Secure Shell (SSH) is most commonly implemented via OpenSSH, the standard open-source SSH suite on Linux and macOS systems.
This post is a practical cheat sheet of core SSH commands and
related utilities like ssh-copy-id, focused on
daily sysadmin and developer workflows.
π Core SSH Commands
ssh β Remote Login
Connect to a remote machine:
ssh user@host
ssh -p 2222 user@host
ssh -i ~/.ssh/id_ed25519 user@host
Port forwarding examples:
# Local forwarding
ssh -L 8080:localhost:80 user@host
# Remote forwarding
ssh -R 9090:localhost:3000 user@host
# Dynamic SOCKS proxy
ssh -D 1080 user@host
ssh-keygen β Key
Management
Generate modern key:
ssh-keygen -t ed25519 -C "you@example.com"
Other useful operations:
ssh-keygen -l -f id_ed25519.pub # fingerprint
ssh-keygen -R hostname # remove host from known_hosts
ssh-copy-id β
Install Public Key
Copies your public key to a remote hostβs
authorized_keys.
ssh-copy-id user@host
ssh-copy-id -i ~/.ssh/work.pub user@host
ssh-copy-id -p 2222 user@host
π Only copies public keys, never private keys.
π File Transfer Utilities
scp β Secure Copy
scp file.txt user@host:/remote/path
scp -r folder user@host:/remote/path
scp user@host:/remote/file.txt .
sftp β Interactive
File Transfer
sftp user@host
Inside session:
put file.txt
get file.txt
ls
cd
rsync over SSH β
Efficient Sync
rsync -avz -e ssh folder/ user@host:/remote/folder
Efficient for backups and deployments.
π SSH Agent Utilities
ssh-agent β
Background Key Manager
eval "$(ssh-agent -s)"
ssh-add β Load Keys
Into Agent
ssh-add ~/.ssh/id_ed25519
ssh-add -l
ssh-add -D
Prevents repeated passphrase prompts.
βοΈ Server-Side Utilities
sshd β SSH Daemon
Check status:
systemctl status sshd
Restart:
sudo systemctl restart sshd
Main config file:
/etc/ssh/sshd_config
π Important SSH Files
Local (~/.ssh/):
id_ed25519β private keyid_ed25519.pubβ public keyknown_hostsβ trusted hostsconfigβ client shortcuts
Remote:
~/.ssh/authorized_keysβ allowed public keys
Correct permissions matter:
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
π§ Useful Power Tricks
Jump Host (Bastion)
ssh -J user@jump user@internal-host
SSH Config Aliases
~/.ssh/config:
Host prod
HostName 10.0.0.10
User deploy
Port 2222
IdentityFile ~/.ssh/prod_key
Then simply:
ssh prod
π Minimal Secure Setup Checklist
- Use
ed25519keys - Disable password authentication
- Disable root login
- Use non-standard port (optional)
- Use fail2ban (optional)
- Restrict users via
AllowUsers
𧩠Mental Model
graph TD; A[Local Machine] -->|Private Key| B(SSH Client); B -->|Encrypted Channel| C[Remote SSH Server]; C -->|authorized_keys| D(User Account);