25 Essential SSH Commands Every Sysadmin Should Master

OpenSSH is the free version of the SSH connection tool. While protocols like telnet, rlogin, and ftp transmit passwords in clear text, SSH encrypts all communication, eliminating eavesdropping, connection hijacking, and other attacks. OpenSSH also provides secure tunneling, multiple authentication methods, and supports all SSH protocol versions.

SSH is an indispensable tool for remote server access. Below are 25 of the most useful SSH commands, selected by community vote.

1. Copy SSH key to target host for password‑less login ssh-copy-id user@host If you do not have a key, generate one with ssh-keygen.

2. Forward remote port 80 to local port 2001 ssh -N -L2001:localhost:80 somemachine Now you can browse http://localhost:2001 to access the remote site.

3. Pipe microphone output to remote speaker

dd if=/dev/dsp | ssh -c arcfour -C username@host dd of=/dev/dsp

The audio quality is poor and may contain static.

4. Compare remote and local files

ssh user@host cat /path/to/remotefile | diff /path/to/localfile -

Useful for detecting differences between files on different machines.

5. Mount a remote directory via SSHFS sshfs name@server:/path/to/folder /path/to/mount/point Download sshfs from fuse.sourceforge.net/sshfs.html to securely mount a remote folder.

6. Connect through an intermediate host ssh -t reachable_host ssh unreachable_host Allows access to a host that is not directly reachable from your network.

7. Simple password‑less login ssh-copy-id username@hostname 8. Connect to host A only via host B ssh -t hostA ssh hostB You must be able to reach host A first.

9. Create a persistent connection to a target host ssh -MNf <user>@<host> Combine with the following ~/.ssh/config settings:

Host host
ControlPath ~/.ssh/master-%r@%h:%p
ControlMaster no

All SSH connections to the host will reuse the persistent socket, which is handy for frequent rsync/sftp operations.

10. Attach to a remote screen session ssh -t remote_host screen -r Directly connects to a remote screen session, saving an extra bash process.

11. Port knocking (door‑knocking)

knock <host> 3000 4000 5000 && ssh -p <port> user@host && knock <host> 5000 4000 3000

Requires knockd and a configuration like:

[options]
logfile = /var/log/knockd.log
[openSSH]
sequence = 3000,4000,5000
seq_timeout = 5
command = /sbin/iptables -A INPUT -i eth0 -s %IP% -p tcp --dport 22 -j ACCEPT
tcpflags = syn
[closeSSH]
sequence = 5000,4000,3000
seq_timeout = 5
command = /sbin/iptables -D INPUT -i eth0 -s %IP% -p tcp --dport 22 -j ACCEPT
tcpflags = syn

12. Remove a host entry from known_hosts ssh-keygen -R <the_offending_host> 13. Execute a complex remote shell command via SSH ssh host -l user $(<cmd.txt>) Portable version: ssh host -l user "`cat cmd.txt`" 14. Copy a MySQL database to a new server over SSH

mysqldump --add-drop-table --extended-insert --force --log-error=error.log -uUSER -pPASS OLD_DB_NAME | ssh -C user@newhost "mysql -uUSER -pPASS NEW_DB_NAME"

This compressed SSH tunnel dump is one of the fastest ways to migrate a MySQL database.

15. Delete a line from known_hosts to fix host‑key change warnings sed -i 8d ~/.ssh/known_hosts 16. Copy your public key from a host without ssh‑copy‑id

cat ~/.ssh/id_rsa.pub | ssh user@machine "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"

Works on macOS and other Unix variants lacking ssh-copy-id.

17. Real‑time SSH network throughput test yes | pv | ssh $host "cat > /dev/null" Shows live transfer speed; install pv first ( apt-get install pv or yum install pv).

18. Re‑attach to a remote GNU screen session ssh -t [email protected] /usr/bin/screen -xRR Useful when a session is detached (Ctrl‑a d) and you need to resume it.

19. Resume a large file transfer with rsync over SSH

rsync --partial --progress -e ssh $file_source $user@$host:$destination_file

Can resume interrupted transfers; install rsync on both ends.

20. Capture remote traffic via SSH and analyze with Wireshark

ssh [email protected] 'tshark -f "port !22" -w -' | wireshark -k -i -

Alternatively, use tcpdump instead of tshark:

ssh [email protected] tcpdump -w - 'port !22' | wireshark -k -i -

21. Keep an SSH session permanently open

autossh -M50000 -t server.example.com 'screen -raAd mysession'

Useful for laptop users switching Wi‑Fi networks without losing the connection.

22. Faster, more stable SSH client options ssh -4 -C -c blowfish-cbc Forces IPv4, enables compression, and uses the fast Blowfish cipher.

23. Control bandwidth with cstream

tar -cj /backup | cstream -t 777k | ssh host 'tar -xj -C /backup'

Compresses a folder and transfers it at 777 kbit/s. See cstream usage for more options.

24. One‑line SSH key deployment ssh-keygen; ssh-copy-id user@host; ssh user@host Generates a key (if needed), copies it to the remote host, and logs in without a password.

25. Copy standard input to the X11 clipboard ssh user@host cat /path/to/some/file | xclip Useful for copying file contents directly into the clipboard for pasting elsewhere.