SSH Cheat Sheet
A searchable, printable SSH reference — connecting, keys, config, tunneling, SCP/SFTP and agent forwarding. Free.
Connecting
10ssh user@host
Connect as user to host
ssh -p 2222 user@host
Connect on a non-default port
ssh -i ~/.ssh/id_ed25519 user@host
Use a specific identity key
ssh user@host 'uptime'
Run a single remote command and exit
ssh -v user@host
Verbose output for debugging (-vvv for more)
ssh -t user@host 'sudo -i'
Force a pseudo-terminal (for interactive cmds)
ssh -X user@host
Enable X11 forwarding
ssh -o ServerAliveInterval=60 user@host
Send keepalives to avoid timeouts
exit / Ctrl-D
Close the remote session
~.
Force-disconnect a frozen session
Key generation
8ssh-keygen -t ed25519 -C 'you@example.com'
Generate a modern Ed25519 key pair
ssh-keygen -t rsa -b 4096
Generate a 4096-bit RSA key pair
ssh-keygen -t ed25519 -f ~/.ssh/work
Write the key to a specific file
ssh-keygen -p -f ~/.ssh/id_ed25519
Change the passphrase of an existing key
ssh-keygen -y -f ~/.ssh/id_ed25519
Print the public key from a private key
ssh-keygen -l -f ~/.ssh/id_ed25519.pub
Show a key fingerprint
ssh-keygen -lv -f ~/.ssh/id_ed25519.pub
Show the fingerprint randomart image
ssh-keygen -R host
Remove a host key from known_hosts
Installing public keys
7ssh-copy-id user@host
Copy your default public key to the server
ssh-copy-id -i ~/.ssh/work.pub user@host
Copy a specific public key
ssh-copy-id -p 2222 user@host
Copy the key over a custom port
cat ~/.ssh/id_ed25519.pub | ssh user@host 'cat >> ~/.ssh/authorized_keys'
Manual copy when ssh-copy-id is missing
chmod 700 ~/.ssh
Correct permissions on the .ssh directory
chmod 600 ~/.ssh/authorized_keys
Correct permissions on authorized_keys
pbcopy < ~/.ssh/id_ed25519.pub
Copy public key to clipboard (macOS)
SSH config (~/.ssh/config)
10Host myserver
Alias: connect with `ssh myserver`
HostName 203.0.113.10
Real hostname or IP for the alias
User deploy
Default username for this host
Port 2222
Default port for this host
IdentityFile ~/.ssh/work
Key to use for this host
IdentitiesOnly yes
Only offer the listed key
ForwardAgent yes
Forward the SSH agent to this host
Host *.example.com
Wildcard match for a domain
Host *
Global defaults for all hosts
ServerAliveInterval 60
Keepalive interval for all hosts
Port forwarding / tunneling
7ssh -L 8080:localhost:80 user@host
Local: reach host:80 via local 8080
ssh -L 5432:db.internal:5432 user@host
Local forward to a third host through the server
ssh -R 9000:localhost:3000 user@host
Remote: expose your local 3000 as host:9000
ssh -D 1080 user@host
Dynamic: SOCKS proxy on local port 1080
ssh -N -L 8080:localhost:80 user@host
Tunnel only, do not run a remote shell
ssh -f -N -L 8080:localhost:80 user@host
Open the tunnel in the background
ssh -g -L 8080:localhost:80 user@host
Allow other hosts to use the local forward
Jump hosts / bastions
5ssh -J jump@bastion user@target
Hop through a bastion to reach the target
ssh -J h1,h2 user@target
Chain multiple jump hosts
ProxyJump bastion
Config equivalent of -J
ProxyCommand ssh -W %h:%p bastion
Older ProxyCommand-based jump
ssh -o ProxyJump=bastion user@target
Inline ProxyJump option
File transfer (scp & sftp)
7scp file user@host:/path/
Copy a local file to the server
scp user@host:/path/file .
Copy a remote file to the current dir
scp -r dir/ user@host:/path/
Recursively copy a directory
scp -P 2222 file user@host:/path/
Copy over a custom port (note capital -P)
sftp user@host
Start an interactive SFTP session
put localfile / get remotefile
Upload / download inside SFTP
rsync -avz -e ssh dir/ user@host:/path/
Efficient sync over SSH (resumable)
ssh-agent & forwarding
7eval "$(ssh-agent -s)"
Start the agent in the current shell
ssh-add ~/.ssh/id_ed25519
Add a key to the agent
ssh-add -l
List keys loaded in the agent
ssh-add -D
Remove all keys from the agent
ssh-add --apple-use-keychain ~/.ssh/id_ed25519
Store passphrase in macOS keychain
ssh -A user@host
Forward the agent for this connection
ForwardAgent yes
Config equivalent of agent forwarding
No entry matches “:q”.
Need help?
Found an issue with this tool? Let our team know.