ssh user@host | Connect to remote host |
ssh user@host -p 2222 | Connect on specific port |
ssh -i ~/.ssh/key.pem user@host | Connect with identity file |
ssh -v user@host | Verbose mode (debug) |
ssh -vvv user@host | Maximum verbosity |
ssh user@host "command" | Run command on remote |
ssh -t user@host "command" | Force pseudo-terminal |
ssh -N user@host | No command (for tunnels) |
ssh-keygen | Generate SSH key pair |
ssh-keygen -t ed25519 -C "email@example.com" | Generate Ed25519 key |
ssh-keygen -t rsa -b 4096 | Generate 4096-bit RSA key |
ssh-keygen -f ~/.ssh/mykey | Specify key filename |
ssh-keygen -p -f ~/.ssh/id_rsa | Change key passphrase |
ssh-keygen -y -f ~/.ssh/id_rsa | Show public key |
ssh-keygen -l -f ~/.ssh/id_rsa.pub | Show key fingerprint |
ssh-keygen -R hostname | Remove host from known_hosts |
ssh-copy-id user@host | Copy public key to remote |
ssh-copy-id -i ~/.ssh/mykey.pub user@host | Copy specific key |
cat ~/.ssh/id_rsa.pub | ssh user@host "cat >> ~/.ssh/authorized_keys" | Manual key copy |
eval "$(ssh-agent -s)" | Start SSH agent |
ssh-add | Add default key to agent |
ssh-add ~/.ssh/id_rsa | Add specific key |
ssh-add -l | List keys in agent |
ssh-add -L | List public keys |
ssh-add -d ~/.ssh/id_rsa | Remove specific key |
ssh-add -D | Remove all keys |
ssh-add -t 3600 ~/.ssh/id_rsa | Add key with timeout (1hr) |
ssh -A user@host | Forward agent to remote |
ssh -L 8080:localhost:80 user@host | Local port forward |
ssh -L 8080:remote:80 user@host | Forward to remote host |
ssh -R 8080:localhost:80 user@host | Remote port forward |
ssh -D 1080 user@host | SOCKS proxy |
ssh -L 3306:dbhost:3306 user@jumphost | Database tunnel via jump |
ssh -fNL 8080:localhost:80 user@host | Background tunnel |
ssh -J jumphost user@target | Connect via jump host |
ssh -J user1@jump1,user2@jump2 user@target | Multiple jump hosts |
ssh -o ProxyJump=jumphost user@target | ProxyJump option |
Host myserver
HostName 192.168.1.100
User admin
Port 22
IdentityFile ~/.ssh/mykey | Basic host config |
Host *
AddKeysToAgent yes
IdentitiesOnly yes
ServerAliveInterval 60 | Global defaults |
Host bastion
HostName jump.example.com
User admin
Host internal
HostName 10.0.0.5
ProxyJump bastion | Jump host config |
Host github.com
HostName github.com
User git
IdentityFile ~/.ssh/github_key | GitHub SSH config |
chmod 700 ~/.ssh | SSH directory permissions |
chmod 600 ~/.ssh/id_rsa | Private key permissions |
chmod 644 ~/.ssh/id_rsa.pub | Public key permissions |
chmod 600 ~/.ssh/config | Config file permissions |
chmod 600 ~/.ssh/authorized_keys | Authorized keys permissions |
scp file.txt user@host:/path/ | Copy file to remote |
scp user@host:/path/file.txt . | Copy file from remote |
scp -r folder/ user@host:/path/ | Copy directory recursively |
scp -P 2222 file.txt user@host:/path/ | Copy on specific port |
scp -i ~/.ssh/key file.txt user@host:/path/ | Copy with identity file |
scp user1@host1:/path/file user2@host2:/path/ | Copy between remotes |
sftp user@host | Start SFTP session |
ls / lls | List remote/local files |
cd / lcd | Change remote/local dir |
get file.txt | Download file |
put file.txt | Upload file |
mget *.txt | Download multiple files |
mput *.txt | Upload multiple files |
mkdir / rmdir | Create/remove directory |
bye / quit / exit | Exit SFTP |
gpg --full-generate-key | Generate key (interactive) |
gpg --gen-key | Generate key (quick) |
gpg --list-keys | List public keys |
gpg --list-secret-keys | List private keys |
gpg --list-keys --keyid-format long | Show long key IDs |
gpg --fingerprint user@example.com | Show key fingerprint |
gpg --export -a "Name" > public.key | Export public key |
gpg --export-secret-keys -a "Name" > private.key | Export private key |
gpg --import public.key | Import public key |
gpg --import private.key | Import private key |
gpg --delete-key "Name" | Delete public key |
gpg --delete-secret-key "Name" | Delete private key |
gpg --edit-key "Name" | Edit key (interactive) |
gpg -e -r recipient file.txt | Encrypt for recipient |
gpg -e -r email@example.com file.txt | Encrypt with email |
gpg -c file.txt | Symmetric encryption |
gpg -d file.txt.gpg | Decrypt file |
gpg -d file.txt.gpg > file.txt | Decrypt to file |
gpg -e -a -r recipient file.txt | Encrypt as ASCII armor |
gpg -s file.txt | Sign file (compressed) |
gpg --clearsign file.txt | Clear-text sign |
gpg -b file.txt | Detached signature |
gpg --verify file.txt.sig file.txt | Verify detached sig |
gpg --verify file.txt.gpg | Verify signed file |
gpg -se -r recipient file.txt | Sign and encrypt |
gpg --keyserver keyserver.ubuntu.com --send-keys KEYID | Upload key to server |
gpg --keyserver keyserver.ubuntu.com --recv-keys KEYID | Download key from server |
gpg --keyserver keyserver.ubuntu.com --search-keys email@example.com | Search for keys |
gpg --refresh-keys | Refresh all keys |
git config --global user.signingkey KEYID | Set signing key |
git config --global commit.gpgsign true | Auto-sign commits |
git config --global gpg.program gpg | Set GPG program |
git commit -S -m "message" | Sign commit |
git tag -s v1.0 -m "message" | Sign tag |
git log --show-signature | Show commit signatures |
git verify-commit HEAD | Verify commit signature |
git verify-tag v1.0 | Verify tag signature |
git config --global gpg.format ssh | Use SSH for signing |
git config --global user.signingkey ~/.ssh/id_ed25519.pub | Set SSH signing key |
git config --global gpg.ssh.allowedSignersFile ~/.ssh/allowed_signers | Set allowed signers file |