July 15, 2026
Tutorials

How to Connect to Your AlmaLinux 10 Server Using SSH: A Complete Guide

How to Connect to Your AlmaLinux 10 Server Using SSH_ A Complete Guide

SSH (Secure Shell) is how you’ll manage your AlmaLinux 10 server for almost everything, installing packages, editing configs, checking logs, and deploying applications. Whether you just spun up a fresh cloud VPS or you’re setting up a home lab server, this guide covers the full process: verifying SSH is running, connecting from your local machine, setting up key-based authentication, and locking the connection down securely.

Table of Content

What are SSH keys and how do SSH Keys Work?

SSH keys are a pair of cryptographic keys, one private, one public, used to prove your identity to a server without typing a password every time. Here’s how SSH key authentication works: your private key stays securely on your local machine and is never shared, while your public key is placed on the server you want to access.

When you connect, the server challenges your client to prove it holds the matching private key; if it does, you’re authenticated instantly. This is what makes SSH key authentication significantly more secure than password-based logins, since there’s no password to brute-force or intercept.

Prerequisite

  • An AlmaLinux 10 server with a public or local IP address
  • Your server’s login credentials (username and password, or an existing SSH key)
  • A terminal on your local machine, built-in on macOS/Linux, or PowerShell/Windows Terminal on Windows 10/11 (both include OpenSSH client by default)

How to Connect to Your AlmaLinux 10 Server Using SSH

To connect to your AlmaLinux 10 server using SSH, open a terminal on your local machine and run ssh username@your-server-ip, replacing the username and IP with your actual server credentials. On first connection, type yes to accept the server’s fingerprint, then enter your password when prompted. If you’re using a custom SSH port instead of the default 22, add the -p flag: ssh -p 3322 username@your-server-ip.

For a production server, set up key-based authentication with ssh-keygen -t ed25519 followed by ssh-copy-id username@your-server-ip, then disable password logins in /etc/ssh/sshd_config for stronger security. OpenSSH comes preinstalled and enabled on most AlmaLinux 10 images, so in most cases you can connect immediately without any server-side setup.

Step 1: Confirm SSH Is Running on Your AlmaLinux 10 Server

The OpenSSH server package comes preinstalled and enabled by default on most AlmaLinux 10 images, especially cloud VPS instances. Log in directly at the server console (or through your hosting provider’s web console) and check the service status:

sudo systemctl status sshd

  sudo systemctl status sshd

You should see active (running) in green. If it’s not installed at all, add it with:

sudo dnf install openssh-server -y

sudo systemctl enable –now sshd

The enable –now flag both starts the service immediately and ensures it launches automatically on every reboot. To explore more, visit our guide on how to enable SSH root login on Debian 12.

Step 2: Find Your Server’s IP Address

You’ll need this to connect remotely. On the server itself, run:

ip addr show

  ip addr show

Look for the inet address under your primary network interface (commonly eth0 or ens3). If your server is on a cloud provider like AWS or GreenWebpage, the public IP is also shown in your provider’s dashboard.

Step 3: Open the SSH Port in the Firewall

AlmaLinux 10 uses firewalld by default. If SSH connections are being refused from outside, confirm the SSH service is allowed:

sudo firewall-cmd –list-services

  sudo firewall-cmd --list-services

If ssh isn’t listed, add it and reload:

sudo firewall-cmd –permanent –add-service=ssh

sudo firewall-cmd –reload

  sudo firewall-cmd --permanent --add-service=ssh

Step 4: Connect to Your Server via SSH

From your local machine’s terminal, connect using the standard SSH syntax:

ssh username@your-server-ip

  ssh username@your-server-ip

The first time you connect to a new server, you’ll see a fingerprint verification prompt:

Type yes and press Enter. This confirms you trust the server’s identity and adds it to your local ~/.ssh/known_hosts file, so you won’t be prompted again on future connections. You’ll then be asked for your password (or your SSH key passphrase, if you’re already using key-based auth).

