Secure Shell (SSH): Advancements, Implementations, and Best Practices in Secure Remote Communication Protocols
Secure Shell (SSH) stands as a cornerstone in the architecture of secure communication protocols, revolutionizing the landscape of remote access and data exchange within distributed computing environments. Originating from the pioneering work of Tatu Ylönen in the mid-1990s, SSH has evolved into a robust and versatile framework, offering encrypted connections over unsecured networks and ensuring the confidentiality, integrity, and authenticity of transmitted data.
At its essence, SSH serves as a cryptographic network protocol that facilitates secure command-line login, remote command execution, and data communication between networked systems. Unlike its predecessors, which relied on plaintext transmissions and were susceptible to various security vulnerabilities, SSH leverages advanced cryptographic algorithms to encrypt data payloads, thereby mitigating risks associated with eavesdropping, man-in-the-middle attacks, and unauthorized access.
Some common options for the
sshcommand in Linux along with descriptions for each option:
| Option | Description |
|---|---|
-1 | Forces the use of SSH protocol version 1. |
-2 | Forces the use of SSH protocol version 2. |
-4 | Forces the use of IPv4 addresses only. |
-6 | Forces the use of IPv6 addresses only. |
-A | Enables forwarding of the authentication agent connection. |
-a | Disables forwarding of the authentication agent connection. |
-C | Enables compression. |
-c <cipher_spec> | Selects the cipher specification for encrypting the data transfer. |
-D <port> | Specifies a local “dynamic” application-level port forwarding. |
-E <log_file> | Logs verbose debugging information to the specified file. |
-e <escape_char> | Sets the escape character; the default is ‘~’. |
-F <configfile> | Specifies an alternative configuration file. |
-f | Requests SSH to go to background just before command execution. |
-G | Causes ssh to print its configuration after evaluating Host and Match blocks and exit. |
-g | Allows remote hosts to connect to local forwarded ports. |
-i <identity_file> | Specifies a file from which the identity (private key) for public key authentication is read. |
-J <user@host> | Connects to the target host by first making a connection to the jump host specified by <user@host>. |
-L <local_port:remote_host:remote_port> | Specifies that connections to the given TCP port or Unix socket on the local client should be forwarded to the remote server. |
-l <login_name> | Specifies the user to log in as on the remote machine. |
-M | Places the ssh client into “master” mode for connection sharing. |
-m <mac_spec> | Specifies the MAC (Message Authentication Code) algorithms in order of preference. |
-N | Does not execute a remote command. Useful for port forwarding only. |
-n | Redirects stdin from /dev/null (actually, prevents reading from stdin). |
-O <ctl_cmd> | Control an active connection multiplexing master process. |
-o <option> | Can be used to give options in the format used in the configuration file. |
-p <port> | Specifies the port to connect to on the remote host. |
-Q <query_option> | Query the configuration of the SSH client. |
-q | Quiet mode. Only error messages will be displayed. |
-R <remote_port:local_host:local_port> | Specifies that connections to the given TCP port or Unix socket on the remote server should be forwarded to the local client. |
-S <ctl_path> | Specifies the location of a control socket for connection sharing. |
-T | Disables pseudo-terminal allocation. |
-t | Forces pseudo-terminal allocation. |
-V | Displays the version number and exits. |
-v | Verbose mode. Displays debugging messages. |
-W <host:port> | Requests that standard input and output on the client be forwarded to host on port over the secure channel. |
Common Options:
ssh -1 or -2
The -1 option in the ssh command specifies that only protocol version 1 should be used for establishing the SSH connection. Protocol version 1 is considered less secure and is generally deprecated due to known vulnerabilities. Most modern SSH servers and clients default to using protocol version 2, which offers better security features.
It’s important to note that using protocol version 1 is not recommended for secure communications, and it’s typically only used for compatibility with very old systems that do not support protocol version 2.
