A guide to setting up remote SSH

In the right (or wrong) hands ssh is a powerful tool for the remote management of a Unix system. Most desktop, or workstation distributions of Linux disable remote access over ssh by default. The simplest method to check if you have ssh server running on your machine is to run

$ ssh localhost

If ssh is not installed or running this will print out a message

ssh: connect to host localhost port 22: Connection refused

most likely indicating that the ssh server is not running.

Before heading any further in enabling remote access over ssh, it is a good idea to ensure that you have a strong password for all of the accounts on the device, in particular the root account (even better is disabling it). By enabling remote access for yourself you are also enabling remote access for anyone else that might want to try and log in.


The package required for installation is in most distributions named openssh-server. So for Ubuntu running the command;

$ sudo apt install openssh-server

will install the package as appropriate. Other Linux distributions have different package managers so use the one for your distribution. So for fedora, replace apt with dnf and for CentOS replace apt with yum. On macOS everything is already installed and just needs to be enabled in System Preferences > Sharing then ensure Remote Login is checked.

Once the package is installed, it needs to be both added to the list of packages to run at boot, and started now to test.

To start the openssh server, run the below command

$ sudo systemctl start ssh

which is using the systemd init system to start the openssh server instance. For fedora and CentOS, the ssh service instead has the name sshd so run

$ sudo systemctl start sshd

to start the server instance. Since this is probably a service you want running automatically on boot, running the command

$ sudo systemctl enable ssh

will put files in the appropriate places to enable the service on boot. Other useful commands for systemctl are stop, restart, and disable

Once the ssh server is running our command to connect at localhost

$ ssh localhost

should present a new message like the one below.

The authenticity of host 'localhost (::1)' can't be established.
ECDSA key fingerprint is ba:ba:b1:4c:5a:e2:aa:40:aa:7f:aa:01:aa:df:aa:47.
Are you sure you want to continue connecting (yes/no)?

In some ways this is like the terms and conditions when you sign up for a website in that you should care about and understand it, however, typically you click through (or type yes) without reading. Since we are connecting to localhost, which has an IPV6 address of ::1 or IPV4 address of we can trust the key fingerprint. This is a method of checking that whenever we log into a host over ssh, the host hasn't changed which if unexpected could be indicative of a man-in-the-middle attack or other nefarious actions.

Now we are able to connect to the machine locally, we need to work out how to connect from a remote machine.

How do I Find My Device?

With the previous commands we have been passing localhost to the ssh command, in the same way we might type google.com into a web browser. These names are a human readable format for addressing devices, which map to IPV6 or IPV4 addresses computers read to initiate a connection.

To find the name of the computer we are working on, also known as the hostname, we can use the hostname command.

$ hostname -f

Here the -f gives the full hostname of the device you are using, with a -s flag also supported, however we need to full hostname.

With the full hostname, we know the name of our device, and we know that our device is aware of it's hostname. This doesn't necessarily mean that any other devices know what ours is called. The process of taking a hostname and turning it into an address the computer can use is known as DNS, which is provided by name servers. Typically in organisations there are multiple levels of name servers, which will handle both internal names, like the hostname of our device, and external names like github.com or wikipedia.org. Where a device is querying an external name server, it will not be able to resolve local names. To test this we can use the name server lookup nslookup command.

$ nslookup lovelace.staff.sydney.edu.au

Name:   lovelace.staff.sydney.edu.au

This tells us that the server at the ip address which my laptop is using as the default name server, knows that lovelace.staff.sydney.edu.au exists at the address If we instead used one of the large public DNS servers provided by Google ( or CloudFlare ( we will instead get an error message.

$ nslookup lovelace.staff.sydney.edu.au

** server can't find lovelace.staff.sydney.edu.au: SERVFAIL

Setting the hostname

When going through the initial setup of macOS or linux machines, there is a step where you give the machine the hostname. To later change the hostname requires the editing a couple of files. The file /etc/hostname stores the hostname of the machine, which will typically be the Fully Qualified Domain Name (FQDN) of the host. To actually change the hostname a reboot is required, as this file is read during the boot sequence. Before you do reboot, there is another file /etc/hosts that requires editing.

The /etc/hosts file is the fist place that is checked when looking to resolve a domain name and is sometimes used as a way to block websites or just to resolve hostname. We want to our domain name to resolve to and ::1 so that services like web servers don't get confused. Ensure the following lines (with the appropriate hostname) are in the /etc/hosts file   lovelace lovelace.malramsay.com
::1         lovelace lovelace.malramsay.com

This sets the ip address we want the hostname to resolve to, which on the first line is, followed by a list of hostnames, being the short version lovelace and the FQDN lovelace.malramsay.com.

What do I do if I can't lookup my hostname?

The reason we use domain names and hostnames is that they are far easier to remember than a string of numbers. It is possible to navigate to Google by navigating to the ip address which is the address returned for google.com.

$ nslookup google.com

Non-authoritative answer:
Name:   google.com

While using the IP address is possible, it is far more cumbersome to remember and to type. For a single IP address which we can put in a configuration file, this isn't too problematic.

To find the ip address of the current host run the command ip addr, which will give output like that below.

$ ip addr
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet lo0
        inet6 ::1/128
        inet6 fe80::1/64 scopeid 0x1
        ether 78:4f:43:4d:cc:53
        inet6 fe80::18c5:93d4:e972:b798/64 secured scopeid 0x7
 >      inet brd en0
        ether b6:54:4e:bd:a7:d7
        inet6 fe80::b454:4eff:febd:a7d7/64 scopeid 0xa
utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 2000
        inet6 fe80::1c95:35f4:acea:1034/64 scopeid 0x10
        ether ac:df:48:00:11:22
        inet6 fe80::aede:48ff:fe00:1122/64 scopeid 0x9
        ether 00:0e:c6:e2:bb:69
        inet6 fe80::1871:5dc7:1f58:2127/64 secured scopeid 0x12
 >      inet brd en7

The lines we are looking for are those with inet at the start which I have denoted with a >.

This gives me two IP addresses, one for the wifi and another for the wired ethernet connection. You may have noticed that the address matched that obtained from the nslookup of my hostname above. This tells me that the name server is directing queries of my hostname back to my device.

Now we have an ip address, how do we make the computer remember it when the name server doesn't.

Remembering IP addresses

The DNS lookup of IP addresses from hostnames works on the institutional network I have access to at the University of Sydney. You will likely not have this same configuration, so there are some alternate methods for getting your computer to remember ip addresses.

SSH configuration file

The simplest method of getting the computer to remember an ip address for you is the ssh config file ~/.ssh/config. This approach only works when connecting using ssh, however, it is useful for setting all the parameters for an ssh connection. By putting the code snippet below in ~/.ssh/config

Host lovelace
    User malcolm

running the command ssh lovelace, is equivalent to running ssh [email protected] and is much easier to both type and remember (and tab-complete). Additional useful parameters for the configuration are

The ssh_config man pages (man ssh_config) also contain all the parameters available and information about each of them.

Hosts file

Earlier we modified the /etc/hosts file to change the hostname of our system. We can also use it to remember the ip address of other systems. This is not recommended for managing many devices, use DNS for that, for a small number of systems we can use use this file for the translation of domain names to ip addresses. Instead of using the ip address of localhost, we use the ip address we want the hostname to resolve to as shown below.   lovelace.malramsay.com

The advantage this approach has over the ssh configuration is that it will also resolve the hostname in the web browser. This also makes it much easier to access web services like jupyter notebooks on the remote host.


This should be sufficient to get started using SSH within the same network. To access the service over the internet, where possible use the institutional VPN, or set up your own.