SSH Skill

Use SSH for secure remote access, file transfers, and tunneling.

Basic Connection

Connect to server:

ssh user@hostname

Connect on specific port:

ssh -p 2222 user@hostname

Connect with specific identity:

ssh -i ~/.ssh/my_key user@hostname

SSH Config

Config file location:

~/.ssh/config

Example config entry:

Host myserver
    HostName 192.168.1.100
    User deploy
    Port 22
    IdentityFile ~/.ssh/myserver_key
    ForwardAgent yes

Then connect with just:

ssh myserver

Running Remote Commands

Execute single command:

ssh user@host "ls -la /var/log"

Execute multiple commands:

ssh user@host "cd /app && git pull && pm2 restart all"

Run with pseudo-terminal (for interactive):

ssh -t user@host "htop"

File Transfer with SCP

Copy file to remote:

scp local.txt user@host:/remote/path/

Copy file from remote:

scp user@host:/remote/file.txt ./local/

Copy directory recursively:

scp -r ./local_dir user@host:/remote/path/

File Transfer with rsync (preferred)

Sync directory to remote:

rsync -avz ./local/ user@host:/remote/path/

Sync from remote:

rsync -avz user@host:/remote/path/ ./local/

With progress and compression:

rsync -avzP ./local/ user@host:/remote/path/

Dry run first:

rsync -avzn ./local/ user@host:/remote/path/

Port Forwarding (Tunnels)

Local forward (access remote service locally):

ssh -L 8080:localhost:80 user@host
# Now localhost:8080 connects to host's port 80

Local forward to another host:

ssh -L 5432:db-server:5432 user@jumphost
# Access db-server:5432 via localhost:5432

Remote forward (expose local service to remote):

ssh -R 9000:localhost:3000 user@host
# Remote's port 9000 connects to your local 3000

Dynamic SOCKS proxy:

ssh -D 1080 user@host
# Use localhost:1080 as SOCKS5 proxy

Jump Hosts / Bastion

Connect through jump host:

ssh -J jumphost user@internal-server

Multiple jumps:

ssh -J jump1,jump2 user@internal-server

In config file:

Host internal
    HostName 10.0.0.50
    User deploy
    ProxyJump bastion

Key Management

Generate new key (Ed25519, recommended):

ssh-keygen -t ed25519 -C "your_email@example.com"

Generate RSA key (legacy compatibility):

ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

Copy public key to server:

ssh-copy-id user@host

Copy specific key:

ssh-copy-id -i ~/.ssh/mykey.pub user@host

SSH Agent

Start agent:

eval "$(ssh-agent -s)"

Add key to agent:

ssh-add ~/.ssh/id_ed25519

Add with macOS keychain:

ssh-add --apple-use-keychain ~/.ssh/id_ed25519

List loaded keys:

ssh-add -l

Multiplexing (Connection Sharing)

In ~/.ssh/config:

Host *
    ControlMaster auto
    ControlPath ~/.ssh/sockets/%r@%h-%p
    ControlPersist 600

Create socket directory:

mkdir -p ~/.ssh/sockets

Known Hosts

Remove old host key:

ssh-keygen -R hostname

Scan and add host key:

ssh-keyscan hostname >> ~/.ssh/known_hosts

Debugging

Verbose output:

ssh -v user@host

Very verbose:

ssh -vv user@host

Maximum verbosity:

ssh -vvv user@host

Security Tips

Use Ed25519 keys (faster, more secure than RSA)
Set PasswordAuthentication no on servers
Use fail2ban on servers to block brute force
Keep keys encrypted with passphrases
Use ssh-agent to avoid typing passphrase repeatedly
Restrict key usage with command= in authorized_keys

ssh

Safety Notice

Copy this and send it to your AI assistant to learn