SSH Cheat Sheet

SSH•Permalink

Comprehensive SSH client commands for login, remote execution, auth, multiplexing, jump hosts, and practical options.

View

Standard Detailed Compact

Export

Copy the compact sheet, download it, or print it.

Download

`D` dense toggle · `C` copy all

Basics

Connect, run commands, and inspect versions.

Connect to a host

Open an interactive SSH session.

↗#

bashANYsshconnectlogin

bash

ssh user@example.com

Open an interactive SSH session.

Connect on a non-default port

Specify a custom SSH port.

↗#

bashANYsshportconnect

bash

ssh -p 2222 user@example.com

Specify a custom SSH port.

Run a remote command

Execute one command remotely without opening an interactive shell.

↗#

bashANYsshremote-commandautomation

bash

ssh user@example.com 'uname -a'

Execute one command remotely without opening an interactive shell.

Verbose output

Show extra connection and auth debugging details.

↗#

bashANYsshdebugverbose

bash

ssh -v user@example.com

Show extra connection and auth debugging details.

Very verbose output

Show full handshake and config debugging details.

↗#

bashANYsshdebugverbose

bash

ssh -vvv user@example.com

Show full handshake and config debugging details.

Show SSH version

Print the local client version.

↗#

bashANYsshversioninspect

bash

ssh -V

Print the local client version.

Batch mode for automation

Disable password prompts for scripts and CI.

↗#

bashANYsshbatchautomation

bash

ssh -o BatchMode=yes user@example.com 'hostname'

Disable password prompts for scripts and CI.

Run without allocating a TTY

Useful in non-interactive scripts.

↗#

bashANYsshttyautomation

bash

ssh -T git@github.com

Useful in non-interactive scripts.

Force TTY allocation

Useful when the remote command expects a terminal.

↗#

bashANYsshttysudo

bash

ssh -tt user@example.com 'sudo systemctl status nginx'

Useful when the remote command expects a terminal.

Run a local script over SSH via stdin

Send a local script to the remote shell over standard input.

↗#

bashANYsshstdinautomation

bash

ssh user@example.com 'bash -s' < ./deploy.sh

Send a local script to the remote shell over standard input.

Authentication

Identity files, passwords, keys, and host verification.

Use a specific private key

Choose a private key explicitly.

↗#

bashANYsshidentitykey

bash

ssh -i ~/.ssh/id_ed25519 user@example.com

Choose a private key explicitly.

Restrict preferred auth methods

Control which auth methods the client attempts first.

↗#

bashANYsshauthenticationpublickey

bash

ssh -o PreferredAuthentications=publickey user@example.com

Control which auth methods the client attempts first.

Strict host key checking

Require the host key to already be known.

↗#

bashANYsshhostkeysecurity

bash

ssh -o StrictHostKeyChecking=yes user@example.com

Require the host key to already be known.

Accept new host keys automatically

Accept first-seen host keys but still protect against changed keys.

↗#

bashANYsshhostkeysecurity

bash

ssh -o StrictHostKeyChecking=accept-new user@example.com

Accept first-seen host keys but still protect against changed keys.

Use a custom known_hosts file

Store host keys in a dedicated file.

↗#

bashANYsshknown-hostshostkey

bash

ssh -o UserKnownHostsFile=~/.ssh/known_hosts.work user@example.com

Store host keys in a dedicated file.

Disable password auth on the client

Force key-based auth attempts only.

↗#

bashANYsshpasswordauth

bash

ssh -o PasswordAuthentication=no user@example.com

Force key-based auth attempts only.

Override host key algorithms

Specify accepted host key algorithms explicitly.

↗#

bashANYsshalgorithmshostkey

bash

ssh -o HostKeyAlgorithms=ssh-ed25519 user@example.com

Specify accepted host key algorithms explicitly.

Override accepted pubkey algorithms

Specify accepted client public key algorithms.

↗#

bashANYsshalgorithmscompatibility

bash

ssh -o PubkeyAcceptedAlgorithms=+ssh-rsa user@example.com

Specify accepted client public key algorithms.

Connection Multiplexing

Reuse SSH sessions with control sockets.

Start a master connection

Open a reusable control connection for later sessions.

