Essential SSH commands for secure remote access, key management, tunneling, and file transfers.
Real data. Real impact.
Emerging
Developers
Per week
Open source
Skills give you superpowers. Install in 30 seconds.
Secure Shell (SSH) for remote access and secure file transfers.
# Connect with username ssh user@hostnameConnect to specific port
ssh user@hostname -p 2222
Connect with verbose output
ssh -v user@hostname
Connect with specific key
ssh -i ~/.ssh/id_rsa user@hostname
Connect and run command
ssh user@hostname 'ls -la' ssh user@hostname 'uptime && df -h'
# Connect with forwarding agent ssh -A user@hostnameConnect with X11 forwarding (GUI apps)
ssh -X user@hostname ssh -Y user@hostname # Trusted X11
Escape sequences (during session)
~. - Disconnect
~^Z - Suspend SSH
~# - List forwarded connections
~? - Help
# Generate RSA key ssh-keygen -t rsa -b 4096 -C "your_email@example.com"Generate ED25519 key (recommended)
ssh-keygen -t ed25519 -C "your_email@example.com"
Generate with custom filename
ssh-keygen -t ed25519 -f ~/.ssh/id_myserver
Generate without passphrase (automation)
ssh-keygen -t ed25519 -N "" -f ~/.ssh/id_deploy
# Copy public key to server ssh-copy-id user@hostnameCopy specific key
ssh-copy-id -i ~/.ssh/id_rsa.pub user@hostname
Manual key copy
cat ~/.ssh/id_rsa.pub | ssh user@hostname 'cat >> ~/.ssh/authorized_keys'
Check key fingerprint
ssh-keygen -lf ~/.ssh/id_rsa.pub
Change key passphrase
ssh-keygen -p -f ~/.ssh/id_rsa
# Start ssh-agent eval $(ssh-agent)Add key to agent
ssh-add ~/.ssh/id_rsa
List keys in agent
ssh-add -l
Remove key from agent
ssh-add -d ~/.ssh/id_rsa
Remove all keys
ssh-add -D
Set key lifetime (seconds)
ssh-add -t 3600 ~/.ssh/id_rsa
# Forward local port to remote ssh -L 8080:localhost:80 user@hostname # Access via: http://localhost:8080Forward to different remote host
ssh -L 8080:database.example.com:5432 user@jumphost
Access database through jumphost
Multiple forwards
ssh -L 8080:localhost:80 -L 3306:localhost:3306 user@hostname
# Forward remote port to local ssh -R 8080:localhost:3000 user@hostname # Remote server can access localhost:3000 via its port 8080Make service accessible from remote
ssh -R 9000:localhost:9000 user@publicserver
# Create SOCKS proxy ssh -D 1080 user@hostnameUse with browser or apps
Configure SOCKS5 proxy: localhost:1080
With Firefox
firefox --profile $(mktemp -d)
--preferences "network.proxy.type=1;network.proxy.socks=localhost;network.proxy.socks_port=1080"
# Run in background ssh -f -N -L 8080:localhost:80 user@hostname-f: Background
-N: No command execution
-L: Local forward
Keep alive
ssh -o ServerAliveInterval=60 -L 8080:localhost:80 user@hostname
~/.ssh/config# Simple host alias Host myserver HostName 192.168.1.100 User admin Port 2222With key and options
Host production HostName prod.example.com User deploy IdentityFile ~/.ssh/id_prod ForwardAgent yes
Jump host (bastion)
Host internal HostName 10.0.0.5 User admin ProxyJump bastion
Host bastion HostName bastion.example.com User admin
Wildcard configuration
Host *.example.com User admin ForwardAgent yes
Keep connections alive
Host * ServerAliveInterval 60 ServerAliveCountMax 3
# Connect using alias ssh myserverJump through bastion automatically
ssh internal
Override config options
ssh -o "StrictHostKeyChecking=no" myserver
# Copy file to remote scp file.txt user@hostname:/path/to/destination/Copy file from remote
scp user@hostname:/path/to/file.txt ./local/
