Restrict authorized key ssh
Force-command and restrict source IP in authorized_keys
echo 'from="10.0.0.0/8",no-agent-forwarding,no-port-forwarding,command="/usr/bin/backup.sh" <pubkey>' >> ~/.ssh/authorized_keys
more ssh
all 15 commands →
Connect with specific key
ssh -i ~/.ssh/id_ed25519 user@host
ProxyJump through bastion
ssh -J bastion.example.com user@internal-host
Multi-hop jump chain
ssh -J user@bastion1,user@bastion2 user@target
Local port forward
ssh -L 5432:db.internal:5432 user@bastion -N
Remote port forward
ssh -R 8080:localhost:3000 user@vps -N