Here’s an example illustrating the use of the -1 option with the ssh command:
Example: Connecting to a Server Using SSH Protocol Version 1
1
ssh -1 username@hostname
In this example:
-1: Specifies that only protocol version 1 should be used for the SSH connection.username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.
Note: Before using the -1 option, it’s crucial to understand the implications and potential security risks associated with using SSH protocol version 1. If possible, it’s recommended to use protocol version 2 (-2 option) for better security and compatibility with modern systems.
Alternative: Connecting with Protocol Version 2
For better security and compatibility with modern systems, you can use the default protocol version 2 without specifying any options:
1
ssh username@hostname
In this alternative example:
- No specific protocol version option is specified, so the default protocol version 2 will be used.
username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.
Always prioritize the use of protocol version 2 for SSH connections unless there’s a specific and unavoidable requirement to use protocol version 1 for compatibility with very old systems.
ssh -4 or -6
The -4 option in the ssh command specifies that only IPv4 should be used for establishing the SSH connection. This can be useful in scenarios where IPv6 is enabled but not preferred or when there are compatibility issues with IPv6 networks.
Here are some advanced examples demonstrating the usage of ssh with the -4 option:
Example 1: Connecting to a Server Using IPv4 Only
1
ssh -4 username@hostname
In this example:
-4: Specifies that only IPv4 should be used for the SSH connection.username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.
Example 2: Specifying Custom Port with IPv4
1
ssh -4 -p 2222 username@hostname
In this example:
-4: Specifies that only IPv4 should be used for the SSH connection.-p 2222: Specifies a custom port number (2222 in this case) for the SSH connection.username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.
Example 3: Using SSH Proxy with IPv4
1
ssh -4 -D 1080 username@hostname
In this example:
-4: Specifies that only IPv4 should be used for the SSH connection.-D 1080: Specifies that SSH should act as a SOCKS proxy on local port 1080.username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.
Example 4: Using SSH Tunneling with IPv4
1
ssh -4 -L 8080:localhost:80 username@hostname
In this example:
-4: Specifies that only IPv4 should be used for the SSH connection.-L 8080:localhost:80: Specifies that SSH should forward traffic from local port 8080 to port 80 on the remote server.username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.
Example 5: Using SSH with IPv4 and Public Key Authentication
1
ssh -4 -i ~/.ssh/id_rsa username@hostname
In this example:
-4: Specifies that only IPv4 should be used for the SSH connection.-i ~/.ssh/id_rsa: Specifies the path to the private key file (id_rsain this case) for public key authentication.username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.
Using the -4 option ensures that only IPv4 is used for the SSH connection, which can be beneficial in environments where IPv6 is enabled but not preferred or when there are compatibility issues with IPv6 networks.
ssh -A
The -A option in the ssh command enables agent forwarding, allowing an SSH client to use the SSH agent running on the local machine to authenticate to remote servers. This can be particularly useful when you need to connect to multiple servers via SSH, and you want to use your local SSH keys for authentication without copying them to each server.
To add a private key to the SSH agent, you can use the ssh-add command followed by the path to the private key file. Here’s how you can do it:
Syntax:
1
ssh-add /path/to/private/key
Also the ssh-add -Kcommand is specifically used on macOS to add a private key to the SSH agent and also store the passphrase in the macOS keychain. This can be useful to securely store and manage SSH keys on macOS.
1
ssh-add -K /path/to/private/key
Verifying the Added Keys
After adding the key to the SSH agent, you can verify that it has been added successfully by using the ssh-add -l command:
1
ssh-add -l
This command will list the fingerprints of all the private keys currently added to the SSH agent.
Here are some advanced examples demonstrating the usage of ssh with the -A option:
Example 1: Connecting to a Server with Agent Forwarding
1
ssh -A username@hostname
In this example:
-A: Enables agent forwarding.username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.
Example 2: Specifying Custom Port with Agent Forwarding
1
ssh -A -p 2222 username@hostname
In this example:
-A: Enables agent forwarding.-p 2222: Specifies a custom port number (2222 in this case) for the SSH connection.username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.
