Are you looking for that ultimate SSH Commands cheat sheet?. This SSH Cheat Sheet contains SSH commands you need for your daily administration of Linux Infrastructure. SSH which is also referred to as Secure Shell is a cryptographic network protocol for operating network services securely over an unsecured network.
To start using different ssh command-line options, follow this guide along and feel free to test all these commands. You can practice in Virtual environments like VirtualBox or VMware Workstation instead of running everything in the Production environment.
1. SSH via pem file ( private key)
If you want to access a remote server using a Pem key, the command syntax is:
$ ssh -i /path/to/file.pem [email protected]
A path to private key file follows after -i flag.
2. Connect to a non-standard ssh port:
The default SSH port is 22, to access a remote system with a different service port, use the -p option.
$ ssh -p 2222 [email protected]
Here, we’re connecting to the SSH server running on port 2222. The port has to be allowed on the firewall.
3. Connect and forward the authentication agent
Use the -A option to enable the forwarding of the authentication agent.
$ ssh -A [email protected]
This can also be specified on a per-host basis in a configuration file.
4. Connect and execute a command on a remote server:
At times you want to run a command on bash shell on a remote server. This is achieved by passing the command and its options after the server part.
$ ssh -t [email protected]'the-remote-command'
-t is used to force pseudo-terminal allocation. This can be used to execute arbitrary screen-based programs on a remote machine, which can be very useful, e.g. when implementing menu services.
As an example, let’s connect to a server and do a ping to 188.8.131.52, with a count of 3.
$ ssh outboundmx-01 'ping -c 3 184.108.40.206' PING 220.127.116.11 (18.104.22.168) 56(84) bytes of data. 64 bytes from 22.214.171.124: icmp_seq=1 ttl=60 time=6.74 ms 64 bytes from 126.96.36.199: icmp_seq=2 ttl=60 time=7.27 ms 64 bytes from 188.8.131.52: icmp_seq=3 ttl=60 time=6.77 ms --- 184.108.40.206 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 6.740/6.930/7.271/0.241 ms
SSH session will exit after executing specified commands.
5. Tunnel an X session over SSH:
The -X option in ssh is used to enable X11 forwarding. This can also be specified on a per-host basis in a configuration file. X11 forwarding can be disabled using -x Disables option.
ssh -X [email protected]
An example below will:
- Redirect traffic with a tunnel between localhost (port 8080) and a remote
- host (remote.example.com:5000) through a proxy (personal.server.com):
$ ssh -f -L 8080:remote.example.com:5000 [email protected] -N
-N means do not execute a remote command. This is useful for just forwarding ports.
6. Launch a specific X application over SSH:
Use the -X option to launch an application through ssh session.
$ ssh -X -t [email protected] 'firefox'
This will launch Firefox application and display UI on the local machine.
7. Create a SOCKS proxy tunnel
$ ssh -D 9999 [email protected]
This will create a SOCKS proxy on localhost and port 10000. The way this works is by allocating a socket to listen to port on the local side, optionally bound to the specified bind_address. Whenever a connection is made to this port, the connection is forwarded over the secure channel, and the application protocol is then used to determine where to connect to from the remote machine.
Currently the SOCKS4 and SOCKS5 protocols are supported, and ssh will act as a SOCKS server. Note that only root can forward privileged ports.
8. SSH with data compression and encryption
To request compression of all data (including stdin, stdout, stderr, and data for forwarded X11, TCP and UNIX-domain connections, -C option is used. This is desirable when working with modems and other slow connections systems. Do not use this on faster networks since it will just slow things down.
The compression algorithm is the same used by gzip. -c is used to specify the cipher specification for encrypting the session. More than one listing is done by separating them with commas. Example
$ ssh [email protected] -C -c blowfish -X
-X –> Use an X session
-C –> Do data compression
-c –> Use blowfish encryption for ssh session
9. SSH copy files
An example below shows how to compress files on a remote server and copy to the local system by piping to tar. Compression and uncompression is done using tar command. This is useful if you don’t have scp or rsync which act as ssh clients.
$ ssh [email protected] "cd ~/mydir; \ tar zcf - file1.txt file2.txt" | tar zxf - # confirm if copied $ ls file1.txt file2.txt
10. Force Publick key Copy to a remote server
You’re trying to copy ssh key but keeps getting a failure. You can force the copy using the commands:
$ SSH_OPTS='-F /dev/null' ssh-copy-id [email protected]
11. Save private key passphrase
With ssh, you can configure authentication agent to save password so that you won’t have to re-enter your passphrase every time you use your SSH keys.
eval $(ssh-agent) # Start agent on demand ssh-add # Add default key ssh-add -l # List keys ssh-add ~/.ssh/id_rsa # Add specific key ssh-add -t 3600 ~/.ssh/id_rsa # Add with timeout ssh-add -D # Drop keys
12. Mount folder/filesystem through SSH
Install SSHFS from https://github.com/libfuse/sshfs .
Installation and usage of SSHFS are covered on a different article:
Installing sshfs and using sshfs on Ubuntu / Fedora / Arch
This command will mount remote directory to the local machine.
$ sshfs [email protected]:/path/to/folder /path/to/mount/point
Once done, you can unmount directory using:
$ fusermount -u mountpoint
13. Read files using macs through SSH
Documentation is on Emacs mount Remote files
After installing Emacs, reading of the remote file is done using:
$ emacs /ssh:[email protected]:/path/to/file
14. Deleting IP address/hostname on ~/.ssh/known_hosts file.
Sometimes you want to copy ssh key to a remote server and you get a warning that the IP/hostname already exist in ~/.ssh/known_hosts, to remove the entry, use:
$ ssh-keygen -f .ssh/known_hosts -R ip-or-hostname
16. Update SSH Key passphrase
Use our guide for updating or changing an SSH key passphrase.
How to change or update SSH key Passphrase on Linux / Unix
17. Changing SSH Service Port
The following guide should be helpful.
Changing SSH Port on CentOS/RHEL& Fedora With SELinux Enforcing
Secure Shell (SSH) allows the exchange of data over a secure channel between two computers. This will act as an ultimate ssh cheatsheet for Linux SysAdmins. You can drop a comment for any commands you often used but not covered here, I’ll be happy to update.