them down when done.

Security hardening checklist (best practice)

If you manage the server (VPS or dedicated style), aim for this baseline:

  • Use SSH keys with passphrase
  • Disable direct root login (use sudo users)
  • Consider disabling password auth after keys are working
  • Use a firewall to restrict SSH access where possible
  • Keep OS packages updated
  • Enable brute-force protection (Fail2Ban or equivalent)

Important: Changing the SSH port can reduce noise, but it is not real security by itself. Keys and access control are what matter.

Troubleshooting common SSH errors

Connection timed out

Typical causes: - Wrong IP - Wrong port - Server firewall blocks your IP - Network path issue (ISP routing)

What to do: - Try ssh -p PORT user@IP - Try from mobile data - Use the checks in our "Server Not Accessible" article

Connection refused

Typical causes: - SSH service not running - Wrong port - Firewall actively rejecting

Try: 

ssh -p 22 user@SERVER_IP

Permission denied (publickey)

This is key authentication failing.

Try verbose mode: 

ssh -vvv user@SERVER_IP

Common fixes: - Ensure you are using the correct key (-i) - Fix permissions on ~/.ssh and authorized_keys - Confirm your username is correct

WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!

This usually happens when: - The server was reinstalled - The IP was reassigned - You are connecting to the wrong server

Do not ignore it. Verify the server identity first.

If you confirmed it is your server, remove the old key entry:

ssh-keygen -R SERVER_IP

What to send Support if SSH still fails

Send this in your ticket:

  • Server IP and hostname
  • Your username
  • Your public IP (if known) and country/ISP
  • The exact error message
  • Output of:
  • ssh -vvv user@SERVER_IP (last 30 lines)
  • Your port and command used

We do not need your password. Do not send passwords in tickets.

Summary

  • Beginners can connect with ssh user@ip
  • Pros use SSH keys, ~/.ssh/config, and jump hosts
  • When something breaks, ssh -vvv is your best diagnostic tool
  • Good SSH hygiene improves uptime and shortens incident resolution time
  • Server Not Accessible: What to check and what to send Support
  • Connect your project to GitHub and push changes
  • Free SSL setup and fixing “Not Secure”