Example 3: Using SSH Proxy with Agent Forwarding
1
ssh -A -D 1080 username@hostname
In this example:
-A: Enables agent forwarding.-D 1080: Specifies that SSH should act as a SOCKS proxy on local port 1080.username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.
Example 4: Using SSH Tunneling with Agent Forwarding
1
ssh -A -L 8080:localhost:80 username@hostname
In this example:
-A: Enables agent forwarding.-L 8080:localhost:80: Specifies that SSH should forward traffic from local port 8080 to port 80 on the remote server.username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.
Example 5: Using SSH with Agent Forwarding and Public Key Authentication
1
ssh -A -i ~/.ssh/id_rsa username@hostname
In this example:
-A: Enables agent forwarding.-i ~/.ssh/id_rsa: Specifies the path to the private key file (id_rsain this case) for public key authentication.username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.
Note: When using agent forwarding (-A), be cautious about connecting to untrusted or compromised servers. If an attacker gains access to the remote server, they could potentially use the agent forwarding to authenticate to other servers that your SSH agent has access to.
Using the -A option in ssh can enhance the convenience and security of SSH connections by allowing the use of local SSH keys for authentication without needing to copy them to remote servers.
ssh -a
Certainly! The -a option in the ssh command disables agent forwarding, which prevents the SSH client from using the SSH agent running on the local machine to authenticate to remote servers. Here are some advanced examples demonstrating the usage of ssh with the -a option:
Example 1: Connecting to a Server without Agent Forwarding
1
ssh -a username@hostname
In this example:
-a: Disables agent forwarding.username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.
Example 2: Specifying Custom Port without Agent Forwarding
1
ssh -a -p 2222 username@hostname
In this example:
-a: Disables agent forwarding.-p 2222: Specifies a custom port number (2222 in this case) for the SSH connection.username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.
Example 3: Using SSH Proxy without Agent Forwarding
1
ssh -a -D 1080 username@hostname
In this example:
-a: Disables agent forwarding.-D 1080: Specifies that SSH should act as a SOCKS proxy on local port 1080.username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.
Example 4: Using SSH Tunneling without Agent Forwarding
1
ssh -a -L 8080:localhost:80 username@hostname
In this example:
-a: Disables agent forwarding.-L 8080:localhost:80: Specifies that SSH should forward traffic from local port 8080 to port 80 on the remote server.username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.
Example 5: Using SSH without Agent Forwarding and with Public Key Authentication
1
ssh -a -i ~/.ssh/id_rsa username@hostname
In this example:
-a: Disables agent forwarding.-i ~/.ssh/id_rsa: Specifies the path to the private key file (id_rsain this case) for public key authentication.username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.
By using the -a option in ssh, you can disable agent forwarding, ensuring that the SSH agent running on the local machine is not used for authentication to remote servers.
ssh -C
The -C option in the ssh command enables compression of data during transmission, which can reduce the amount of data sent over the network and improve the performance of the SSH connection, especially on slower network connections.
Here are some advanced examples demonstrating the usage of ssh with the -C option:
Example 1: Connecting to a Server with Compression
1
ssh -C username@hostname
In this example:
-C: Enables compression of data during transmission.username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.
Example 2: Specifying Custom Port with Compression
1
ssh -C -p 2222 username@hostname
In this example:
-C: Enables compression of data during transmission.-p 2222: Specifies a custom port number (2222 in this case) for the SSH connection.username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.
Example 3: Using SSH Proxy with Compression
1
ssh -C -D 1080 username@hostname
In this example:
-C: Enables compression of data during transmission.-D 1080: Specifies that SSH should act as a SOCKS proxy on local port 1080.username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.
Example 4: Using SSH Tunneling with Compression
1
ssh -C -L 8080:localhost:80 username@hostname
In this example:
-C: Enables compression of data during transmission.-L 8080:localhost:80: Specifies that SSH should forward traffic from local port 8080 to port 80 on the remote server.username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.
