Monday, January 6, 2025
Google search engine
HomeGuest BlogsSSH Commands Cheat Sheet for Linux Users

SSH Commands Cheat Sheet for Linux Users

.tdi_3.td-a-rec{text-align:center}.tdi_3 .td-element-style{z-index:-1}.tdi_3.td-a-rec-img{text-align:left}.tdi_3.td-a-rec-img img{margin:0 auto 0 0}@media(max-width:767px){.tdi_3.td-a-rec-img{text-align:center}}

Are you looking for that ultimate SSH Commands cheat sheet?. This SSH Cheat Sheet contains SSH commands you need for your daily administration of Linux Infrastructure.  SSH which is also referred to as Secure Shell is a cryptographic network protocol for operating network services securely over an unsecured network.

To start using different ssh command-line options, follow this guide along and feel free to test all these commands. You can practice in Virtual environments like VirtualBox or VMware Workstation instead of running everything in the Production environment.

1. SSH via pem file ( private key)

If you want to access a remote server using a Pem key, the command syntax is:

.tdi_2.td-a-rec{text-align:center}.tdi_2 .td-element-style{z-index:-1}.tdi_2.td-a-rec-img{text-align:left}.tdi_2.td-a-rec-img img{margin:0 auto 0 0}@media(max-width:767px){.tdi_2.td-a-rec-img{text-align:center}}

ssh -i /path/to/file.pem user@server

A path to private key file follows after -i flag.

2. Connect to a non-standard  ssh port:

The default SSH port is 22, to access a remote system with a different service port, use the -p option.

ssh -p 2222 [email protected]

Here, we’re connecting to the SSH server running on port 2222. The port has to be allowed on the firewall.

3. Connect and forward the authentication agent

Use the -A option to enable the forwarding of the authentication agent.

ssh -A user@server

This can also be specified on a per-host basis in a configuration file.

4. Connect and execute a command on a remote server:

At times you want to run a command on bash shell on a remote server. This is achieved by passing the command and its options after the server part.

ssh -t user@server'the-remote-command'

-t  is used to force pseudo-terminal allocation. This can be used to execute arbitrary screen-based programs on a remote machine, which can be very useful, e.g. when implementing menu services.

As an example, let’s connect to a server and do a ping to 8.8.8.8, with a count of 3.

$ ssh outboundmx-01 'ping -c 3 8.8.8.8'
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=60 time=6.74 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=60 time=7.27 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=60 time=6.77 ms

--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2004ms
rtt min/avg/max/mdev = 6.740/6.930/7.271/0.241 ms

SSH session will exit after executing specified commands.

5. Tunnel an X session over SSH:

The -X option in ssh is used to enable X11 forwarding. This can also be specified on a per-host basis in a configuration file. X11 forwarding can be disabled using -x Disables option.

ssh -X user@server

An example below will:

  • Redirect traffic with a tunnel between localhost (port 8080) and a remote
  • host (remote.example.com:5000) through a proxy (personal.server.com):
ssh -f -L 8080:remote.example.com:5000 [email protected] -N

-N  means do not execute a remote command. This is useful for just forwarding ports.

6. Launch a specific X application over SSH:

Use the -X option to launch an application through ssh session.

ssh -X -t user@server 'firefox'

This will launch Firefox application and display UI on the local machine.

7. Create a SOCKS proxy tunnel

ssh -D 9999 user@server

This will create a SOCKS proxy on localhost and port  10000. The way this works is by allocating a socket to listen to port on the local side, optionally bound to the specified bind_address. Whenever a connection is made to this port, the connection is forwarded over the secure channel, and the application protocol is then used to determine where to connect to from the remote machine.

Currently the SOCKS4 and SOCKS5 protocols are supported, and ssh will act as a SOCKS server. Note that only root can forward privileged ports.

8. SSH with data compression and encryption

To request compression of all data (including stdin, stdout, stderr, and data for forwarded X11, TCP and UNIX-domain connections, -C option is used. This is desirable when working with modems and other slow connections systems. Do not use this on faster networks since it will just slow things down.

The compression algorithm is the same used by gzip. -c is used to specify the cipher specification for encrypting the session. More than one listing is done by separating them with commas. Example

ssh user@server -C -c blowfish -X

-X –> Use an X session
-C –> Do data compression
-c –> Use blowfish encryption for ssh session

9. SSH copy files

An example below shows how to compress files on a remote server and copy to the local system by piping to tar. Compression and uncompression is done using tar command. This is useful if you don’t have scp or rsync which act as ssh clients.

$ ssh  jmutai@outboundmx-01 "cd ~/mydir; \
tar zcf - file1.txt file2.txt" | tar zxf -

# confirm if copied
$ ls file1.txt file2.txt

10. Force Publick key Copy to a remote server

You’re trying to copy ssh key but keeps getting a failure. You can force the copy using the commands:

SSH_OPTS='-F /dev/null' ssh-copy-id  user@server

11. Save private key passphrase

With ssh, you can configure authentication agent to save password so that you won’t have to re-enter your passphrase every time you use your SSH keys.

eval $(ssh-agent) # Start agent on demand
ssh-add # Add default key
ssh-add -l # List keys
ssh-add ~/.ssh/id_rsa # Add specific key
ssh-add -t 3600 ~/.ssh/id_rsa # Add with timeout
ssh-add -D # Drop keys

12. Mount folder/filesystem through SSH

Install SSHFS from https://github.com/libfuse/sshfs .

Installation and usage of SSHFS are covered on a different article:

This command will mount remote directory to the local machine.

sshfs name@server:/path/to/folder /path/to/mount/point

Once done, you can unmount directory using:

fusermount -u mountpoint

13. Read files using macs through SSH

Documentation is on Emacs mount Remote files

After installing Emacs, reading of the remote file is done using:

emacs /ssh:name@server:/path/to/file

14. Deleting IP address/hostname on ~/.ssh/known_hosts file.

Sometimes you want to copy ssh key to a remote server and you get a warning that the IP/hostname already exist in ~/.ssh/known_hosts, to remove the entry, use:

ssh-keygen -f .ssh/known_hosts -R  ip-or-hostname

16. Update SSH Key passphrase

Use our guide for updating or changing an SSH key passphrase.

17. Changing SSH Service Port

The following guide should be helpful.

Wrapping Up

Secure Shell (SSH) allows the exchange of data over a secure channel between two computers. This will act as an ultimate ssh cheatsheet for Linux SysAdmins. You can drop a comment for any commands you often used but not covered here, I’ll be happy to update.

.tdi_4.td-a-rec{text-align:center}.tdi_4 .td-element-style{z-index:-1}.tdi_4.td-a-rec-img{text-align:left}.tdi_4.td-a-rec-img img{margin:0 auto 0 0}@media(max-width:767px){.tdi_4.td-a-rec-img{text-align:center}}

RELATED ARTICLES

Most Popular

Recent Comments