SSH Cheat Sheet

title: SSH date: 2021-01-27 11:48:05 background: bg-blue-400 tags: - protocol - remote - network - 22 categories: - Linux Command intro: | This quick reference cheat sheet provides various for using SSH. plugins: - copyCode

Getting Started

Connecting

Connect to a server (default port 22)

$ ssh root@192.168.1.5

Connect on a specific port

$ ssh root@192.168.1.5 -p 6222

Connect via pem file (0400 permissions)

$ ssh -i /path/file.pem root@192.168.1.5

See: SSH Permissions

Executing

Executes remote command

$ ssh root@192.168.1.5 'ls -l'

Invoke a local script

$ ssh root@192.168.1.5 bash < script.sh

Compresses and downloads from a server

$ ssh root@192.168.1.5 "tar cvzf - ~/source" > output.tgz

SCP {.row-span-2}

Copies from remote to local

$ scp user@server:/dir/file.ext dest/

Copies between two servers

$ scp user@server:/file user@server:/dir

Copies from local to remote

$ scp dest/file.ext user@server:/dir

Copies a whole folder

$ scp -r user@server:/dir dest/

Copies all files from a folder

$ scp user@server:/dir/* dest/

Copies from a server folder to the current folder

$ scp user@server:/dir/* .

Config location

File Path	Description
`/etc/ssh/ssh_config`	System-wide config
`~/.ssh/config`	User-specific config
`~/.ssh/id_{type}`	Private key
`~/.ssh/id_{type}.pub`	Public key
`~/.ssh/known_hosts`	Known Servers
`~/.ssh/authorized_keys`	Authorized login key

SCP Options

Options	Description
scp `-r`	Recursively copy entire directories
scp `-C`	Compresses data
scp `-v`	Prints verbose info
scp `-P` 8080	Uses a specific Port
scp `-B`	Batch mode (Prevents password)
scp `-p`	Preserves times and modes

Config sample

Host server1
    HostName 192.168.1.5
    User root
    Port 22
    IdentityFile ~/.ssh/server1.key

Launch by alias

$ ssh server1

See: Full Config Options

ProxyJump

$ ssh -J proxy_host1 remote_host2

$ ssh -J user@proxy_host1 user@remote_host2

Multiple jumps

$ ssh -J user@proxy_host1:port1,user@proxy_host2:port2 user@remote_host3

ssh-copy-id

$ ssh-copy-id user@server

Copy to alias server

$ ssh-copy-id server1

Copy specific key

$ ssh-copy-id -i ~/.ssh/id_rsa.pub user@server

SSH keygen {.cols-5}

ssh-keygen {.col-span-2}

$ ssh-keygen -t rsa -b 4096 -C "your@mail.com"

-	-	-
	`-t`	Type of key
	`-b`	The number of bits in the key
	`-C`	Provides a new comment

{.left-text}

Generate an RSA 4096 bit key with email as a comment

Generate {.col-span-2 .row-span-2}

Generate a key interactively

$ ssh-keygen

Specify filename

$ ssh-keygen -f ~/.ssh/filename

Generate public key from private key

$ ssh-keygen -y -f private.key > public.pub

Change comment

$ ssh-keygen -c -f ~/.ssh/id_rsa

Change private key passphrase

$ ssh-keygen -p -f ~/.ssh/id_rsa

Key type

rsa
ed25519
dsa
ecdsa

known_hosts {.col-span-2}

Search from known_hosts

$ ssh-keygen -F <ip/hostname>

Remove from known_hosts

$ ssh-keygen -R <ip/hostname>

Key format

PEM
PKCS8

SSH Tunneling

SSH Tunnel Options {.row-span-2}

Option	Description
`-L`	Local port forwarding
`-R`	Remote port forwarding
`-D`	Dynamic port forwarding
`-f`	Run in background
`-N`	Do not execute a remote command
`-g`	Allow remote hosts to connect to local forwarded ports