Example 5: Using SSH with Compression and Public Key Authentication
1
ssh -C -i ~/.ssh/id_rsa username@hostname
In this example:
-C: Enables compression of data during transmission.-i ~/.ssh/id_rsa: Specifies the path to the private key file (id_rsain this case) for public key authentication.username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.
By using the -C option in ssh, you can enable compression to reduce the amount of data sent over the network, which can improve the performance of the SSH connection, especially on slower network connections.
ssh -c <cipher_spec>
The -c <cipher_spec> option in the ssh command specifies the cipher to use for encrypting the data during the SSH connection. SSH supports various encryption ciphers, and you can specify the desired cipher using this option.
Here are some advanced examples demonstrating the usage of ssh with the -c <cipher_spec> option:
Example 1: Connecting to a Server with AES Cipher
1
ssh -c aes128-ctr username@hostname
In this example:
-c aes128-ctr: Specifies the AES-128-CTR cipher for encrypting the data during the SSH connection.username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.
Example 2: Specifying Custom Port and Cipher
1
ssh -c aes256-cbc -p 2222 username@hostname
In this example:
-c aes256-cbc: Specifies the AES-256-CBC cipher for encrypting the data during the SSH connection.-p 2222: Specifies a custom port number (2222 in this case) for the SSH connection.username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.
Example 3: Using SSH Proxy with Cipher
1
ssh -c blowfish-cbc -D 1080 username@hostname
In this example:
-c blowfish-cbc: Specifies the Blowfish CBC cipher for encrypting the data during the SSH connection.-D 1080: Specifies that SSH should act as a SOCKS proxy on local port 1080.username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.
Example 4: Using SSH Tunneling with Cipher
1
ssh -c 3des-cbc -L 8080:localhost:80 username@hostname
In this example:
-c 3des-cbc: Specifies the 3DES CBC cipher for encrypting the data during the SSH connection.-L 8080:localhost:80: Specifies that SSH should forward traffic from local port 8080 to port 80 on the remote server.username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.
Example 5: Using SSH with Public Key Authentication and Cipher
1
ssh -c aes256-ctr -i ~/.ssh/id_rsa username@hostname
In this example:
-c aes256-ctr: Specifies the AES-256-CTR cipher for encrypting the data during the SSH connection.-i ~/.ssh/id_rsa: Specifies the path to the private key file (id_rsain this case) for public key authentication.username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.
Note: It’s important to choose a strong and secure cipher for encrypting the SSH connection. Some older ciphers like 3des-cbc and blowfish-cbc are considered less secure and should be avoided if possible.
By using the -c <cipher_spec> option in ssh, you can specify the desired cipher for encrypting the data during the SSH connection, ensuring a secure and encrypted communication channel between the SSH client and server.
ssh -D <port>
The -D <port> option in the ssh command sets up dynamic port forwarding and creates a SOCKS proxy on the specified local port. This can be useful for securely tunneling network traffic through the SSH connection.
Here are some advanced examples demonstrating the usage of ssh with the -D <port> option:
Example 1: Connecting to a Server with Dynamic Port Forwarding
1
ssh -D 1080 username@hostname
In this example:
-D 1080: Sets up dynamic port forwarding and creates a SOCKS proxy on local port 1080.username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.
Example 2: Specifying Custom Port for SSH Connection and Dynamic Port Forwarding
1
ssh -D 8080 -p 2222 username@hostname
In this example:
-D 8080: Sets up dynamic port forwarding and creates a SOCKS proxy on local port 8080.-p 2222: Specifies a custom port number (2222 in this case) for the SSH connection.username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.
Example 3: Using SSH with Dynamic Port Forwarding and Compression
1
ssh -C -D 9090 username@hostname
In this example:
-C: Enables compression of data during transmission.-D 9090: Sets up dynamic port forwarding and creates a SOCKS proxy on local port 9090.username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.