↗#

bashANYsshmultiplexingcontrolmaster

bash

ssh -M -S ~/.ssh/cm-%r@%h:%p user@example.com

Open a reusable control connection for later sessions.

Enable connection persistence

Keep a master connection alive in the background.

↗#

bashANYsshmultiplexingpersist

bash

ssh -o ControlMaster=auto -o ControlPersist=10m -o ControlPath=~/.ssh/cm-%r@%h:%p user@example.com

Keep a master connection alive in the background.

Check a master connection

Query an existing multiplexed master socket.

↗#

bashANYsshmultiplexingcheck

bash

ssh -S ~/.ssh/cm-%r@%h:%p -O check user@example.com

Query an existing multiplexed master socket.

Stop a master connection

Shut down a background master socket cleanly.

↗#

bashANYsshmultiplexingexit

bash

ssh -S ~/.ssh/cm-%r@%h:%p -O exit user@example.com

Shut down a background master socket cleanly.

Request forwarding changes on master

Add or adjust forwarding via an existing master connection.

↗#

bashANYsshmultiplexingforward

bash

ssh -S ~/.ssh/cm-%r@%h:%p -O forward user@example.com

Add or adjust forwarding via an existing master connection.

Jump Hosts and Proxies

ProxyJump, bastions, and chained access patterns.

Connect through a jump host

Reach an internal host via a bastion.

↗#

bashANYsshjumphostbastion

bash

ssh -J bastion.example.com user@private.internal

Reach an internal host via a bastion.

Chain multiple jump hosts

Traverse more than one bastion.

↗#

bashANYsshjumphostproxyjump

bash

ssh -J bastion1.example.com,bastion2.example.com user@private.internal

Traverse more than one bastion.

ProxyCommand with netcat

Tunnel through another host using ProxyCommand.

↗#

bashANYsshproxycommandbastion

bash

ssh -o ProxyCommand='ssh bastion.example.com -W %h:%p' user@private.internal

Tunnel through another host using ProxyCommand.

Forward stdio to another host

Use -W for direct stream forwarding.

↗#

bashANYsshforwardproxy

bash

ssh -W target.internal:22 bastion.example.com

Use -W for direct stream forwarding.

Useful Options

Compression, keepalives, escape chars, and timeouts.

Enable compression

Compress traffic for slower links.

↗#

bashANYsshcompressionperformance

bash

ssh -C user@example.com

Compress traffic for slower links.

Set connect timeout

Fail quickly if the host is unreachable.

↗#

bashANYsshtimeoutnetwork

bash

ssh -o ConnectTimeout=5 user@example.com

Fail quickly if the host is unreachable.

Configure keepalives

Send keepalive probes to keep long sessions open.

↗#

bashANYsshkeepalivenetwork

bash

ssh -o ServerAliveInterval=30 -o ServerAliveCountMax=3 user@example.com

Send keepalive probes to keep long sessions open.

Disable escape character

Prevent ~ escape handling in raw sessions.

↗#

bashANYsshescapeterminal

bash

ssh -e none user@example.com

Prevent ~ escape handling in raw sessions.

Run a local command after connect

Execute a client-side command when the connection is established.

↗#

bashANYsshlocalcommandclient

bash

ssh -o PermitLocalCommand=yes -o LocalCommand='echo connected to %n' user@example.com

Execute a client-side command when the connection is established.

More in SSH

OpenSSH Server Admin Cheat Sheet

sshd administration, config validation, systemd control, logging, hardening, authorized keys, and certificates.

SSH Tunnels and Forwarding Cheat Sheet

Local, remote, and dynamic SSH forwarding with practical database, web, and bastion tunnel recipes.

SCP and SFTP Cheat Sheet

SSH-based file transfer with scp and sftp, including recursive copies, jump hosts, interactive commands, and batch mode.

SSH Keys and Agent Cheat Sheet

SSH key generation, authorized_keys management, ssh-keyscan, host keys, ssh-agent, ssh-add, and certificate basics.

SSH Config Cheat Sheet

Client-side SSH configuration examples for aliases, defaults, patterns, includes, ProxyJump, multiplexing, and effective config inspection.

Recommended next

No recommendations yet.

Browse all sheets →