{.left-text}

more details on flag above with man ssh

Local Port Forwarding {.col-span-2}

# Forward a local port to a remote server
ssh -L local_port:remote_host:remote_port user@ssh_server

# Example: Forward local port 8080 to remote port 80 on example.com
ssh -L 8080:example.com:80 user@ssh_server

Dynamic Port Forwarding {.col-span-2}

# Create a SOCKS proxy on a local port
ssh -D local_port user@ssh_server

# Create a SOCKS proxy on local port 1080 in the background
ssh -f -N -D 1080 user@ssh_server

Background Tunnel {.col-span-3}

# Create a local port forwarding tunnel in the background
ssh -f -N -L local_port:remote_host:remote_port user@ssh_server

Multiple Tunnels {.col-span-3}

# Create multiple tunnels in a single SSH command
ssh -L 8080:example.com:80 -L 3306:db.example.com:3306 user@ssh_server

Combining Options {.col-span-3}

# In background, no command, allow remote host, local port forward, identity_file
ssh -f -N -g -L 8080:example.com:80 -i ~/.ssh/custom_key user@ssh_server

Also see

OpenSSH Config File Examples (cyberciti.biz)
ssh_config (linux.die.net)
man-ssh

Getting Started

Connecting

Connect to a server (default port 22)

SHELL

滚动查看更多

$ ssh root@192.168.1.5

Connect on a specific port

SHELL

滚动查看更多

$ ssh root@192.168.1.5 -p 6222

Connect via pem file (0400 permissions)

SHELL

滚动查看更多

$ ssh -i /path/file.pem root@192.168.1.5

See: SSH Permissions

Executing

Executes remote command

SHELL

滚动查看更多

$ ssh root@192.168.1.5 'ls -l'

Invoke a local script

SHELL

滚动查看更多

$ ssh root@192.168.1.5 bash < script.sh

Compresses and downloads from a server

SHELL

滚动查看更多

$ ssh root@192.168.1.5 "tar cvzf - ~/source" > output.tgz

SCP

Copies from remote to local

SHELL

滚动查看更多

$ scp user@server:/dir/file.ext dest/

Copies between two servers

SHELL

滚动查看更多

$ scp user@server:/file user@server:/dir

Copies from local to remote

SHELL

滚动查看更多

$ scp dest/file.ext user@server:/dir

Copies a whole folder

SHELL

滚动查看更多

$ scp -r user@server:/dir dest/

Copies all files from a folder

SHELL

滚动查看更多

$ scp user@server:/dir/* dest/

Copies from a server folder to the current folder

SHELL

滚动查看更多

$ scp user@server:/dir/* .

Config location

File Path	Description
`/etc/ssh/ssh_config`	System-wide config
`~/.ssh/config`	User-specific config
`~/.ssh/id_{type}`	Private key
`~/.ssh/id_{type}.pub`	Public key
`~/.ssh/known_hosts`	Known Servers
`~/.ssh/authorized_keys`	Authorized login key

SCP Options

Options	Description
scp `-r`	<yel>R</yel>ecursively copy entire directories
scp `-C`	<yel>C</yel>ompresses data
scp `-v`	Prints <yel>v</yel>erbose info
scp `-P` 8080	Uses a specific <yel>P</yel>ort
scp `-B`	<yel>B</yel>atch mode (Prevents password)
scp `-p`	<yel>P</yel>reserves times and modes

Config sample

TOML

滚动查看更多

Host server1
    HostName 192.168.1.5
    User root
    Port 22
    IdentityFile ~/.ssh/server1.key

Launch by alias

SHELL

滚动查看更多

$ ssh server1

See: Full Config Options

ProxyJump

SHELL

滚动查看更多

$ ssh -J proxy_host1 remote_host2

SHELL

滚动查看更多

$ ssh -J user@proxy_host1 user@remote_host2

Multiple jumps

SHELL

滚动查看更多

$ ssh -J user@proxy_host1:port1,user@proxy_host2:port2 user@remote_host3

ssh-copy-id

SHELL

滚动查看更多

$ ssh-copy-id user@server

Copy to alias server

SHELL

滚动查看更多

$ ssh-copy-id server1

Copy specific key

SHELL

滚动查看更多

$ ssh-copy-id -i ~/.ssh/id_rsa.pub user@server

SSH keygen

ssh-keygen

SHELL

滚动查看更多

$ ssh-keygen -t rsa -b 4096 -C "your@mail.com"

