Keyboard shortcuts

Press ← or β†’ to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

SSH Cheat Sheet

Whether you need a quick recap of SSH commands or you’re learning SSH from scratch, this guide will help. SSH is a must-have tool for network administrators and anyone who needs to log in to remote systems securely.

πŸ”‘ What Is SSH?

SSH (Secure Shell / Secure Socket Shell) is a network protocol that allows secure access to network services over unsecured networks.

Key tools included in the suite:

  • ssh-keygen β†’ Create SSH authentication key pairs.
  • scp (Secure Copy Protocol) β†’ Copy files securely between hosts.
  • sftp (Secure File Transfer Protocol) β†’ Securely send/receive files.

By default, an SSH server listens on TCP port 22.

πŸ“ Basic SSH Commands

CommandDescription
ssh user@hostConnect to remote server
ssh pi@raspberryConnect as pi on default port 22
ssh pi@raspberry -p 3344Connect on custom port 3344
ssh -i /path/file.pem admin@192.168.1.1Connect using private key file
ssh root@192.168.2.2 'ls -l'Execute remote command
ssh user@192.168.3.3 bash < script.shRun script remotely
ssh friend@Best.local "tar cvzf - ~/ffmpeg" > output.tgzDownload compressed directory

πŸ” Key Management

CommandDescription
ssh-keygenGenerate SSH keys
ssh-keygen -F [host]Find entry in known_hosts
ssh-keygen -R [host]Remove entry from known_hosts
ssh-keygen -y -f private.key > public.pubGenerate public key from private
ssh-keygen -t rsa -b 4096 -C "email@example.com"Generate new RSA 4096-bit key

πŸ“‚ File Transfers

SCP (Secure Copy)

CommandDescription
scp user@server:/file dest/Copy remote β†’ local
scp file user@server:/pathCopy local β†’ remote
scp user1@server1:/file user2@server2:/pathCopy between two servers
scp -r user@server:/folder dest/Copy directory recursively
scp -P 8080 file user@server:/pathConnect on port 8080
scp -CEnable compression
scp -vVerbose output

SFTP (Secure File Transfer)

CommandDescription
sftp user@serverConnect to server via SFTP
sftp -P 8080 user@serverConnect on port 8080
sftp -r dir user@server:/pathRecursively transfer directory

βš™οΈ SSH Configurations & Options

CommandDescription
man ssh_configSSH client configuration manual
cat /etc/ssh/ssh_configView system-wide SSH client config
cat /etc/ssh/sshd_configView system-wide SSH server config
cat ~/.ssh/configView user-specific config
cat ~/.ssh/known_hostsView logged-in hosts

SSH Agent & Keys

CommandDescription
ssh-agentStart agent to hold private keys
ssh-add ~/.ssh/id_rsaAdd key to agent
ssh-add -lList cached keys
ssh-add -DDelete all cached keys
ssh-copy-id user@serverCopy keys to remote server

πŸ–₯️ Remote Server Management

After logging into a remote server:

  • cd β†’ Change directory
  • ls β†’ List files
  • mkdir β†’ Create directory
  • mv β†’ Move/rename files
  • nano/vim β†’ Edit files
  • ps β†’ List processes
  • kill β†’ Stop process
  • top β†’ Monitor resources
  • exit β†’ Close SSH session

πŸš€ Advanced SSH Commands

X11 Forwarding (GUI Apps over SSH)

  • Client ~/.ssh/config:

    Host *
  ForwardAgent yes
  ForwardX11 yes

  • Server /etc/ssh/sshd_config:

    X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost no
CommandDescription
sshfs user@server:/path /local/mountMount remote filesystem locally
ssh -C user@hostEnable compression
ssh -X user@serverEnable X11 forwarding
ssh -Y user@serverEnable trusted X11 forwarding

πŸ”’ SSH Tunneling

Local Port Forwarding -L

ssh -L local_port:destination:remote_port user@server

Example: ssh -L 2222:10.0.1.5:3333 root@192.168.0.1

Remote Port Forwarding -R

ssh -R remote_port:destination:destination_port user@server

Example: ssh -R 8080:192.168.3.8:3030 -N -f user@remote.host

Dynamic Port Forwarding -D (SOCKS Proxy)

ssh -D 6677 -q -C -N -f user@host

ProxyJump -J (Bastion Host)

ssh -J user@proxy_host user@target_host

πŸ›‘οΈ Security Best Practices

  • Disable unused features: AllowTcpForwarding no, X11Forwarding no.
  • Change default port from 22 to something else.
  • Use SSH certificates with ssh-keygen.
  • Restrict logins with AllowUsers in sshd_config.
  • Use bastion hosts for added security.

βœ… Conclusion

This cheat sheet covered:

  • Basic SSH connections
  • File transfers (SCP/SFTP)
  • Key management & configs
  • Remote management commands
  • Advanced tunneling & forwarding

SSH remains an indispensable tool for IT professionals and security practitioners.