SSH Cheat Sheet

Quick reference for SSH: connecting, key generation, agent, port forwarding, jump hosts, SCP, SFTP, config file, and permissions.

A quick reference for SSH — from connecting to remote hosts and managing keys to tunneling, agent forwarding, and the config file.

Connecting

Command	Description
ssh user@host	Connect to a remote host
ssh -p 2222 user@host	Connect on a non-default port
ssh -i ~/.ssh/id_ed25519 user@host	Connect using a specific key
ssh -v user@host	Verbose output (debug connection issues)
ssh -vvv user@host	Maximum verbosity
ssh user@host "command"	Run a single command without a shell

Command	Description
ssh-keygen -t ed25519 -C "email@example.com"	Generate an Ed25519 key (recommended)
ssh-keygen -t rsa -b 4096 -C "email@example.com"	Generate a 4096-bit RSA key
ssh-keygen -f ~/.ssh/mykey	Specify output file
ssh-keygen -p -f ~/.ssh/id_ed25519	Change passphrase of an existing key
ssh-keygen -l -f ~/.ssh/id_ed25519.pub	Show fingerprint of a public key
ssh-keygen -R hostname	Remove a host from known_hosts

Command	Description
ssh-copy-id user@host	Copy default public key to remote host
ssh-copy-id -i ~/.ssh/id_ed25519.pub user@host	Copy a specific public key
ssh-copy-id -p 2222 user@host	Copy key to host on non-default port

Command	Description
eval "$(ssh-agent -s)"	Start the SSH agent
ssh-add	Add default key (~/.ssh/id_ed25519, id_rsa)
ssh-add ~/.ssh/mykey	Add a specific key
ssh-add -l	List loaded keys (fingerprints)
ssh-add -L	List loaded keys (public keys)
ssh-add -d ~/.ssh/mykey	Remove a key from the agent
ssh-add -D	Remove all keys from the agent

Command	Description
ssh -L 8080:localhost:80 user@host	Local forward: localhost:8080 → remote:80
ssh -L 5432:db-host:5432 user@jump	Local forward through a jump host to another host
ssh -R 8080:localhost:3000 user@host	Remote forward: remote:8080 → local:3000
ssh -D 1080 user@host	Dynamic SOCKS5 proxy on local port 1080
ssh -N -f -L 8080:localhost:80 user@host	-N: no shell, -f: background; useful for tunnels

Command	Description
ssh -J jump-host user@target	Connect to target via a jump host
ssh -J user@jump:22 user@target	Jump host with explicit user and port
ssh -J jump1,jump2 user@target	Chain multiple jump hosts

Command	Description
scp file.txt user@host:/remote/path/	Copy local file to remote
scp user@host:/remote/file.txt .	Copy remote file to local
scp -r ./dir user@host:/remote/path/	Recursively copy a directory
scp -P 2222 file.txt user@host:~/	Copy using non-default port
scp -i ~/.ssh/mykey file.txt user@host:~/	Copy using a specific key

Command	Description
sftp user@host	Open an interactive SFTP session
sftp -P 2222 user@host	Connect on a non-default port
put file.txt	Upload a file (inside sftp session)
get remote-file.txt	Download a file (inside sftp session)
ls / pwd / cd	Navigate remote filesystem (inside sftp session)
lls / lpwd / lcd	Navigate local filesystem (inside sftp session)

Directive	Description
Host <alias>	Define a host alias
HostName <hostname>	Actual hostname or IP
User <username>	Default username for the host
Port <port>	Default port (default: 22)
IdentityFile <path>	Path to private key
ForwardAgent yes	Enable agent forwarding
ServerAliveInterval 60	Send keepalive every 60 seconds
ProxyJump <jump-host>	Route connection through a jump host
AddKeysToAgent yes	Auto-add keys to agent on first use

Config snippet	Purpose
Host myserver	Alias used as: ssh myserver
HostName 203.0.113.10	Actual IP or domain
User deploy	Login as "deploy"
IdentityFile ~/.ssh/id_ed25519	Use this key
Port 2222	Non-standard port
Host *	Defaults applied to all hosts
AddKeysToAgent yes	Auto-load keys into agent
ServerAliveInterval 60	Keep connections alive