SSH Cheatsheet

Base Usage

ssh [user]@[host]

Use Specific Key

ssh -i ~/.ssh/id_rsa [user]@[host]

Use Alternative Port

ssh -i ~/.ssh/id_rsa -p [port] [user]@[host]

Dynamic SOCKS Proxy

This can be used with proxychains to forward client traffic through the remote server.

ssh -D8080 [user]@[host]

Local Port Forwarding

This will bind to [bindaddr]:[port] on the client and forward through the SSH server to the [dsthost]:[dstport]

ssh -L [bindaddr]:[port]:[dsthost]:[dstport] [user]@[host]

Remote Port Forwarding

This will bind to [bindaddr]:[port] on the remote server and tunnel traffic through the ssh client side to [localhost]:[localport]

ssh -R [bindaddr]:[port]:[localhost]:[localport] [user]@[host]

Establish VPN over SSH

The following options must be enabled on the server side.

PermitRootLogin yes
PermitTunnel yes

ssh [user]@[host] -w any:any

You can see the established tun interface by typing ifconfig -a

The interfaces and forwarding must still be configured. This assumes that we are going to forward through the remote server. We are also assuming that the server’s main connection is through eth0, and both client/server stood up tun0. This may be different if you already have existing VPN connections.


ip addr add peer dev tun0
# Once Server is setup, run the following to add routes
route add -net gw


ip addr add peer dev tun0
sysctl -w net.ipv4.ip_forward=1
iptables -t nat -A POSTROUTING -s -o eth0 -j MASQUERADE

Execute a One Liner

ssh -i ~/.ssh/id_rsa [user]@[host] "sudo apt-get update && sudo apt-get upgrade"


File Description
~/.ssh/ Directory for user-specific SSH configuration
~/.ssh/authorized_keys Lists public keys authorized for logging into this user
~/.ssh/config Per-user config file. Can specify how to connect, with which keys etc
~/.ssh/id_* Key files, both public and private
~/.ssh/known_hosts Contains list of public host keys known to user
/etc/ssh/ssh_config Global SSH client configuration
/etc/ssh/sshd_config SSH server configuration

Generating Keys


Adding Authorized Keys

cat >> ~/.ssh/authorized_keys

The following will remotely copy your public key to authorized_keys on [host]

ssh-copy-id -i ~/.ssh/id_rsa [user]@[host]

SSH Escape Sequences

Simply type the following combinations to escape SSH sessions.

Escape Sequence Description
~? List all options
~B Send BREAK to remote host
~R Request Re-key
~V/v Decrease / Increase verbosity
~^Z Suspend SSH
~# List forwarded connections
~& background ssh
~~ Send the escape character instead of escaping the next char


SSH Copy utility for pushing and pulling files remotely

Copy from remote to local

Copy remote file.txt to /tmp/file.txt

scp [user]@[host]:file.txt /tmp/file.txt

Copy from local to remote

Copy local file.txt to remote /tmp/file.txt

scp file.txt [user]@[host]:/tmp/file.txt

Copy recursively (full directories)

The following will copy remote /home/ubuntu/.vim directory and all of its contents to ./vim.

scp -r [user]@[host]:/home/ubuntu/.vim ./vim

Use non-standard port

Uses -P instead of -p switch in regular SSH command. The following uses port 2222.

scp -P 2222 [user]@[host]:/home/ubuntu/ ./

comments powered by Disqus