jump to navigation

The Ultimate SSH cheatsheet January 23, 2011

Posted by Tournas Dimitrios in Linux.

This article assumes that you’re already familiar with SSH such as logging into remote servers, copying files from one server to another, generating ssh key pairs and etc. My blog has many ssh-related articles , just find them 🙂  ……  So with all that away, this article provides a list of tricks that can be used for the most  “every day ” jobs .

With most of these ssh tricks, you can use your imagination to extend it to whatever you need to get done.  Ultimately, it’s executing commands on remote server which practically can be exchanged with anything you find useful.

Transfering  files  and  Backups

  • Transfer /home directory from remote host to local server using ssh and tar:
    $ ssh user@remotehost “tar cvzf – /home” | tar xvzf – /home
  • Similar as above but using scp to recursively copy /home from remote host to local server:
    $ scp -r user@remotehost:/home /home
  • This will copy the local file.txt to the remote server and put it in the home folder of user1. Instead of ~/, a different path can be supplied, i.e. /tmp, /home/public, and any other path we have write access to.
    scp file.txt user1@remote_server:~/
  • In order to copy a file from a remote server to the local computer, we can use another SCP syntax:
    scp user1@remote_server:~/file.txt  . (include dot)
    Other interesting SCP options: 

    • -r – to copy folders recursively (including subfolders),
    • -P port – to use a non-standard port (the default is 22) – of course this option should be used if the server listens on a non-standard port. The option can be helpful when connecting from a firewall-protected network. Setting the SSH server to listen on 443 port (used for secure HTTP connections) is the best way to by-pass the administrator’s restrictions.


  • Transfer a local file to remote server:
    $ cat /home/mynitor/testfile | ssh user@remotehost “cat > /home/mynitor/testfile”
  • Compare a file on remote server with local host:
    $ ssh user@remotehost.com “cat /tmp/remotefile” | diff – /tmp/localfile
  • sshfs  is also a  good option  read my article  >>>>>


ssh  Proxy  and  Port  Forwarding  Tricks

  • Tunnel all your browser traffic through your SSH server:
    $ ssh -D 9999 user@yourserver.com
  • Launch a local x11 session for a given application.  Simply use the following command then run whatever X application:
    $ ssh -X user@remotehost.com ‘xterm’
  • If we just need to execute one single command, we can use the synta
    ssh -X user1@remote_serwer ‘xeyes’
    *read notes at the end of this aticle
  • Use a local server through a proxy server:
    $ ssh -f -N -L 1521:destinationhost.com:80 servertoproxyfrom.com
  • Tunneling VNC over ssh:
    $ ssh -L 5900:localhost:5900 user@yourserver.com
  • Jump off one box into another:
    $ ssh  -t  gatewayhost.com  ssh  destinationhost.com
  • Forward connections using server A to get to server B. You can use this method to get to any application  such as smtp, pop3, mysql, oracle   etc.  Just translate the port number:
    $ ssh -L 3306:serverB.com:3306 user@serverA.com
  • Reverse SSH Tunneling. Concept is you want to get from a server at work or public IP into your home  server or a server behind a firewall.
    Say your destination server is, source server is mynitor.com.  Then ssh back to localhost to get to the home server.
    $ ssh -R 3333:localhost:22 user@mynitor.com
    $ ssh localhost -p 3333
  • Log in without appearing in lastlog/w and who output.
    $ ssh -T user@hostname.com


Miscellaneous  Tricks

  • Play a wav file on remote server:
    $ ssh user1@local_server ‘play /home/mynitor/2pac.wav’
  • Outputting your microphone to a remote computer’s speaker:
    # dd if=/dev/dsp | ssh -c arcfour -C username@host dd of=/dev/dsp
  • Setup password less SSH access to another server:$ ssh-keygen
    $ cat ~/.ssh/id_rsa.pub | ssh user@remotehost “cat – >> ~/.ssh/authorized_keys
  • Like previous example transfer your public key to the remote server
    ssh-copy-id    -i  ~/.ssh/id_rsa.pub   username@remotehost

***  Notice that it’s also possible to connect to the remote server without the X11 forwarding enabled, export the DISPLAY variable to point to the local machine and then run the X application. This way, the application would be executed with a remote display, using the generic X server functionality. SSH security would not be applied in such case since this kind of configuration has nothing to do with SSH. Depending on the configuration of the local X server, it may be that the authorization of the remote X applications needs to be turned on in such case. This is usually done by the command xhost . For example, xhost + hostname accepts all the remote applications from the specified hostname for a while. If we plan to use this option regularly, a more secure X server configuration is recommended.



1. JN - March 23, 2014

Good way of explaining, and nice post to get facts concerning my presentation subject
matter, which i am going to convey in college.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s