SSH Cheatsheet

About SSH

SSH is a method for securely sending commands to a computer over an unsecured network. It uses encryption, authentication, and tunneling to protect data and connections between devices.

Table of Contents

• Basic Commands
• Key Management
• Connection Management
• Port Forwarding
• Configuration
• Security Best Practices
• Advanced Operations

Basic Commands

1. Connection Basics

   ssh username@hostname           # Basic SSH connection
   ssh -p 2222 username@hostname  # Connect to specific port
   ssh -v username@hostname       # Verbose mode for debugging

2. File Transfer

   scp file.txt user@host:/path   # Copy file to remote
   scp user@host:/path/file .     # Copy file from remote
   scp -r folder user@host:/path  # Copy entire directory

3. Remote Command Execution

   ssh user@host 'command'        # Execute remote command
   ssh user@host 'ls -la'         # List remote directory

Key Management

ssh-keygen -t ed25519                     # Generate Ed25519 key (recommended)
ssh-keygen -t rsa -b 4096                 # Generate RSA key
ssh-keygen -t ed25519 -f ~/.ssh/key_name  # Custom key name
ssh-keygen -p -f ~/.ssh/id_ed25519        # Change key passphrase

ssh-copy-id user@hostname                 # Copy public key to server
ssh-copy-id -i ~/.ssh/key_name user@host  # Copy specific key
cat ~/.ssh/id_ed25519.pub | ssh user@host "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"

Connection Management

ssh -N user@host          # Connect without executing commands
ssh -f user@host         # Background connection
ssh -M user@host         # Master mode for connection sharing
ssh -O exit user@host    # Close master connection

Port Forwarding

1. Local Forwarding

   ssh -L 8080:localhost:80 user@host     # Forward local port to remote
   ssh -L 3306:remote-host:3306 user@host # Database port forwarding

2. Remote Forwarding

   ssh -R 8080:localhost:80 user@host     # Forward remote port to local
   ssh -R 52698:localhost:52698 user@host # Remote forwarding for tools

3. Dynamic Forwarding

   ssh -D 9090 user@host                  # SOCKS proxy
   ssh -D 1080 -C -q -N user@host        # Quiet SOCKS proxy

Configuration

Host myserver
    HostName example.com
    User username
    Port 2222
    IdentityFile ~/.ssh/special_key

Port 22
PermitRootLogin no
PasswordAuthentication no
PubkeyAuthentication yes

Security Best Practices

1. Key Security

   • Use Ed25519 or RSA-4096 keys
   • Always protect private keys with strong passphrases
   • Store private keys securely
   • Regularly rotate keys

2. Server Hardening

   • Disable password authentication
   • Use non-standard ports
   • Implement fail2ban
   • Keep software updated
   • Use allowlists for IP addresses

3. Connection Security

   • Use SSH config files for consistent settings
   • Enable only required authentication methods
   • Limit user access rights
   • Use connection timeouts

Advanced Operations

eval $(ssh-agent)                # Start SSH agent
ssh-add                         # Add default keys
ssh-add ~/.ssh/specific_key     # Add specific key
ssh-add -l                      # List added keys

# HTTP proxy
ssh -L 8080:localhost:3000 user@host

# Database tunnel
ssh -L 5432:database:5432 user@host

# X11 forwarding
ssh -X user@host

ssh -vv user@host              # Very verbose output
ssh -T git@github.com          # Test GitHub SSH connection
ssh-keygen -y -f private_key   # Verify key pair

Common Use Cases

1. Remote Development

   • Set up SSH keys
   • Configure VS Code Remote
   • Set up port forwarding
   • Use SSH agent forwarding

2. Server Management

   • Create maintenance scripts
   • Set up monitoring
   • Configure automated backups
   • Implement security policies

3. Database Access

   • Set up secure tunnels
   • Configure connection sharing
   • Implement access controls