SSH Cheat Sheet

Cheet says: Secure Shell = Secure You!

Basic Connection



Connect
ssh user@host
ssh -p 2222 user@host      # Custom port
ssh -i ~/.ssh/mykey user@host  # Specific key

Key Management



Generate key (Ed25519 - recommended)
ssh-keygen -t ed25519 -C "your@email.com"


Generate key (RSA - legacy compatibility)
ssh-keygen -t rsa -b 4096 -C "your@email.com"


Copy key to server
ssh-copy-id user@host
ssh-copy-id -i ~/.ssh/mykey.pub user@host


Manual key copy
cat ~/.ssh/id_ed25519.pub | ssh user@host "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"

SSH Config File

`~/.ssh/config`: Host myserver HostName 192.168.1.100 User admin Port 2222 IdentityFile ~/.ssh/mykey Host github.com HostName github.com User git IdentityFile ~/.ssh/github_key Host * AddKeysToAgent yes IdentitiesOnly yes Then just: `ssh myserver`

Port Forwarding



Local forward (access remote service locally)
ssh -L 8080:localhost:80 user@host

Now localhost:8080 → remote's localhost:80


Remote forward (expose local service remotely)
ssh -R 8080:localhost:3000 user@host

Now remote:8080 → your localhost:3000


Dynamic SOCKS proxy
ssh -D 1080 user@host

Configure browser to use localhost:1080 as SOCKS proxy

File Transfer



SCP (copy)
scp file.txt user@host:/path/
scp user@host:/path/file.txt .
scp -r folder user@host:/path/  # Recursive


SFTP (interactive)
sftp user@host

Then: put, get, ls, cd, etc.


Rsync over SSH (best for large transfers)
rsync -avz -e ssh ./folder user@host:/path/

Server Hardening

Edit `/etc/ssh/sshd_config`: 


Disable root login
PermitRootLogin no


Disable password auth (key only)
PasswordAuthentication no
PubkeyAuthentication yes


Change port
Port 2222


Limit users
AllowUsers alice bob


Disconnect idle sessions
ClientAliveInterval 300
ClientAliveCountMax 2
Then: `sudo systemctl restart sshd`

SSH Agent



Start agent
eval "$(ssh-agent -s)"


Add key
ssh-add ~/.ssh/id_ed25519


List keys
ssh-add -l


Forward agent (use local keys on remote)
ssh -A user@host

Troubleshooting



Verbose connection
ssh -v user@host
ssh -vvv user@host  # More verbose


Test config
sudo sshd -t


Check permissions (important!)
chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_ed25519
chmod 644 ~/.ssh/id_ed25519.pub
chmod 600 ~/.ssh/authorized_keys


Check auth log
sudo tail -f /var/log/auth.log
sudo journalctl -u sshd -f

Pro Tips



Keep connection alive
ssh -o ServerAliveInterval=60 user@host


Run command and exit
ssh user@host "ls -la"


Escape sequences (in session)
~.  Disconnect
~^Z Suspend
~?  Help


Jump through bastion
ssh -J bastion user@internal


Multiplexing (faster reconnects)
Add to ~/.ssh/config:
Host *
    ControlMaster auto
    ControlPath ~/.ssh/sockets/%r@%h-%p
    ControlPersist 600

i1.is · Cheet · Security