Connecting on a Non-Default Port

If your server uses a custom SSH port instead of the default 22, specify it with the -p flag:

ssh -p 3322 admin@203.0.113.25

  ssh -p 3322 admin@203.0.113.25

Note: To learn about SSH in detail, you can visit our guide “How to Enable SSH on Ubuntu 24.04”.

Step 5: Set Up SSH Key-Based Authentication (Recommended)

Password-based logins are a common target for brute-force attacks. Switching to SSH key authentication is significantly more secure and is considered best practice for any production server.

Generate an SSH Key Pair (On Your Local Machine)

ssh-keygen -t ed25519 -C “your_email@example.com”

  ssh-keygen -t ed25519 -C

ed25519 is the current recommended key type, faster and more secure than the older RSA format. Press Enter to accept the default file location, and optionally set a passphrase for extra protection.

Copy Your Public Key to the Server

The easiest method is ssh-copy-id:

ssh-copy-id username@your-server-ip

  ssh-copy-id username@your-server-ip

This automatically appends your public key to ~/.ssh/authorized_keys on the server with the correct permissions. If ssh-copy-id isn’t available (common on Windows), copy it manually:

cat ~/.ssh/id_ed25519.pub | ssh username@your-server-ip “mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys”

Test Key-Based Login

ssh username@your-server-ip

  ssh username@your-server-ip

You should now log in without being prompted for a password (unless you set a key passphrase).

What does “cannot connect to server” mean?

A “cannot connect to server” error typically means one of a few things: the SSH service isn’t running on the server, a firewall is blocking the port, the server’s IP address or hostname is wrong, or your network connection to the server is down entirely. Running ssh -vvv username@server-ip will show exactly where the connection is failing.

Step 6: Harden Your SSH Configuration

Once key-based login is confirmed working, tighten security on the server side by editing the SSH daemon config:

sudo nano /etc/ssh/sshd_config

Make the following changes:

PermitRootLogin no

PasswordAuthentication no

PubkeyAuthentication yes

/etc/ssh/sshd_config

  • PermitRootLogin no: AlmaLinux 10 disables direct root SSH login by default; keep it that way and use sudo from a regular user account instead.
  • PasswordAuthentication no: disables password logins entirely once your SSH key is confirmed working, closing off brute-force attack vectors.

Save the file, then restart the SSH service to apply changes:

sudo systemctl restart sshd

  sudo systemctl restart sshd

Important: Keep your current terminal session open while testing in a new window. If something’s misconfigured, you’ll still have an active session to fix it rather than locking yourself out.

Step 7: (Optional) Change the Default SSH Port

Moving off port 22 reduces exposure to automated bots scanning for default SSH ports. In /etc/ssh/sshd_config, find and change:

Port 3322

Then update the firewall to allow the new port and remove the old one:

sudo firewall-cmd –permanent –add-port=3322/tcp

sudo firewall-cmd –permanent –remove-service=ssh

sudo firewall-cmd –reload

  sudo firewall-cmd --permanent --add-port=3322/tcp

From then on, connect using ssh -p 3322 username@your-server-ip.

Quick Reference: Essential SSH Commands

Keyword

Purpose

ssh keygen

ssh-keygen is the command-line tool built into OpenSSH that generates a public/private key pair for secure, passwordless authentication. Run ssh-keygen -t ed25519 in your terminal, and it creates two files by default: a private key (id_ed25519) that stays on your machine, and a public key (id_ed25519.pub) that you copy to any server or service you want to authenticate with.

ssh key

An SSH key is a pair of cryptographic keys, one private, one public, used to authenticate a connection without typing a password each time. The private key stays secret on your local machine, while the public key is placed on the remote server or service (like GitHub or a Linux server); a match between the two proves your identity securely.

ssh key github

To use an SSH key with GitHub, generate a key pair with ssh-keygen -t ed25519 -C “your_email@example.com”, then copy the contents of your public key file (~/.ssh/id_ed25519.pub) into GitHub under Settings → SSH and GPG keys → New SSH key. Once added, you can clone and push to repositories using the git@github.com: SSH URL instead of HTTPS, without entering a password on every push.

