SSH & Remote Systems\n\n## Secure Remote Access\n\nWhat you’ll learn:\n- SSH fundamentals\n- Key-based authentication\n- SSH config\n- Remote command execution\n- File transfer (scp, rsync)\n- Port forwarding & tunneling\n- tmux for persistent sessions\n\nTime: 75-90 minutes

Contents

SSH & Remote Systems\n\n## Secure Remote Access\n\nWhat you’ll learn:\n- SSH fundamentals\n- Key-based authentication\n- SSH config\n- Remote command execution\n- File transfer (scp, rsync)\n- Port forwarding & tunneling\n- tmux for persistent sessions\n\nTime: 75-90 minutes#

1. SSH Basics\n\n### Connecting to Remote Server\n\nbash\n# Basic connection\nssh username@hostname\n\n# Specify port\nssh -p 2222 username@hostname\n\n# Run command and exit\nssh user@host 'ls -la'\n\n# Interactive shell\nssh user@host\n#

2. SSH Keys\n\n### Generate SSH Key Pair\n\nbash\n# Generate new key\nssh-keygen -t ed25519 -C \"your_email@example.com\"\n\n# Or RSA (legacy)\nssh-keygen -t rsa -b 4096\n\n# Files created:\n# ~/.ssh/id_ed25519      # Private key (NEVER share!)\n# ~/.ssh/id_ed25519.pub  # Public key (safe to share)\n#

Add Key to Server\n\nbash\n# Copy public key to server\nssh-copy-id user@hostname\n\n# Manual method\ncat ~/.ssh/id_ed25519.pub | ssh user@host \"mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys\"\n\n# Now you can login without password!\nssh user@host\n#

3. SSH Config\n\n### ~/.ssh/config\n\nbash\n# Create config file\ncat > ~/.ssh/config << 'EOF'\nHost myserver\n    HostName 192.168.1.100\n    User admin\n    Port 22\n    IdentityFile ~/.ssh/id_ed25519\n\nHost github\n    HostName github.com\n    User git\n    IdentityFile ~/.ssh/github_key\n\nHost *.example.com\n    User admin\n    ForwardAgent yes\nEOF\n\n# Now just use:\nssh myserver  # Instead of ssh -p 22 admin@192.168.1.100\n#

4. File Transfer\n\n### scp - Secure Copy\n\nbash\n# Copy file to server\nscp file.txt user@host:/path/to/destination/\n\n# Copy from server\nscp user@host:/path/to/file.txt ./local/\n\n# Copy directory (recursive)\nscp -r folder/ user@host:/path/\n\n# Specify port\nscp -P 2222 file.txt user@host:/path/\n#

rsync - Efficient Sync\n\nbash\n# Sync directory (only changed files)\nrsync -avz folder/ user@host:/path/\n\n# Flags:\n# -a  archive mode (preserves permissions, timestamps)\n# -v  verbose\n# -z  compress during transfer\n# -P  show progress\n\n# Dry run (see what would be transferred)\nrsync -avzn folder/ user@host:/path/\n\n# Delete files on destination not in source\nrsync -avz --delete folder/ user@host:/path/\n#

5. Port Forwarding\n\n### Local Port Forwarding\n\nbash\n# Access remote service on local port\nssh -L 8080:localhost:80 user@host\n\n# Now localhost:8080 remote:80\n\n# Example: Access remote database\nssh -L 5432:localhost:5432 user@db-server\npsql -h localhost -p 5432  # Connects to remote DB\n#

Remote Port Forwarding\n\nbash\n# Expose local service to remote\nssh -R 8080:localhost:3000 user@host\n\n# Remote can access your local:3000 via their localhost:8080\n#

Dynamic Port Forwarding (SOCKS Proxy)\n\nbash\n# Create SOCKS proxy\nssh -D 8080 user@host\n\n# Configure browser to use localhost:8080 as SOCKS proxy\n# Now all traffic goes through remote server\n#

6. tmux - Persistent Sessions\n\n### Why tmux?\n\n- Keep processes running after disconnect\n- Multiple windows in one SSH session\n- Split panes\n- Attach/detach sessions\n\nbash\n# Install\nsudo apt install tmux\n\n# Start session\ntmux\n\n# New named session\ntmux new -s mysession\n\n# Detach: Ctrl+b, then d\n\n# List sessions\ntmux ls\n\n# Attach to session\ntmux attach -t mysession\n#

tmux Key Bindings\n\nPrefix: Ctrl+b (press first, then command)\n\n\nPrefix + c    New window\nPrefix + n    Next window\nPrefix + p    Previous window\nPrefix + %    Split vertically\nPrefix + \"    Split horizontally\nPrefix + o    Switch pane\nPrefix + d    Detach session\nPrefix + [    Scroll mode (q to exit)\n#

7. SSH Security\n\n### Hardening SSH\n\nbash\n# Edit /etc/ssh/sshd_config\n\n# Disable password auth (keys only)\nPasswordAuthentication no\n\n# Disable root login\nPermitRootLogin no\n\n# Change default port\nPort 2222\n\n# Allow specific users only\nAllowUsers alice bob\n\n# Restart SSH\nsudo systemctl restart sshd\n#

SSH Agent\n\nbash\n# Start agent\neval $(ssh-agent)\n\n# Add key\nssh-add ~/.ssh/id_ed25519\n\n# List loaded keys\nssh-add -l\n\n# Enable agent forwarding\nssh -A user@host\n# Now you can SSH from remote to another server using your keys\n#

🎯 Exercises\n\n1. Generate SSH key pair\n2. Set up passwordless SSH\n3. Create SSH config with aliases\n4. Transfer files with rsync\n5. Set up tmux session\n\n## 🎓 Key Takeaways\n\n- Use SSH keys, not passwords\n- Configure ~/.ssh/config\n- rsync > scp for large transfers\n- tmux for persistent sessions\n- Harden SSH for security#

🚀 Next Steps\n\nNext lesson: 10_docker_containers.ipynb\n\n## 📚 Resources\n\n- SSH Academy\n- tmux Cheat Sheet\n- rsync Examples#

Contents