ssh
15 commands
15 shown
Connect with specific key
Specify an identity file explicitly
ssh -i ~/.ssh/id_ed25519 user@host
ProxyJump through bastion
Single-hop jump through bastion host
ssh -J bastion.example.com user@internal-host
Multi-hop jump chain
Chain multiple jump hosts in one command
ssh -J user@bastion1,user@bastion2 user@target
Local port forward
Forward localhost:5432 to db.internal:5432 via bastion
ssh -L 5432:db.internal:5432 user@bastion -N
Remote port forward
Expose local port 3000 as port 8080 on VPS
ssh -R 8080:localhost:3000 user@vps -N
Dynamic SOCKS proxy
Create a local SOCKS5 proxy tunnelled through VPS
ssh -D 1080 user@vps -N -f
SSH multiplexing (ControlMaster)
Reuse existing connection for subsequent SSH commands
ssh -o ControlMaster=auto -o ControlPath=~/.ssh/mux-%r@%h:%p -o ControlPersist=10m user@host
Run remote command
Execute a command over SSH without interactive shell
ssh user@host 'sudo systemctl status nginx'
Copy file via SCP
Recursive copy on non-standard port
scp -r -P 2222 ./dist/ user@host:/var/www/app/
Agent forwarding
Forward local SSH agent to the remote host (use with caution)
ssh -A user@bastion
Add key to agent
Start agent and load a key for the session
eval $(ssh-agent) && ssh-add ~/.ssh/id_ed25519
SSH config file host entry
Shorthand alias: 'ssh dev' triggers all options
cat >> ~/.ssh/config <<'EOF'
Host dev
HostName 10.0.0.5
User ubuntu
IdentityFile ~/.ssh/dev_key
ProxyJump bastion
EOF
Escape sequences in session
Terminate a frozen/hung SSH session: type tilde then dot
~.
Check SSH server host key
Fetch and fingerprint server host keys without connecting
ssh-keyscan -t ed25519,rsa host 2>/dev/null | ssh-keygen -lf -
Restrict authorized key
Force-command and restrict source IP in authorized_keys
echo 'from="10.0.0.0/8",no-agent-forwarding,no-port-forwarding,command="/usr/bin/backup.sh" <pubkey>' >> ~/.ssh/authorized_keys
no commands match