SSH Cheatsheet

Complete SSH command reference for secure remote access and file transfer.

SSH Cheatsheet

Secure shell commands and configurations

59

Commands

6

Categories

0

Favorites

11

Sections

Basic
Connection
ssh user@host

Connect to remote host

ssh -p 2222 user@host

Connect on custom port

ssh -i ~/.ssh/key user@host

Use specific key

ssh -v user@host

Verbose mode (debug)

ssh -vvv user@host

Very verbose

ssh user@host 'command'

Run remote command

ssh -t user@host 'bash -l'

Force TTY allocation

ssh -q user@host

Quiet mode

Keys
Key Management
ssh-keygen -t ed25519 -C '[email protected]'

Generate Ed25519 key (recommended)

ssh-keygen -t rsa -b 4096 -C '[email protected]'

Generate RSA key

ssh-keygen -p -f ~/.ssh/id_ed25519

Change key passphrase

ssh-copy-id user@host

Copy public key to server

ssh-copy-id -i ~/.ssh/key.pub user@host

Copy specific key

cat ~/.ssh/id_ed25519.pub

Show public key

ssh-keygen -l -f ~/.ssh/id_ed25519

Show key fingerprint

ssh-keygen -R hostname

Remove host from known_hosts

Keys
SSH Agent
eval $(ssh-agent)

Start SSH agent

ssh-add ~/.ssh/id_ed25519

Add key to agent

ssh-add -l

List keys in agent

ssh-add -D

Remove all keys from agent

ssh -A user@host

Enable agent forwarding

Config
SSH Config (~/.ssh/config)
Host myserver
  HostName example.com
  User admin
  Port 22

Basic host config

Host *
  ServerAliveInterval 60
  ServerAliveCountMax 3

Keep connections alive

Host jump
  HostName jump.example.com
  User admin

Host target
  HostName 10.0.0.1
  ProxyJump jump

Jump host config

ssh myserver

Connect using config alias

💡 Config file: ~/.ssh/config

Transfer
SCP (Secure Copy)
scp file.txt user@host:/path/

Copy to remote

scp user@host:/path/file.txt ./

Copy from remote

scp -r dir/ user@host:/path/

Copy directory

scp -P 2222 file.txt user@host:/path/

Custom port

scp -C file.txt user@host:/path/

With compression

Transfer
Rsync over SSH
rsync -avz file.txt user@host:/path/

Sync to remote

rsync -avz user@host:/path/ ./

Sync from remote

rsync -avz --delete src/ user@host:/dest/

Mirror directory

rsync -avz -e 'ssh -p 2222' src/ user@host:/dest/

Custom SSH port

rsync -avzn src/ user@host:/dest/

Dry run

Transfer
SFTP
sftp user@host

Start SFTP session

put localfile

Upload file (in SFTP)

get remotefile

Download file (in SFTP)

ls / cd / pwd

Navigate (in SFTP)

Tunnels
Port Forwarding
ssh -L 8080:localhost:80 user@host

Local forward: access remote:80 via localhost:8080

ssh -L 3306:dbserver:3306 user@host

Forward to another host through SSH

ssh -R 9090:localhost:3000 user@host

Remote forward: expose local:3000 on remote:9090

ssh -D 1080 user@host

SOCKS proxy on localhost:1080

ssh -N -L 8080:localhost:80 user@host

Forward only (no shell)

ssh -f -N -L 8080:localhost:80 user@host

Background tunnel

💡 -L: local forward, -R: remote forward, -D: dynamic (SOCKS)

Tunnels
Jump Hosts
ssh -J jump@jumphost user@target

Jump through host

ssh -J jump1,jump2 user@target

Multiple jumps

ssh -o ProxyCommand='ssh -W %h:%p jump@jumphost' user@target

ProxyCommand method

Security
Security Options
ssh -o StrictHostKeyChecking=yes user@host

Strict host key check

ssh -o UserKnownHostsFile=/dev/null user@host

Ignore known_hosts

ssh -o PasswordAuthentication=no user@host

Key auth only

ssh -4 user@host

Force IPv4

ssh -6 user@host

Force IPv6

ssh -C user@host

Enable compression

Security
Server Hardening (/etc/ssh/sshd_config)
PermitRootLogin no

Disable root login

PasswordAuthentication no

Disable password auth

PubkeyAuthentication yes

Enable key auth

Port 2222

Change default port

AllowUsers user1 user2

Whitelist users

Quick Reference

Connect

ssh user@host

Key Gen

ssh-keygen -t ed25519

Copy Key

ssh-copy-id user@host

Tunnel

ssh -L 8080:localhost:80