This quick reference cheat sheet provides various for using SSH.
Connect to a server (default port 22)
$ ssh root@192.168.1.5 Connect on a specific port
$ ssh root@192.168.1.5 -p 6222 Connect via pem file (0400 permissions)
$ ssh -i /path/file.pem root@192.168.1.5 See: SSH Permissions
Executes remote command
$ ssh root@192.168.1.5 'ls -l' Invoke a local script
$ ssh root@192.168.1.5 bash < script.sh Compresses and downloads from a server
$ ssh root@192.168.1.5 "tar cvzf - ~/source" > output.tgz Copies from remote to local
$ scp user@server:/dir/file.ext dest/ Copies between two servers
$ scp user@server:/file user@server:/dir Copies from local to remote
$ scp dest/file.ext user@server:/dir Copies a whole folder
$ scp -r user@server:/dir dest/ Copies all files from a folder
$ scp user@server:/dir/* dest/ Copies from a server folder to the current folder
$ scp user@server:/dir/* . | File Path | Description |
|---|---|
/etc/ssh/ssh_config | System-wide config |
~/.ssh/config | User-specific config |
~/.ssh/id_{type} | Private key |
~/.ssh/id_{type}.pub | Public key |
~/.ssh/known_hosts | Known Servers |
~/.ssh/authorized_keys | Authorized login key |
| Options | Description |
|---|---|
scp -r | |
scp -C | |
scp -v | Prints |
scp -P 8080 | Uses a specific |
scp -B | |
scp -p |
Host server1 HostName 192.168.1.5 User root Port 22 IdentityFile ~/.ssh/server1.key Launch by alias
$ ssh server1 See: Full Config Options
$ ssh -J proxy_host1 remote_host2 $ ssh -J user@proxy_host1 user@remote_host2 Multiple jumps
$ ssh -J user@proxy_host1:port1,user@proxy_host2:port2 user@remote_host3 $ ssh-copy-id user@server Copy to alias server
$ ssh-copy-id server1 Copy specific key
$ ssh-copy-id -i ~/.ssh/id_rsa.pub user@server $ ssh-keygen -t rsa -b 4096 -C "your@mail.com" | - | - | - |
|---|---|---|
-t | Type of key | |
-b | The number of bits in the key | |
-C | Provides a new comment |
Generate an RSA 4096 bit key with email as a comment, or use SSH Key Generator online
Generate a key interactively
$ ssh-keygen Specify filename
$ ssh-keygen -f ~/.ssh/filename Generate public key from private key
$ ssh-keygen -y -f private.key > public.pub Change comment
$ ssh-keygen -c -f ~/.ssh/id_rsa Change private key passphrase
$ ssh-keygen -p -f ~/.ssh/id_rsa Search from known_hosts
$ ssh-keygen -F <ip/hostname> Remove from known_hosts
$ ssh-keygen -R <ip/hostname> | Option | Description |
|---|---|
-L | Local port forwarding |
-R | Remote port forwarding |
-D | Dynamic port forwarding |
-f | Run in background |
-N | Do not execute a remote command |
-g | Allow remote hosts to connect to local forwarded ports |
more details on flag above with man ssh
# Forward a local port to a remote server ssh -L local_port:remote_host:remote_port user@ssh_server # Example: Forward local port 8080 to remote port 80 on example.com ssh -L 8080:example.com:80 user@ssh_server # Create a SOCKS proxy on a local port ssh -D local_port user@ssh_server # Create a SOCKS proxy on local port 1080 in the background ssh -f -N -D 1080 user@ssh_server # Create a local port forwarding tunnel in the background ssh -f -N -L local_port:remote_host:remote_port user@ssh_server # Create multiple tunnels in a single SSH command ssh -L 8080:example.com:80 -L 3306:db.example.com:3306 user@ssh_server # In background, no command, allow remote host, local port forward, identity_file ssh -f -N -g -L 8080:example.com:80 -i ~/.ssh/custom_key user@ssh_server