SSH Cheat Sheet

SSH•Permalink

Comprehensive SSH client commands for login, remote execution, auth, multiplexing, jump hosts, and practical options.

View

Standard Detailed Compact

Export

Copy the compact sheet, download it, or print it.

Download

`D` dense toggle · `C` copy all

## Basics

Connect to a host

↗#

ssh user@example.com

# Open an interactive SSH session.

Connect on a non-default port

↗#

ssh -p 2222 user@example.com

# Specify a custom SSH port.

Run a remote command

↗#

ssh user@example.com 'uname -a'

# Execute one command remotely without opening an interactive shell.

Verbose output

↗#

ssh -v user@example.com

# Show extra connection and auth debugging details.

Very verbose output

↗#

ssh -vvv user@example.com

# Show full handshake and config debugging details.

Show SSH version

↗#

ssh -V

# Print the local client version.

Batch mode for automation

↗#

ssh -o BatchMode=yes user@example.com 'hostname'

# Disable password prompts for scripts and CI.

Run without allocating a TTY

↗#

ssh -T git@github.com

# Useful in non-interactive scripts.

Force TTY allocation

↗#

ssh -tt user@example.com 'sudo systemctl status nginx'

# Useful when the remote command expects a terminal.

Run a local script over SSH via stdin

↗#

ssh user@example.com 'bash -s' < ./deploy.sh

# Send a local script to the remote shell over standard input.

## Authentication

Use a specific private key

↗#

ssh -i ~/.ssh/id_ed25519 user@example.com

# Choose a private key explicitly.

Restrict preferred auth methods

↗#

ssh -o PreferredAuthentications=publickey user@example.com

# Control which auth methods the client attempts first.

Strict host key checking

↗#

ssh -o StrictHostKeyChecking=yes user@example.com

# Require the host key to already be known.

Accept new host keys automatically

↗#

ssh -o StrictHostKeyChecking=accept-new user@example.com

# Accept first-seen host keys but still protect against changed keys.

Use a custom known_hosts file

↗#

ssh -o UserKnownHostsFile=~/.ssh/known_hosts.work user@example.com

# Store host keys in a dedicated file.

Disable password auth on the client

↗#

ssh -o PasswordAuthentication=no user@example.com

# Force key-based auth attempts only.

Override host key algorithms

↗#

ssh -o HostKeyAlgorithms=ssh-ed25519 user@example.com

# Specify accepted host key algorithms explicitly.

Override accepted pubkey algorithms

↗#

ssh -o PubkeyAcceptedAlgorithms=+ssh-rsa user@example.com

# Specify accepted client public key algorithms.

## Connection Multiplexing

Start a master connection

↗#

ssh -M -S ~/.ssh/cm-%r@%h:%p user@example.com

# Open a reusable control connection for later sessions.

Enable connection persistence

↗#

ssh -o ControlMaster=auto -o ControlPersist=10m -o ControlPath=~/.ssh/cm-%r@%h:%p user@example.com

# Keep a master connection alive in the background.

Check a master connection

↗#

ssh -S ~/.ssh/cm-%r@%h:%p -O check user@example.com

# Query an existing multiplexed master socket.

Stop a master connection

↗#

ssh -S ~/.ssh/cm-%r@%h:%p -O exit user@example.com

# Shut down a background master socket cleanly.

Request forwarding changes on master

↗#

ssh -S ~/.ssh/cm-%r@%h:%p -O forward user@example.com

# Add or adjust forwarding via an existing master connection.

## Jump Hosts and Proxies

Connect through a jump host

↗#

ssh -J bastion.example.com user@private.internal

# Reach an internal host via a bastion.

Chain multiple jump hosts

↗#

ssh -J bastion1.example.com,bastion2.example.com user@private.internal

# Traverse more than one bastion.

ProxyCommand with netcat

↗#

ssh -o ProxyCommand='ssh bastion.example.com -W %h:%p' user@private.internal

# Tunnel through another host using ProxyCommand.

Forward stdio to another host

↗#

ssh -W target.internal:22 bastion.example.com

# Use -W for direct stream forwarding.

## Useful Options

Enable compression

↗#

ssh -C user@example.com

# Compress traffic for slower links.

Set connect timeout

↗#

ssh -o ConnectTimeout=5 user@example.com

# Fail quickly if the host is unreachable.

Configure keepalives

↗#

ssh -o ServerAliveInterval=30 -o ServerAliveCountMax=3 user@example.com

# Send keepalive probes to keep long sessions open.

Disable escape character

↗#

ssh -e none user@example.com

# Prevent ~ escape handling in raw sessions.

Run a local command after connect

↗#

ssh -o PermitLocalCommand=yes -o LocalCommand='echo connected to %n' user@example.com

# Execute a client-side command when the connection is established.

More in SSH

OpenSSH Server Admin Cheat Sheet

sshd administration, config validation, systemd control, logging, hardening, authorized keys, and certificates.

SSH Tunnels and Forwarding Cheat Sheet

Local, remote, and dynamic SSH forwarding with practical database, web, and bastion tunnel recipes.

SCP and SFTP Cheat Sheet

SSH-based file transfer with scp and sftp, including recursive copies, jump hosts, interactive commands, and batch mode.

SSH Keys and Agent Cheat Sheet

SSH key generation, authorized_keys management, ssh-keyscan, host keys, ssh-agent, ssh-add, and certificate basics.

SSH Config Cheat Sheet

Client-side SSH configuration examples for aliases, defaults, patterns, includes, ProxyJump, multiplexing, and effective config inspection.

Recommended next

No recommendations yet.

Browse all sheets →