My ssh cheatsheet
ssh (SSH client) is a program for logging into a remote machine and for executing commands on a remote machine. It is intended to provide secure encrypted communications between two untrusted hosts over an insecure network.
SSH is commonly used for:
- Secure remote server management
- File transfers
- Tunneling and port forwarding
- Deployment and automation
Basic SSH Commands
Connect to a remote server:
ssh username@remote_host
Use a specific identity (private key):
ssh -i path/to/key_file username@remote_host
Use a specific port:
ssh username@remote_host -p 2222
Run a command remotely:
ssh remote_host command -with -flags
Advanced SSH Usage
Dynamic port forwarding (SOCKS proxy on localhost:9999):
ssh -D 9999 -C username@remote_host
SSH jumping: Connect through a jumphost (multiple hops separated by commas):
ssh -J username@jump_host username@remote_host
Public key authentication
Local system has a cryptographic key pair - public key and private key. The server is configured to recognize the public key by adding it to ~/.ssh/authorized_keys. Anyone that has the corresponding private key will be granted access to the server.
How to set up public key authentication
- Generate a key pair:
ssh-keygen -t rsa -b 4096 -C "your_email@example.com" - Copy your public key to the server:
ssh-copy-id username@remote_host - Verify that your public key is in
~/.ssh/authorized_keyson the server.
Security tip: Never share your private key. Keep it secure and consider using a passphrase.
Client config setting
Instead of annoyingly typing
ssh root@11.111.222.333 -p 2333
We can actually set the ssh config in ~/.ssh/config with
Host remoteServer # host name alias that is easy to memorize
HostName 11.111.222.333 # host ip or host name
User root # user
Port 2333 # port
IdentityFile ~/.ssh/id_rsa # private key location
Then we can do the equivalent with easy typing:
ssh remoteServer