LinuxCommandLibrary

ssh

TLDR

Connect to a remote server

$ ssh [user]@[hostname]
copy
Connect on a specific port
$ ssh -p [port] [user]@[hostname]
copy
Connect with a specific identity file (private key)
$ ssh -i [~/.ssh/id_rsa] [user]@[hostname]
copy
Run a command on remote server
$ ssh [user]@[hostname] "[command]"
copy
Create a local port forward (tunnel)
$ ssh -L [local_port]:[target_host]:[target_port] [user]@[hostname]
copy
Create a remote port forward
$ ssh -R [remote_port]:localhost:[local_port] [user]@[hostname]
copy
Create a SOCKS proxy
$ ssh -D [port] [user]@[hostname]
copy
Enable X11 forwarding
$ ssh -X [user]@[hostname]
copy
Copy SSH key to server for passwordless login
$ ssh-copy-id [user]@[hostname]
copy

SYNOPSIS

ssh [-p port] [-i identityfile] [**-L** forward] [user**@**]hostname [command_]

DESCRIPTION

ssh (Secure Shell) provides secure encrypted communication between hosts over an insecure network. It's the primary tool for remote server administration and secure file transfer.
Authentication can use passwords or public key cryptography. Key-based authentication is more secure and convenient; generate keys with ssh-keygen and copy public keys to servers with ssh-copy-id.
Port forwarding creates encrypted tunnels for other traffic. Local forwarding (-L) makes a remote service available locally. Remote forwarding (-R) exposes a local service on the remote host. Dynamic forwarding (-D) creates a SOCKS proxy.
Configuration in ~/.ssh/config can define hosts with custom settings (port, user, identity file, proxy), making complex connections simple.

PARAMETERS

-p port

Connect to specified port (default: 22)
-i identityfile_
Use specified private key file
-l loginname_
Specify username (alternative to user@host)
-L [bind:]port:host:port
Local port forwarding
-R [bind:]port:host:port
Remote port forwarding
-D [bind:]port
Dynamic port forwarding (SOCKS proxy)
-N
Do not execute remote command (for tunnels)
-f
Go to background after authentication
-X
Enable X11 forwarding
-Y
Enable trusted X11 forwarding
-A
Enable agent forwarding
-C
Enable compression
-v
Verbose mode (use -vvv for more detail)
-o option
Set configuration option
-J jumphost_
Connect via jump host (ProxyJump)
-t
Force pseudo-terminal allocation

CONFIGURATION

~/.ssh/config

Per-user configuration file defining host aliases, default ports, usernames, identity files, proxy settings, and other connection options.
~/.ssh/known_hosts
Database of previously verified host keys, used to detect server impersonation.
/etc/ssh/ssh_config
System-wide SSH client configuration applied to all users.

CAVEATS

First connection to a new host shows a fingerprint warning. Verify the fingerprint through a trusted channel before accepting.
Agent forwarding (-A) is convenient but risky on untrusted servers. Consider ProxyJump instead.
Keep private keys secure with permissions 600. Protect keys with passphrases and use ssh-agent to avoid repeated passphrase entry.
Firewall rules may block SSH. Port 22 is commonly filtered; consider running SSH on alternate ports for such networks.

SEE ALSO

scp(1), sftp(1), ssh-keygen(1), ssh-copy-id(1), ssh-agent(1)

> TERMINAL_GEAR

Curated for the Linux community

Copied to clipboard

> TERMINAL_GEAR

Curated for the Linux community