SSH - Cheat Sheet
A cheat sheet for popular SSH commands, key generation, SSH agents.
SSH-Keygen
Nowadays, most platforms recommend you to generate keys with the ed25519 algorithm.
ssh-keygen -t ed25519 -C "your@email.com"
If you prefer to go with RSA for compatibility reasons, use the following:
ssh-keygen -t rsa -b 4096 -C "your@email.com"
The -C file simply puts a comment on your public key, like below, so you can e.g. easily make out which public key belongs to which email address, in a busy Authorized_Keys file.
ssh-ed25519 KLAJSDLKSAJKLSJD90182980p1+++ your@email.com
Note: When generating SSH keys, make sure to protect your private key with a passphrase.
SSH with Keys
To use a specific private key to connect to a server, use:
ssh -i mykeyfile user@remotehost.com
Instead of specifying your key files manually with -i, use an SSH-Agent.
Authorized_Keys
Any remote host or service, like GitHub, that you want to use your SSH keys with, needs the public key of your SSH keypair.
For servers, you simply need to append your public key to the file ~/.ssh/authorized_keys.
Use one of the following commands to do that:
cat ~/.ssh/id_rsa.pub | ssh USER@HOST "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"
ssh-copy-id user@host
With services like GitHub, AWS etc. you would either use the UI to upload your public key, or, if available, command-line tools.
SCP
To upload a file to a remote server:
scp myfile.txt user@dest:/path
To recursively upload a local folder to a remote server:
scp -rp sourcedirectory user@dest:/path
To download a file from a remote server:
scp user@dest:/path/myfile.txt localpath
To recursively download a local folder to a remote server:
scp -rp user@dest:/remotedir localpath
*Hint: When doing things recursively via SCP, you might want to consider rsync, which also runs over SSH and has a couple of advantages over SCP.
Hint 2: SCP has been deprecated and you should consider switching to (the less user-friendly) SFTP. The scp command uses the SFTP protocol since OpenSSH 9.*
SSH-Agent
With a running OpenSSH agent (automatically available out of the box on most Linux distributions and macOS) simply use:
ssh-add privatekeyfile
To enable the OpenSSH agent on Windows, you’ll need to execute the following commands:
# By default the ssh-agent service is disabled. Allow it to be manually started for the next step to work.
# Make sure you're running as an Administrator.
Get-Service ssh-agent | Set-Service -StartupType Automatic
# Start the service
Start-Service ssh-agent
Note: On Windows/Linux adding a key to your ssh-agent once, even with a password, will make sure that the key gets associated with your 'login'. Meaning: When you restart your PC and log in again, you’ll have your identity automatically available again.
To get the same behavior on macOS, you’ll need to follow these instructions on StackExchange.
SSH Config
Create a file ~/.ssh/config to manage your SSH hosts. Example:
Host dev-meta*
User ec2-user
IdentityFile ~/.ssh/johnsnow.pem
Host dev-meta-facebook
Hostname 192.168.178.1
Host dev-meta-whatsapp
Hostname 192.168.178.2
Host api.google.com
User googleUser
IdentityFile ~/.ssh/targaryen.key
Note: The Host directive can either
- be a pattern (matching multiple follow-up Hosts)
- refer to a made-up hostname (dev-facebook)
- be a real hostname.
If it’s a made-up hostname, you’ll need to specify an additional Hostname directive, otherwise, you can leave it out. And to add to the overall confusion, a Host line can actually contain multiple patterns.
With the config file above, you could do a:
ssh dev-meta-facebook
Which would effectively do a ssh -i ~/.ssh/johnsnow.pem ec2-user@192.168.178.1 for you.
To make Git use Window’s OpenSSH (and not the one it bundles), execute the following command:
git config --global core.sshcommand "C:/Windows/System32/OpenSSH/ssh.exe"
Exit Dead SSH Sessions
To kill an unresponsive SSH session, hit, subsequently.
Enter, ~, .
{{ 'Comments (%count%)' | trans {count:count} }}
{{ 'Comments are closed.' | trans }}