Linux & Terminal51 entries
SSH Commands
SSH connections, key management, SCP/SFTP transfers, tunnels, and security hardening
1Basic Connections
ssh user@host | Connect to remote host |
ssh user@host -p 2222 | Connect on custom port |
ssh -i ~/.ssh/key.pem user@host | Connect with specific key file |
ssh -v user@host | Verbose mode for debugging |
ssh -o StrictHostKeyChecking=no user@host | Skip host key verification |
ssh -J jump@bastion user@target | Connect via jump host (ProxyJump) |
ssh user@host "command" | Run single command remotely |
ssh -t user@host "sudo command" | Force TTY allocation for sudo |
2Key Management
ssh-keygen -t ed25519 -C "email@example.com" | Generate Ed25519 key pair |
ssh-keygen -t rsa -b 4096 | Generate 4096-bit RSA key pair |
ssh-copy-id user@host | Copy public key to remote host |
ssh-keygen -l -f ~/.ssh/id_ed25519.pub | Show key fingerprint |
ssh-keygen -p -f ~/.ssh/id_ed25519 | Change passphrase on existing key |
ssh-keygen -R hostname | Remove host from known_hosts |
cat ~/.ssh/id_ed25519.pub | Display public key for copying |
3SSH Agent
eval "$(ssh-agent -s)" | Start SSH agent in current shell |
ssh-add ~/.ssh/id_ed25519 | Add key to SSH agent |
ssh-add -l | List keys loaded in agent |
ssh-add -D | Remove all keys from agent |
ssh-add -t 3600 ~/.ssh/key | Add key with 1-hour lifetime |
ssh -A user@host | Forward agent to remote host |
4File Transfer (SCP & SFTP)
scp file.txt user@host:/remote/path/ | Copy file to remote host |
scp user@host:/remote/file.txt ./local/ | Copy file from remote host |
scp -r ./dir user@host:/remote/ | Copy directory recursively |
scp -P 2222 file.txt user@host:/path/ | Copy via custom port |
sftp user@host | Start interactive SFTP session |
sftp> put localfile remotepath | Upload file via SFTP |
sftp> get remotefile localpath | Download file via SFTP |
rsync -avz ./src user@host:/dest | Sync files efficiently over SSH |
5Port Forwarding & Tunnels
ssh -L 8080:localhost:80 user@host | Local port forward (access remote:80 via local:8080) |
ssh -R 9090:localhost:3000 user@host | Remote port forward (expose local:3000) |
ssh -D 1080 user@host | Dynamic SOCKS proxy tunnel |
ssh -L 5432:db-server:5432 user@bastion | Tunnel to internal database |
ssh -fN -L 8080:localhost:80 user@host | Background tunnel (no shell) |
ssh -O exit user@host | Close a background tunnel |
6SSH Config File
Host myserver | Define a connection alias |
HostName 192.168.1.100 | Server address for alias |
User deploy | Default username for connection |
Port 2222 | Custom port for connection |
IdentityFile ~/.ssh/deploy_key | Specific key for this host |
ProxyJump bastion | Jump through another host |
Host * | Wildcard: apply to all connections |
ServerAliveInterval 60 | Send keepalive every 60 seconds |
7Security & Hardening
PermitRootLogin no | Disable root SSH login (sshd_config) |
PasswordAuthentication no | Disable password login (key only) |
AllowUsers deploy admin | Allow only specific users |
Port 2222 | Change default SSH port |
MaxAuthTries 3 | Limit authentication attempts |
sudo systemctl restart sshd | Restart SSH daemon after changes |
chmod 700 ~/.ssh | Correct .ssh directory permissions |
chmod 600 ~/.ssh/id_ed25519 | Correct private key permissions |