ssh keygen github

Run ssh-keygen -t ed25519 -C “your_email@example.com” to create the key pair GitHub requires, accept the default file location, then test the connection with ssh -T git@github.com after adding the public key to your GitHub account, a successful setup returns a “You’ve successfully authenticated” message.

ssh keygen ed25519

ssh-keygen -t ed25519 generates a key using the Ed25519 algorithm, which is the current recommended default over older RSA keys because it produces smaller, faster keys with equivalent or stronger security. Most modern services, including GitHub and current Linux distributions, fully support Ed25519 keys for SSH authentication.

ssh keygen rsa

To generate an RSA key instead of the newer Ed25519 default, run ssh-keygen -t rsa -b 4096, which creates a 4096-bit RSA key pair. RSA remains widely supported for compatibility with older systems and services, but Ed25519 is generally preferred for new setups due to better performance and security per key size.

ssh keygen windows

On Windows 10 and 11, ssh-keygen works natively in PowerShell or Command Prompt since OpenSSH is included by default; no extra software required. Run ssh-keygen -t ed25519 the same way you would on macOS or Linux; keys are saved by default to C:\Users\<username>\.ssh\.

ssh key generation

SSH key generation is the process of creating a matching public/private key pair with ssh-keygen, typically using the -t flag to specify the algorithm (ed25519 or rsa) and -C to add an identifying comment like your email. The process takes seconds and optionally lets you set a passphrase for an extra layer of protection on the private key.

ssh keygen command

The basic ssh-keygen command syntax is ssh-keygen -t <type> -C “<comment>”; for example, ssh-keygen -t ed25519 -C “you@example.com”. Common flags include -b to set key length for RSA keys, -f to specify a custom output filename, and no flags at all if you just want the fastest default RSA key generation.

ssh key permissions

SSH requires strict file permissions to accept a key; the ~/.ssh directory must be 700 and the private key file must be 600, or SSH will refuse to use it and often fail silently. Fix incorrect permissions with chmod 700 ~/.ssh and chmod 600 ~/.ssh/id_ed25519, and ensure the public key file and authorized_keys on the server are set to 644 and 600, respectively.

Final Thoughts

Connecting to AlmaLinux 10 over SSH is straightforward out of the box, since OpenSSH ships preinstalled and enabled on most images. The real value is in the hardening steps: switching to key-based authentication, disabling root and password logins, and confirming your firewall rules match your actual SSH port. Take the extra five minutes to do this properly on any server exposed to the internet; it’s the single biggest security improvement you can make with the least effort.

FAQs

1. What does SSH stand for in Linux?

SSH stands for Secure Shell, a network protocol used to securely access and manage remote computers over an unsecured network.

2. How does SSH work overall?

How SSH works, at a high level: it encrypts the entire session between your client and the server, negotiates a secure channel using key exchange algorithms, and then authenticates you using either a password or an SSH key pair before granting access to a remote command line.

3. Where are SSH keys stored on Linux, and where are SSH keys stored on Windows?

On Linux (and macOS), SSH keys are stored by default in the hidden ~/.ssh/ directory in your home folder, typically ~/.ssh/id_ed25519 for the private key and ~/.ssh/id_ed25519.pub for the public key. On Windows, SSH keys generated through PowerShell’s built-in OpenSSH client are stored in C:\Users\<username>\.ssh\ by default, following the same private/public key naming convention.

4. How do I connect to a server from a Mac or connect to a server from Windows?

To connect to a server from a Mac, open Terminal and run ssh username@server-ip. macOS includes the SSH client out of the box, so no extra installation is needed. To connect to a server from Windows, open PowerShell or Windows Terminal and use the exact same command, since Windows 10 and 11 also ship with OpenSSH built in. Both platforms will prompt you to accept the server’s fingerprint on your first connection.

5. Can I connect to a server through File Explorer?

Windows File Explorer doesn’t support SSH connections natively, but you can connect to a server through File Explorer-style browsing using SFTP client software (like WinSCP or FileZilla), which lets you drag and drop files over an SSH connection instead of using the command line.

Leave feedback about this

  • Quality
  • Price
  • Service

PROS

+
Add Field

CONS

+
Add Field
Choose Image
Choose Video