Cheatsheet & Examples: ssh
The ssh command (Secure Shell) is a network protocol used to securely connect to a remote server or system. It provides a encrypted communication channel between two networked devices, allowing for secure remote command execution, file transfer, and other network services.
Connecting to a Remote Server
This is the most common use of the ssh command, allowing you to establish an interactive terminal session on a remote machine.
Example Usage:
ssh username@remote_host
What it does:
Initiates a secure connection to the specified remote host. It will prompt you for the password for the specified username on the remote_host unless key-based authentication is configured.
Command-line Arguments Explained:
username: The account name on the remote machine that you want to log in as.remote_host: The hostname (e.g.,example.com) or IP address (e.g.,192.168.1.100) of the remote server.
Connecting to a Remote Server with a Specific Port
If the SSH service on the remote server is running on a non-standard port (not port 22), you need to specify it using the -p option.
Example Usage:
ssh -p 2222 username@remote_host
What it does: Establishes a connection to the remote server, explicitly using port 2222 instead of the default port 22.
Command-line Arguments Explained:
-p: Specifies the port number to connect to on the remote host.2222: The non-standard port number for the SSH service.username@remote_host: The standard login credentials and remote address.
Executing a Single Command on a Remote Server
You can execute a non-interactive command on the remote server without opening a full shell session.
Example Usage:
ssh username@remote_host "ls -l /var/log"
What it does:
Connects to the remote server, executes the command ls -l /var/log, prints the output to your local terminal, and then immediately closes the SSH connection.
Command-line Arguments Explained:
username@remote_host: The standard login credentials and remote address."ls -l /var/log": The command (or sequence of commands) to be executed on the remote host. Quotes are often necessary to ensure the entire command is passed correctly.
Copying a Public Key to a Remote Server
This is commonly used with the ssh-copy-id helper script to easily set up passwordless key-based authentication.
Example Usage:
ssh-copy-id username@remote_host
What it does:
Reads your local SSH public key (typically from ~/.ssh/id_rsa.pub or ~/.ssh/id_ed25519.pub) and appends it to the ~/.ssh/authorized_keys file on the remote server. This allows future connections to use the key instead of a password.
Command-line Arguments Explained:
username@remote_host: The standard login credentials and remote address, specifying where the public key should be copied.
Enabling X11 Forwarding
X11 forwarding allows graphical applications running on the remote server to display their windows on your local machine.
Example Usage:
ssh -X username@remote_host
What it does: Connects to the remote server and enables X11 forwarding. Once connected, any graphical application launched in the remote shell will have its display tunnelled securely back to your local machine.
Command-line Arguments Explained:
-X: Enables X11 forwarding. The application's GUI will appear on the local machine. (Use-Yfor trusted X11 forwarding, which is slightly less secure but may be required if-Xdoesn't work.)username@remote_host: The standard login credentials and remote address.
Setting up Local Port Forwarding (Tunneling)
Local port forwarding is used to securely tunnel traffic from a local port through the SSH connection to a specific port on a remote server or a machine accessible from the remote server.
Example Usage:
ssh -L 8080:localhost:80 username@remote_host
What it does:
Creates a secure tunnel. When you connect to localhost:8080 on your local machine, the traffic is forwarded through the SSH connection to port 80 on the remote_host (which is referred to as localhost from the perspective of the server). This is useful for accessing internal web services securely.
Command-line Arguments Explained:
-L: Specifies local port forwarding. The format is[bind_address:]local_port:remote_host:remote_port.8080: The local port number on your machine that you will connect to.localhost: The destination host (relative to theremote_host) to which the traffic should be forwarded (in this case, the remote host itself).80: The destination port on the specified destination host (e.g., a web server's HTTP port).username@remote_host: The standard login credentials and remote address for the SSH server that will create the tunnel.
Setting up Remote Port Forwarding
Remote port forwarding allows a remote port on the SSH server to be forwarded to a specific port on the local client machine or a machine accessible from the local client.
Example Usage:
ssh -R 80:localhost:8080 username@remote_host
What it does: Creates a secure tunnel. The remote SSH server will listen on port 80. Any connection to the remote host's port 80 will be tunneled back through the SSH connection to port 8080 on your local machine. This is useful for exposing a local service to a remote machine.
Command-line Arguments Explained:
-R: Specifies remote port forwarding. The format is[bind_address:]remote_port:local_host:local_port.80: The port number on the remote server that the traffic will be forwarded from.localhost: The destination host (relative to the local client) to which the traffic should be forwarded (in this case, the local client itself).8080: The destination port on the specified destination host (e.g., a local web server).username@remote_host: The standard login credentials and remote address for the SSH server that will listen on the specified port.
Using a Specific Identity File (Key)
If you have multiple SSH keys and need to use a key other than the default (~/.ssh/id_rsa), you specify it using the -i option.
Example Usage:
ssh -i ~/.ssh/my_private_key username@remote_host
What it does:
Uses the private key located at ~/.ssh/my_private_key for authentication instead of the default identity files.
Command-line Arguments Explained:
-i: Specifies the path to the identity file (private key) to be used for public key authentication.~/.ssh/my_private_key: The file path to the private key.username@remote_host: The standard login credentials and remote address.
Disabling Pseudo-Terminal and Command Execution
This is typically used when you are only interested in setting up port forwarding or when you want to avoid executing any commands on the remote machine after a connection is established.
Example Usage:
ssh -N -f -L 8080:localhost:80 username@remote_host
What it does: This combination of options is commonly used to run a background port forward (tunnel).
-Nensures no remote command is executed (no shell session).-fcauses SSH to go to the background just before command execution (or, in this case, after the tunnel is set up).-Lsets up the local port forwarding tunnel.
Command-line Arguments Explained:
-N: Do not execute a remote command. Useful for port forwarding.-f: Requests SSH to go to the background after a successful login and setup of any tunnels.-L 8080:localhost:80: The local port forwarding parameters.username@remote_host: The standard login credentials and remote address.
Would you like to know how to set up key-based authentication (so you don't need a password) or learn about the related secure file transfer commands, scp and sftp?
