Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
SSH Cheatsheet

SSH Cheatsheet

N. P. O'Donnell, 2020

Specify a Key

To have SSH use a specific key:

ssh -i <path/to/key> <remote host>

Using Multiple Keys

To have SSH try multiple keys until it finds one that works, add to your SSH config:

IdentityFile ~/.ssh/id_rsa
IdentityFile ~/.ssh/id_rsa_old
IdentityFile ~/.ssh/id_ed25519
...

This will not work if you have 2 SSH keys which are accepted at a particular server and you want to use the second one. In that case, this function will help:

function sshkey() { cp ~/.ssh/id_rsa.$1 ~/.ssh/id_rsa && cp ~/.ssh/id_rsa.$1.pub ~/.ssh/id_rsa.pub }

Then to switch active key to key x:

sshkey x

Force Password Login

ssh -o PreferredAuthentications=password -o PubkeyAuthentication=no ...

Run a Command Remotely

ssh <remote host> -- <command>

Example:

ssh 192.168.0.1 -- hostname

Run a Script Remotely

ssh <remote host> -- bash < <script>

Example:

ssh 192.168.0.2 -- bash < script.sh

Run a Script Remotely with Arguments

ssh <remote host> -- bash -s < <script> -- <arg1> ... <argn>

Example:

ssh 192.168.0.2 -- bash -s < script.sh -- -x yolo

Note: this will usually work without the --'s but nevertheless, you should always include them.

Tunneling

Be careful with Tunneling. It can be a security risk.

Local Tunnel

With a local tunnel, the SSH client on your local machine creates a socket which listens on port <local port> (and optionally on different network interfaces such as the loopback interface) and forwards any packets received on that port through the SSH connection to <server>. When the packets arrive on <server>, the SSH server running on <server> sends them to <destination>:<destination port>.

Local tunnels are used when you want to access a service from your local machine but make it appear to the service like you're accessing it from the remote machine. For example accessing a website that's restricted in your country. The website will think it's been accessed from the country of the remote machine.

ssh -N -L [<local ip>:]<local port>:<destination>:<destination port> [<user>@]<server>

Remote Tunnel

With a remote tunnel, the SSH server running on <server> creates a socket which listens on port <remote port> (and optionally on different network interfaces such as the loopback interface) and forwards any packets received on that port through the SSH connection to the local machine. When the packets arrive on the local machine, the SSH client running on the local machine sends them to <destination>:<destination port>.

Remote tunnels are used when you want to host a service on your local machine but have clients accessing that service access it by contacting the remote machine. This is useful if you're debugging the service locally and want clients to connect directly to you, although clients will not know this. They will think they're talking to the remote machine.

ssh -N -R [<remote ip>:]<remote port>:<destination>:<destination port> [<user>@]<server>

SSH tunneling works only for TCP traffic. If you want to tunnel UDP, ICMP or some other protocol, use GRE or Wireguard.

Generating Fingerprints

Generate SHA256 fingerprint and ASCII art from .pub file:

ssh-keygen -lvf <path to .pub file>

Generate just SHA256 fingerprints of all keys in authorized_keys file:

ssh-keygen -lf - < authorized_keys

Host Keys

Get the keys of host foo.bar:

ssh-keyscan foo.bar

Get only the ed25519 key of host bar.baz listening on port 2222:

ssh-keyscan -p 2222 -t ed25519 bar.baz
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment