📖 Guide

SSH Cheat Sheet — Complete Reference

Complete SSH reference covering connections, key management, tunneling, config, SCP/SFTP, and security hardening.

102 commands across 9 categories

Basic Connections Key Management SSH Config File Port Forwarding & Tunneling SCP File Transfer SFTP SSH Agent Security Hardening Troubleshooting

Basic Connections

Command	Description
`ssh user@host` e.g. ssh daniel@192.168.1.100	Connect to remote host
`ssh -p 2222 user@host`	Connect on a custom port
`ssh -i ~/.ssh/key.pem user@host`	Connect using a specific private key
`ssh -v user@host`	Verbose mode — debug connection issues
`ssh -vv user@host`	More verbose debugging
`ssh user@host 'command'` e.g. ssh user@host 'uptime'	Run a single command remotely
`ssh user@host 'bash -s' < script.sh`	Run a local script on remote host
`ssh -t user@host 'top'`	Force pseudo-terminal (needed for interactive commands)
`ssh -N user@host`	Connect without executing a command (for tunneling)
`ssh -f user@host -L 8080:localhost:80 -N`	Background SSH tunnel
`ssh -o ConnectTimeout=5 user@host`	Set connection timeout to 5 seconds
`ssh -o StrictHostKeyChecking=no user@host`	Skip host key verification (insecure)
`ssh -J jumphost user@destination`	Connect via a jump/bastion host

Key Management

Command	Description
`ssh-keygen`	Generate a new SSH key pair (interactive)
`ssh-keygen -t ed25519 -C "email@example.com"`	Generate Ed25519 key (recommended)
`ssh-keygen -t rsa -b 4096`	Generate 4096-bit RSA key
`ssh-keygen -f ~/.ssh/mykey`	Generate key with custom filename
`ssh-keygen -p -f ~/.ssh/id_ed25519`	Change passphrase on existing key
`ssh-keygen -y -f ~/.ssh/id_ed25519`	Extract public key from private key
`ssh-keygen -l -f ~/.ssh/id_ed25519.pub`	Show key fingerprint
`ssh-keygen -R hostname`	Remove host from known_hosts
`ssh-copy-id user@host`	Copy public key to remote host (enable key auth)
`ssh-copy-id -i ~/.ssh/mykey.pub user@host`	Copy specific key to remote host
`cat ~/.ssh/id_ed25519.pub`	View your public key

SSH Config File

Command	Description
`~/.ssh/config`	User SSH config file location
`Host myserver` e.g. Host myserver\n HostName 192.168.1.100\n User daniel\n Port 22	Define a host alias
`HostName 192.168.1.100`	Set the actual hostname/IP
`User daniel`	Set default username for this host
`Port 2222`	Set default port for this host
`IdentityFile ~/.ssh/mykey`	Set which key to use for this host
`ProxyJump jumphost`	Set jump host for this connection
`ForwardAgent yes`	Enable agent forwarding for this host
`LocalForward 8080 localhost:80`	Auto-create local tunnel on connect
`ServerAliveInterval 60`	Send keepalive every 60 seconds
`ServerAliveCountMax 3`	Disconnect after 3 missed keepalives
`Host *`	Apply settings to all hosts (wildcard)
`ControlMaster auto`	Enable connection multiplexing
`ControlPath ~/.ssh/sockets/%r@%h-%p`	Socket path for multiplexed connections
`ControlPersist 600`	Keep master connection alive for 10 minutes

Port Forwarding & Tunneling

Command	Description
`ssh -L 8080:localhost:80 user@host`	Local forward: access remote port 80 via localhost:8080
`ssh -L 5432:db.internal:5432 user@bastion`	Tunnel to an internal database via bastion
`ssh -R 8080:localhost:3000 user@host`	Remote forward: expose local port 3000 on remote:8080
`ssh -D 1080 user@host`	Dynamic SOCKS5 proxy (use as browser proxy)
`ssh -L 0.0.0.0:8080:localhost:80 user@host`	Local forward accessible from all interfaces
`ssh -R 0.0.0.0:8080:localhost:3000 user@host`	Remote forward on all interfaces (needs GatewayPorts)
`ssh -w 0:0 user@host`	Create a TUN tunnel (VPN-like)
`ssh -L 8080:localhost:80 -L 8443:localhost:443 user@host`	Multiple port forwards in one command

SCP File Transfer

Command	Description
`scp file.txt user@host:/remote/path/`	Copy local file to remote host
`scp user@host:/remote/file.txt ./`	Copy remote file to local machine
`scp -r ./dir user@host:/remote/path/`	Copy directory recursively
`scp -P 2222 file.txt user@host:/path/`	Copy using custom port
`scp -i ~/.ssh/key file.txt user@host:/path/`	Copy using specific key
`scp -C file.txt user@host:/path/`	Enable compression during transfer
`scp -l 1000 file.txt user@host:/path/`	Limit bandwidth to 1000 Kbit/s
`scp user1@host1:/file user2@host2:/path/`	Copy between two remote hosts

