ssh user@server-ip, and you’re in. Keep it off the public internet.Do you need to keep a monitor and keyboard hooked up to your server? Nope. SSH lets you reach your server’s command prompt from your Windows, Mac, or Linux box. You’ve probably seen SSH thrown around in forums and tutorials. It’s the tool that lets you run your Linux server from anywhere on your local network.
One rule first. Do not expose your SSH port to the internet unless you know exactly what you’re doing and have a good reason. Bots scan for open port 22 every minute of the day. Keep it inside your LAN.
I’ve been running SSH on my own home media server for years. Here’s how to set it up without shooting yourself in the foot.
What Is SSH, and Why Should You Care?
SSH stands for Secure Shell. It’s an encrypted protocol that lets you log into a remote machine over the network and run commands as if you were sitting at the keyboard. Want to manage your server from the couch with a laptop on your lap? That’s SSH.
With an SSH session you can run commands, edit configs, copy files with scp or rsync, and troubleshoot the box without ever plugging in a monitor. For a home media server, it’s the difference between a project and a chore.
Why You Shouldn’t Expose SSH to the Internet
Quick security detour before the how-to. Putting your SSH server on the public internet is asking for trouble. Bots and opportunistic attackers scan the entire IPv4 space for open port 22 around the clock. Find your host, and they’ll start brute-forcing usernames and passwords until something gives.
Three reasons to keep SSH on your LAN only:
- Reduced Attack Surface: Only devices already on your home network can even attempt a connection.
- Less Config Pain: No firewall holes, no fail2ban rules, no key-only enforcement to maintain.
- No Port Forwarding or VPN: You don’t need to stand up WireGuard or punch holes in your router for a single shell session.
If you genuinely need remote access from outside your house, put SSH behind a VPN like WireGuard or Tailscale. Don’t just forward port 22 and hope for the best.
Step-by-Step Guide to SSH into Your Linux Server
1. Check Your Server’s IP Address
You need the server’s local IP before you can connect. Log in at the console and run:
ip addr
Look for the inet line under your active network interface (usually eth0, ens18, or similar). The address will look like 192.168.x.x or 10.0.x.x. That’s the one you want.
Example:
2. Install an SSH Client on Your Computer
- Windows: Use the built-in OpenSSH client in PowerShell, or grab PuTTY if you prefer a GUI.
- Mac/Linux: Your terminal already has
sshinstalled. Open it and skip ahead.
3. Connect to the Server via PowerShell
On Windows, hit the Start key, type PowerShell, and click Windows PowerShell.
ssh username@192.168.x.x
Swap username for your Linux account and 192.168.x.x for your server’s IP.
For example:
ssh john@192.168.1.100
First connection? You’ll see a prompt asking you to verify the server’s fingerprint. Type yes and hit enter.
4. Enter Your Password
The server prompts for your password next. Type it in carefully. The terminal won’t echo characters as you type, which is normal and intentional. Hit enter.
If the connection works, you’ll land at a shell prompt like this:
KryptikWurm@mediaserver:~$
You’re in. Run whoami or hostname to confirm.
5. Troubleshooting Common Issues
- “Connection Refused”: The SSH service isn’t running on the server. On the server’s console run:
sudo systemctl start ssh
On some distros the unit is named sshd instead, so try sudo systemctl start sshd if the first one fails. To make it survive reboots: sudo systemctl enable ssh.
- “Permission Denied”: Wrong username or wrong password. Double-check both. Linux usernames are case-sensitive.
- “No Route to Host” or hangs forever: Server and client aren’t on the same subnet, or a host firewall is blocking port 22. Check
sudo ufw statuson Ubuntu orsudo firewall-cmd --list-allon Fedora/Rocky. - Can’t find the IP at all: Confirm the server is on your LAN and not isolated on a guest VLAN.
Frequently Asked Questions
➤ What port does SSH use by default?
/etc/ssh/sshd_config by editing the Port line and restarting the service with sudo systemctl restart ssh. Changing the port doesn’t make SSH meaningfully more secure, it only cuts down on log noise from drive-by bots.➤ Should I use SSH keys instead of a password?
ssh-keygen -t ed25519, copy it to the server with ssh-copy-id user@server-ip, and then disable password login in /etc/ssh/sshd_config by setting PasswordAuthentication no. Restart sshd and you’re key-only.➤ How do I copy files over SSH?
scp for one-off file transfers: scp localfile user@server-ip:/remote/path/. For directory sync, rsync -avz localdir/ user@server-ip:/remote/path/ is faster and handles interruptions. Both run over the same SSH connection, so no extra setup is needed.➤ Why does the terminal not show my password as I type it?
Keep It Local, Keep It Safe
SSH is a power tool. Keep it on your LAN and you get every benefit of remote management with almost none of the risk. Open it up to the internet without a VPN and you’re putting your server on a list of free targets.
Open a terminal, run ssh user@your-server-ip, and start working your media server from wherever you sit in the house. If you ever do need outside access, put it behind WireGuard or Tailscale first. Safety third.