-	-	-
	`-t`	Type of key
	`-b`	The number of bits in the key
	`-C`	Provides a new comment

{.left-text}

Generate an RSA 4096 bit key with email as a comment

Generate

Generate a key interactively

SHELL

滚动查看更多

$ ssh-keygen

Specify filename

SHELL

滚动查看更多

$ ssh-keygen -f ~/.ssh/filename

Generate public key from private key

SHELL

滚动查看更多

$ ssh-keygen -y -f private.key > public.pub

Change comment

SHELL

滚动查看更多

$ ssh-keygen -c -f ~/.ssh/id_rsa

Change private key passphrase

SHELL

滚动查看更多

$ ssh-keygen -p -f ~/.ssh/id_rsa

Key type

rsa
ed25519
dsa
ecdsa

known_hosts

Search from known_hosts

SHELL

滚动查看更多

$ ssh-keygen -F <ip/hostname>

Remove from known_hosts

SHELL

滚动查看更多

$ ssh-keygen -R <ip/hostname>

Key format

PEM
PKCS8

SSH Tunneling

SSH Tunnel Options

Option	Description
`-L`	Local port forwarding
`-R`	Remote port forwarding
`-D`	Dynamic port forwarding
`-f`	Run in background
`-N`	Do not execute a remote command
`-g`	Allow remote hosts to connect to local forwarded ports

{.left-text}

more details on flag above with man ssh

Local Port Forwarding

BASH

滚动查看更多

# Forward a local port to a remote server
ssh -L local_port:remote_host:remote_port user@ssh_server

# Example: Forward local port 8080 to remote port 80 on example.com
ssh -L 8080:example.com:80 user@ssh_server

Dynamic Port Forwarding

BASH

滚动查看更多

# Create a SOCKS proxy on a local port
ssh -D local_port user@ssh_server

# Create a SOCKS proxy on local port 1080 in the background
ssh -f -N -D 1080 user@ssh_server

Background Tunnel

BASH

滚动查看更多

# Create a local port forwarding tunnel in the background
ssh -f -N -L local_port:remote_host:remote_port user@ssh_server

Multiple Tunnels

BASH

滚动查看更多

# Create multiple tunnels in a single SSH command
ssh -L 8080:example.com:80 -L 3306:db.example.com:3306 user@ssh_server

Combining Options

BASH

滚动查看更多

# In background, no command, allow remote host, local port forward, identity_file
ssh -f -N -g -L 8080:example.com:80 -i ~/.ssh/custom_key user@ssh_server

SSH Cheat Sheet

title: SSH date: 2021-01-27 11:48:05 background: bg-blue-400 tags: - protocol - remote - network - 22 categories: - Linux Command intro: | This quick reference cheat sheet provides various for using SSH. plugins: - copyCode

Getting Started

Connecting

Executing

SCP {.row-span-2}

Config location

SCP Options

Config sample

ProxyJump

ssh-copy-id

SSH keygen {.cols-5}

ssh-keygen {.col-span-2}

Generate {.col-span-2 .row-span-2}

Key type

known_hosts {.col-span-2}

Key format

SSH Tunneling

SSH Tunnel Options {.row-span-2}

Local Port Forwarding {.col-span-2}

Dynamic Port Forwarding {.col-span-2}

Background Tunnel {.col-span-3}

Multiple Tunnels {.col-span-3}

Combining Options {.col-span-3}

Also see

SSH

Getting Started

SSH keygen

SSH Tunneling

Also see

相关 Cheat Sheets

Linux

Bash

Curl

Tmux

AWK