# Cheatsheet & Examples: ssh

The **`ssh`** command (Secure Shell) is a network protocol used to securely connect to a remote server or system. It provides a encrypted communication channel between two networked devices, allowing for secure remote command execution, file transfer, and other network services.

---

## Connecting to a Remote Server

This is the most common use of the `ssh` command, allowing you to establish an interactive terminal session on a remote machine.

Example Usage:
`ssh username@remote_host`

What it does:
Initiates a secure connection to the specified remote host. It will prompt you for the password for the specified `username` on the `remote_host` unless key-based authentication is configured.

Command-line Arguments Explained:

- **`username`**: The account name on the remote machine that you want to log in as.
- **`remote_host`**: The hostname (e.g., `example.com`) or IP address (e.g., `192.168.1.100`) of the remote server.

---

## Connecting to a Remote Server with a Specific Port

If the SSH service on the remote server is running on a non-standard port (not port 22), you need to specify it using the `-p` option.

Example Usage:
`ssh -p 2222 username@remote_host`

What it does:
Establishes a connection to the remote server, explicitly using **port 2222** instead of the default port 22.

Command-line Arguments Explained:

- **`-p`**: Specifies the port number to connect to on the remote host.
- **`2222`**: The non-standard port number for the SSH service.
- **`username@remote_host`**: The standard login credentials and remote address.

---

## Executing a Single Command on a Remote Server

You can execute a non-interactive command on the remote server without opening a full shell session.

Example Usage:
`ssh username@remote_host "ls -l /var/log"`

What it does:
Connects to the remote server, executes the command **`ls -l /var/log`**, prints the output to your local terminal, and then immediately closes the SSH connection.

Command-line Arguments Explained:

- **`username@remote_host`**: The standard login credentials and remote address.
- **`"ls -l /var/log"`**: The command (or sequence of commands) to be executed on the remote host. Quotes are often necessary to ensure the entire command is passed correctly.

---

## Copying a Public Key to a Remote Server

This is commonly used with the **`ssh-copy-id`** helper script to easily set up **passwordless key-based authentication**.

Example Usage:
`ssh-copy-id username@remote_host`

What it does:
Reads your local SSH public key (typically from `~/.ssh/id_rsa.pub` or `~/.ssh/id_ed25519.pub`) and appends it to the `~/.ssh/authorized_keys` file on the remote server. This allows future connections to use the key instead of a password.

Command-line Arguments Explained:

- **`username@remote_host`**: The standard login credentials and remote address, specifying where the public key should be copied.

---

## Enabling X11 Forwarding

X11 forwarding allows graphical applications running on the remote server to display their windows on your local machine.

Example Usage:
`ssh -X username@remote_host`

What it does:
Connects to the remote server and enables **X11 forwarding**. Once connected, any graphical application launched in the remote shell will have its display tunnelled securely back to your local machine.

Command-line Arguments Explained:

- **`-X`**: Enables X11 forwarding. The application's GUI will appear on the local machine. (Use **`-Y`** for trusted X11 forwarding, which is slightly less secure but may be required if `-X` doesn't work.)
- **`username@remote_host`**: The standard login credentials and remote address.

---

## Setting up Local Port Forwarding (Tunneling)

Local port forwarding is used to securely tunnel traffic from a **local port** through the SSH connection to a specific port on a **remote server** or a machine *accessible from* the remote server.

Example Usage:
`ssh -L 8080:localhost:80 username@remote_host`

What it does:
Creates a secure tunnel. When you connect to **`localhost:8080`** on your local machine, the traffic is forwarded through the SSH connection to **port 80** on the **`remote_host`** (which is referred to as `localhost` from the perspective of the server). This is useful for accessing internal web services securely.

Command-line Arguments Explained:

- **`-L`**: Specifies local port forwarding. The format is **`[bind_address:]local_port:remote_host:remote_port`**.
- **`8080`**: The local port number on your machine that you will connect to.
- **`localhost`**: The destination host (relative to the **`remote_host`**) to which the traffic should be forwarded (in this case, the remote host itself).
- **`80`**: The destination port on the specified destination host (e.g., a web server's HTTP port).
- **`username@remote_host`**: The standard login credentials and remote address for the SSH server that will create the tunnel.

---

## Setting up Remote Port Forwarding

Remote port forwarding allows a **remote port** on the SSH server to be forwarded to a specific port on the **local client machine** or a machine *accessible from* the local client.

Example Usage:
`ssh -R 80:localhost:8080 username@remote_host`

What it does:
Creates a secure tunnel. The remote SSH server will listen on **port 80**. Any connection to the remote host's port 80 will be tunneled back through the SSH connection to **port 8080** on your local machine. This is useful for exposing a local service to a remote machine.

Command-line Arguments Explained:

- **`-R`**: Specifies remote port forwarding. The format is **`[bind_address:]remote_port:local_host:local_port`**.
- **`80`**: The port number on the remote server that the traffic will be forwarded from.
- **`localhost`**: The destination host (relative to the **local client**) to which the traffic should be forwarded (in this case, the local client itself).
- **`8080`**: The destination port on the specified destination host (e.g., a local web server).
- **`username@remote_host`**: The standard login credentials and remote address for the SSH server that will listen on the specified port.

---

## Using a Specific Identity File (Key)

If you have multiple SSH keys and need to use a key other than the default (`~/.ssh/id_rsa`), you specify it using the `-i` option.

Example Usage:
`ssh -i ~/.ssh/my_private_key username@remote_host`

What it does:
Uses the private key located at **`~/.ssh/my_private_key`** for authentication instead of the default identity files.

Command-line Arguments Explained:

- **`-i`**: Specifies the path to the **identity file** (private key) to be used for public key authentication.
- **`~/.ssh/my_private_key`**: The file path to the private key.
- **`username@remote_host`**: The standard login credentials and remote address.

---

## Disabling Pseudo-Terminal and Command Execution

This is typically used when you are only interested in setting up port forwarding or when you want to avoid executing any commands on the remote machine after a connection is established.

Example Usage:
`ssh -N -f -L 8080:localhost:80 username@remote_host`

What it does:
This combination of options is commonly used to run a **background port forward** (tunnel).
* **`-N`** ensures **no remote command** is executed (no shell session).
* **`-f`** causes SSH to go to the **background** just before command execution (or, in this case, after the tunnel is set up).
* **`-L`** sets up the local port forwarding tunnel.

Command-line Arguments Explained:

- **`-N`**: Do not execute a remote command. Useful for port forwarding.
- **`-f`**: Requests SSH to go to the background after a successful login and setup of any tunnels.
- **`-L 8080:localhost:80`**: The local port forwarding parameters.
- **`username@remote_host`**: The standard login credentials and remote address.

---

Would you like to know how to set up **key-based authentication** (so you don't need a password) or learn about the related secure file transfer commands, **`scp`** and **`sftp`**?