Example 4: Using SSH with Dynamic Port Forwarding and Specific Cipher
1
ssh -c aes256-ctr -D 7070 username@hostname
In this example:
-c aes256-ctr: Specifies the AES-256-CTR cipher for encrypting the data during the SSH connection.-D 7070: Sets up dynamic port forwarding and creates a SOCKS proxy on local port 7070.username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.
Example 5: Using SSH with Dynamic Port Forwarding and Public Key Authentication
1
ssh -i ~/.ssh/id_rsa -D 6060 username@hostname
In this example:
-i ~/.ssh/id_rsa: Specifies the path to the private key file (id_rsain this case) for public key authentication.-D 6060: Sets up dynamic port forwarding and creates a SOCKS proxy on local port 6060.username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.
By using the -D <port> option in ssh, you can set up dynamic port forwarding and create a SOCKS proxy on the specified local port, allowing you to securely tunnel network traffic through the SSH connection to the remote server.
ssh -E <log_file>
The -E <log_file> option in the ssh command specifies a file to which debug logs will be written during the SSH connection process. This can be useful for troubleshooting SSH connection issues.
Here are some advanced examples demonstrating the usage of ssh with the -E <log_file> option:
Example 1: Connecting to a Server and Logging Debug Information
1
ssh -E ~/ssh_debug.log username@hostname
In this example:
-E ~/ssh_debug.log: Specifies the file~/ssh_debug.logwhere debug logs will be written.username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.
Example 2: Specifying Custom Port and Logging Debug Information
1
ssh -E ~/ssh_debug.log -p 2222 username@hostname
In this example:
-E ~/ssh_debug.log: Specifies the file~/ssh_debug.logwhere debug logs will be written.-p 2222: Specifies a custom port number (2222 in this case) for the SSH connection.username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.
Example 3: Using SSH with Compression and Logging Debug Information
1
ssh -E ~/ssh_debug.log -C username@hostname
In this example:
-E ~/ssh_debug.log: Specifies the file~/ssh_debug.logwhere debug logs will be written.-C: Enables compression of data during transmission.username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.
Example 4: Using SSH with Specific Cipher and Logging Debug Information
1
ssh -E ~/ssh_debug.log -c aes256-ctr username@hostname
In this example:
-E ~/ssh_debug.log: Specifies the file~/ssh_debug.logwhere debug logs will be written.-c aes256-ctr: Specifies the AES-256-CTR cipher for encrypting the data during the SSH connection.username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.
Example 5: Using SSH with Public Key Authentication and Logging Debug Information
1
ssh -E ~/ssh_debug.log -i ~/.ssh/id_rsa username@hostname
In this example:
-E ~/ssh_debug.log: Specifies the file~/ssh_debug.logwhere debug logs will be written.-i ~/.ssh/id_rsa: Specifies the path to the private key file (id_rsain this case) for public key authentication.username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.
By using the -E <log_file> option in ssh, you can specify a file to which debug logs will be written, helping you troubleshoot and diagnose any issues that may arise during the SSH connection process.
ssh -e <escape_char>
The -e <escape_char> option in the ssh command specifies an escape character for SSH sessions. This escape character allows you to send commands to the SSH session itself, rather than to the remote host.
Here are some advanced examples demonstrating the usage of ssh with the -e <escape_char> option:
Example 1: Connecting to a Server with Escape Character Set to “!”
1
ssh -e ! username@hostname
In this example:
-e !: Sets the escape character to “!”.username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.
Example 2: Specifying Custom Port and Escape Character
1
ssh -e ^ -p 2222 username@hostname
In this example:
-e ^: Sets the escape character to “^”.-p 2222: Specifies a custom port number (2222 in this case) for the SSH connection.username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.
Example 3: Using SSH with Compression and Escape Character
1
ssh -e % -C username@hostname
In this example:
-e %: Sets the escape character to “%”.-C: Enables compression of data during transmission.username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.
Example 4: Using SSH with Specific Cipher and Escape Character
1
ssh -e + -c aes256-ctr username@hostname
In this example:
-e +: Sets the escape character to “+”.-c aes256-ctr: Specifies the AES-256-CTR cipher for encrypting the data during the SSH connection.username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.