SFTP

Command	Description
`sftp user@host`	Start interactive SFTP session
`sftp -P 2222 user@host`	SFTP on custom port
`put localfile remotepath`	Upload file (in SFTP session)
`get remotefile localpath`	Download file (in SFTP session)
`mput *.txt`	Upload multiple files matching pattern
`mget *.log`	Download multiple files matching pattern
`ls`	List remote directory
`lls`	List local directory
`cd /remote/dir`	Change remote directory
`lcd /local/dir`	Change local directory
`mkdir dirname`	Create remote directory
`rm filename`	Delete remote file
`bye`	Exit SFTP session

SSH Agent

Command	Description
`eval $(ssh-agent)`	Start SSH agent in current shell
`ssh-add`	Add default key to agent
`ssh-add ~/.ssh/mykey`	Add specific key to agent
`ssh-add -l`	List keys loaded in agent
`ssh-add -D`	Remove all keys from agent
`ssh-add -d ~/.ssh/mykey`	Remove specific key from agent
`ssh-add -t 3600 ~/.ssh/mykey`	Add key with 1-hour timeout
`ssh -A user@host`	Forward agent to remote (use remote keys)

Security Hardening

Command	Description
`PermitRootLogin no`	Disable root login (sshd_config)
`PasswordAuthentication no`	Disable password auth (key-only)
`PubkeyAuthentication yes`	Enable public key authentication
`Port 2222`	Change SSH port from default 22
`AllowUsers daniel admin`	Only allow specific users
`MaxAuthTries 3`	Max authentication attempts
`LoginGraceTime 30`	Timeout for authentication (30 seconds)
`ClientAliveInterval 300`	Disconnect idle clients after 5 minutes
`ClientAliveCountMax 2`	Max missed keepalives before disconnect
`Protocol 2`	Use only SSH protocol version 2
`X11Forwarding no`	Disable X11 forwarding
`AllowTcpForwarding no`	Disable TCP forwarding
`sudo systemctl restart sshd`	Restart SSH daemon after config changes
`sudo sshd -t`	Test sshd config for syntax errors

Troubleshooting

Command	Description
`ssh -v user@host`	Debug level 1 — see connection steps
`ssh -vvv user@host`	Debug level 3 — maximum verbosity
`ssh-keyscan host`	Fetch host's public keys
`ssh-keygen -R host`	Fix 'host key changed' error
`chmod 700 ~/.ssh`	Fix .ssh directory permissions
`chmod 600 ~/.ssh/id_ed25519`	Fix private key permissions
`chmod 644 ~/.ssh/id_ed25519.pub`	Fix public key permissions
`chmod 600 ~/.ssh/authorized_keys`	Fix authorized_keys permissions
`chmod 644 ~/.ssh/known_hosts`	Fix known_hosts permissions
`tail -f /var/log/auth.log`	Monitor SSH authentication logs (Debian)
`journalctl -u sshd -f`	Monitor SSH logs with systemd
`cat /etc/ssh/sshd_config`	View SSH server configuration

More Guides

Complete Git command reference — from basics to advanced workflows. Searchable, with examples.

Complete Vim/Vi command reference — modes, motions, editing, search, and advanced features.

Docker Commands

Complete Docker & Docker Compose command reference — containers, images, volumes, networks, and orchestration.

Regex Reference

Complete regular expression reference — syntax, patterns, quantifiers, groups, lookaheads, and common recipes.

Complete Linux/Bash command reference — file management, text processing, networking, system admin, and shell scripting.

Kubernetes Commands

Complete Kubernetes & kubectl command reference — pods, deployments, services, configmaps, and cluster management.

Python Reference

Complete Python reference — syntax, data structures, string methods, file I/O, comprehensions, and common patterns.

Complete SQL reference — queries, joins, aggregation, subqueries, indexes, and database management.

Nginx Reference

Complete Nginx configuration reference — server blocks, locations, proxying, SSL, load balancing, and caching.

Jenkins Reference

Complete Jenkins reference — pipeline syntax, Jenkinsfile, plugins, CLI, agents, and CI/CD patterns.

AWS CLI Reference

Complete AWS CLI reference — EC2, S3, IAM, Lambda, ECS, RDS, CloudFormation, and common operations.

Complete Go (Golang) reference — syntax, types, functions, concurrency, error handling, and common patterns.

PowerShell Reference

Complete PowerShell reference — cmdlets, pipelines, scripting, file operations, remote management, and Active Directory.

Complete Redis command reference — strings, hashes, lists, sets, sorted sets, pub/sub, transactions, and server management.

Terraform Commands

Complete Terraform reference — init, plan, apply, state management, modules, workspaces, and HCL syntax.

Ansible Commands

Complete Ansible reference — playbooks, modules, inventory, roles, vault, and ad-hoc commands.

📖 Free, searchable command reference. Bookmark this page for quick access.