SSH Cheatsheet

Basic Connection

Connect to remote server

ssh user@hostname

Connect with specific port

ssh -p <port> user@hostname

Connect with specific identity file

ssh -i <private-key> user@hostname

Connect with verbose output

ssh -v user@hostname

Connect and execute command

ssh user@hostname 'command'

SSH Key Management

Generate SSH key pair

ssh-keygen -t rsa -b 4096 -C "your-email@example.com"

Generate Ed25519 key (recommended)

ssh-keygen -t ed25519 -C "your-email@example.com"

Copy public key to remote server

ssh-copy-id user@hostname

Copy public key with specific key file

ssh-copy-id -i ~/.ssh/id_rsa.pub user@hostname

Add SSH key to ssh-agent

ssh-add ~/.ssh/id_rsa

List keys in ssh-agent

ssh-add -l

Remove all keys from ssh-agent

ssh-add -D

File Transfer

Copy file to remote server

scp local-file user@hostname:/remote/path/

Copy file from remote server

scp user@hostname:/remote/file /local/path/

Copy directory recursively

scp -r local-directory user@hostname:/remote/path/

Copy with specific port

scp -P <port> local-file user@hostname:/remote/path/

Sync directories with rsync

rsync -avz local-directory/ user@hostname:/remote/path/

Sync with delete (mirror)

rsync -avz --delete local-directory/ user@hostname:/remote/path/

Port Forwarding and Tunneling

Local port forwarding

ssh -L <local-port>:<remote-host>:<remote-port> user@hostname

Remote port forwarding

ssh -R <remote-port>:<local-host>:<local-port> user@hostname

Dynamic port forwarding (SOCKS proxy)

ssh -D <local-port> user@hostname

Background tunnel

ssh -f -N -L <local-port>:<remote-host>:<remote-port> user@hostname

Keep tunnel alive

ssh -o ServerAliveInterval=60 -o ServerAliveCountMax=3 user@hostname

SSH Configuration

Edit SSH config file

vim ~/.ssh/config

Example SSH config entry

Host myserver
    HostName example.com
    User username
    Port 2222
    IdentityFile ~/.ssh/id_rsa
    ServerAliveInterval 60

Connect using config alias

ssh myserver

Test SSH config

ssh -T git@github.com

Security and Authentication

Disable password authentication (server-side)

# In /etc/ssh/sshd_config
PasswordAuthentication no
PubkeyAuthentication yes

Change SSH key passphrase

ssh-keygen -p -f ~/.ssh/id_rsa

View SSH key fingerprint

ssh-keygen -lf ~/.ssh/id_rsa.pub

Connect with specific cipher

ssh -c aes256-ctr user@hostname

Disable host key checking (not recommended for production)

ssh -o StrictHostKeyChecking=no user@hostname

Session Management

Run command in background

ssh user@hostname 'nohup command &'

Keep session alive after disconnect

ssh user@hostname
screen -S session-name
# or
tmux new-session -s session-name

Reconnect to screen session

ssh user@hostname
screen -r session-name

Reconnect to tmux session

ssh user@hostname
tmux attach-session -t session-name

Troubleshooting

Debug connection issues

ssh -vvv user@hostname

Check SSH service status

systemctl status ssh
# or
service ssh status

View SSH logs

tail -f /var/log/auth.log
# or
journalctl -u ssh -f

Test specific SSH version

ssh -o Protocol=2 user@hostname

Escape sequences (when connected)

~.  # Disconnect
~^Z # Background SSH
~#  # List forwarded connections
~?  # Help

Common Use Cases

Jump host / bastion server

ssh -J jump-host target-host

Multiple jump hosts

ssh -J host1,host2 target-host

X11 forwarding for GUI applications

ssh -X user@hostname

Compress data transfer

ssh -C user@hostname

Run local script on remote server

ssh user@hostname 'bash -s' < local-script.sh

Mount remote filesystem with SSHFS

sshfs user@hostname:/remote/path /local/mount/point

Quick File Operations

Edit remote file directly

ssh user@hostname 'vim /path/to/file'

Create remote directory

ssh user@hostname 'mkdir -p /path/to/directory'

Check disk space on remote server

ssh user@hostname 'df -h'

View remote file content

ssh user@hostname 'cat /path/to/file'

Tail remote log file

ssh user@hostname 'tail -f /var/log/application.log'