Copy directory recursively
scp -r /local/dir user@hostname:/remote/dir/
Copy with specific port
scp -P 2222 file.txt user@hostname:/path/
Copy with compression
scp -C large-file.zip user@hostname:/path/
Preserve attributes (timestamps, permissions)
scp -p file.txt user@hostname:/path/
# Connect to SFTP server sftp user@hostnameCommon SFTP commands:
pwd - Remote working directory
lpwd - Local working directory
ls - List remote files
lls - List local files
cd - Change remote directory
lcd - Change local directory
get file - Download file
put file - Upload file
mget *.txt - Download multiple files
mput *.jpg - Upload multiple files
mkdir dir - Create remote directory
rmdir dir - Remove remote directory
rm file - Delete remote file
exit/bye - Quit
Batch mode
sftp -b commands.txt user@hostname
# Sync directory rsync -avz /local/dir/ user@hostname:/remote/dir/Sync with progress
rsync -avz --progress /local/dir/ user@hostname:/remote/dir/
Sync with delete (mirror)
rsync -avz --delete /local/dir/ user@hostname:/remote/dir/
Exclude patterns
rsync -avz --exclude '*.log' --exclude 'node_modules/'
/local/dir/ user@hostname:/remote/dir/Custom SSH port
rsync -avz -e "ssh -p 2222" /local/dir/ user@hostname:/remote/dir/
Dry run
rsync -avz --dry-run /local/dir/ user@hostname:/remote/dir/
# Disable password authentication (edit /etc/ssh/sshd_config) PasswordAuthentication no PubkeyAuthentication yesDisable root login
PermitRootLogin no
Change default port
Port 2222
Use protocol 2 only
Protocol 2
Limit users
AllowUsers user1 user2
Restart SSH service
sudo systemctl restart sshd
# Check host key ssh-keygen -F hostnameRemove old host key
ssh-keygen -R hostname
Strict host key checking
ssh -o StrictHostKeyChecking=yes user@hostname
Use specific cipher
ssh -c aes256-ctr user@hostname
# Verbose output ssh -v user@hostname ssh -vv user@hostname # More verbose ssh -vvv user@hostname # Maximum verbosityTest connection
ssh -T user@hostname
Check permissions
ls -la ~/.ssh/
Should be: 700 for ~/.ssh, 600 for keys, 644 for .pub files
# Fix permissions chmod 700 ~/.ssh chmod 600 ~/.ssh/id_rsa chmod 644 ~/.ssh/id_rsa.pub chmod 644 ~/.ssh/authorized_keysClear known_hosts entry
ssh-keygen -R hostname
Disable host key checking (not recommended)
ssh -o StrictHostKeyChecking=no user@hostname
# Connect through bastion ssh -J bastion.example.com user@internal.localMultiple jumps
ssh -J bastion1,bastion2 user@final-destination
Using config (see Configuration section above)
ssh internal # Automatically uses ProxyJump
# Master connection ssh -M -S ~/.ssh/control-%r@%h:%p user@hostnameReuse connection
ssh -S ~/.ssh/control-user@hostname:22 user@hostname
In config:
ControlMaster auto
ControlPath ~/.ssh/control-%r@%h:%p
ControlPersist 10m
# Single command ssh user@hostname 'uptime'Multiple commands
ssh user@hostname 'cd /var/log && tail -n 20 syslog'
Pipe commands
cat local-script.sh | ssh user@hostname 'bash -s'
With sudo
ssh -t user@hostname 'sudo command'
~/.ssh/config/var/log/auth.logOfficial docs: https://www.openssh.com/manual.html Man pages:
man sshman ssh_configman sshd_configNo automatic installation available. Please visit the source repository for installation instructions.
View Installation Instructions
1,500+ AI skills, agents & workflows. Install in 30 seconds. Part of the Torly.ai family.
© 2026 Torly.ai. All rights reserved.