Example 5: Using SSH with Public Key Authentication and Escape Character
1
ssh -e ~ -i ~/.ssh/id_rsa username@hostname
In this example:
-e ~: Sets the escape character to “~”.-i ~/.ssh/id_rsa: Specifies the path to the private key file (id_rsain this case) for public key authentication.username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.
Once connected to the SSH session, you can use the escape character followed by a command to send commands to the SSH session itself. For example, if the escape character is set to “!”, you can enter “!?” to display a list of supported escape commands.
By using the -e <escape_char> option in ssh, you can specify an escape character for the SSH session, allowing you to send commands to the SSH session itself and perform various operations such as terminating the session, displaying help information, or entering the SSH command prompt.
ssh -F <configfile>
The -F <configfile> option in the ssh command specifies an alternative configuration file for SSH client settings. This can be useful if you want to use a different SSH configuration file instead of the default ~/.ssh/config file.
Here are some advanced examples demonstrating the usage of ssh with the -F <configfile> option:
Example 1: Connecting to a Server Using a Custom SSH Configuration File
Assume you have a custom SSH configuration file named custom_ssh_config with the following content:
1
2
3
4
5
Host myserver
HostName hostname.example.com
User username
Port 2222
IdentityFile ~/.ssh/id_rsa
You can use the -F <configfile> option to specify this custom configuration file:
1
ssh -F custom_ssh_config myserver
In this example:
-F custom_ssh_config: Specifies the custom SSH configuration filecustom_ssh_config.myserver: Specifies the Host entry in the custom configuration file.
Example 2: Connecting to a Server with Compression Using a Custom Configuration File
Assume you have a custom SSH configuration file named custom_ssh_config with the following content:
1
2
3
4
5
6
Host myserver
HostName hostname.example.com
User username
Port 2222
IdentityFile ~/.ssh/id_rsa
Compression yes
You can use the -F <configfile> option to specify this custom configuration file:
1
ssh -F custom_ssh_config myserver
In this example:
-F custom_ssh_config: Specifies the custom SSH configuration filecustom_ssh_config.myserver: Specifies the Host entry in the custom configuration file.
Example 3: Connecting to a Server with Specific Cipher Using a Custom Configuration File
Assume you have a custom SSH configuration file named custom_ssh_config with the following content:
1
2
3
4
5
6
Host myserver
HostName hostname.example.com
User username
Port 2222
IdentityFile ~/.ssh/id_rsa
Ciphers aes256-ctr
You can use the -F <configfile> option to specify this custom configuration file:
1
ssh -F custom_ssh_config myserver
In this example:
-F custom_ssh_config: Specifies the custom SSH configuration filecustom_ssh_config.myserver: Specifies the Host entry in the custom configuration file.
Example 4: Connecting to a Server with Escape Character Using a Custom Configuration File
Assume you have a custom SSH configuration file named custom_ssh_config with the following content:
1
2
3
4
5
6
Host myserver
HostName hostname.example.com
User username
Port 2222
IdentityFile ~/.ssh/id_rsa
EscapeChar ~
You can use the -F <configfile> option to specify this custom configuration file:
1
ssh -F custom_ssh_config myserver
In this example:
-F custom_ssh_config: Specifies the custom SSH configuration filecustom_ssh_config.myserver: Specifies the Host entry in the custom configuration file.
Example 5: Using SSH with Public Key Authentication and Custom Configuration File
Assume you have a custom SSH configuration file named custom_ssh_config with the following content:
1
2
3
4
5
Host myserver
HostName hostname.example.com
User username
Port 2222
IdentityFile ~/.ssh/id_rsa
You can use the -F <configfile> option to specify this custom configuration file:
1
ssh -F custom_ssh_config myserver
In this example:
-F custom_ssh_config: Specifies the custom SSH configuration filecustom_ssh_config.myserver: Specifies the Host entry in the custom configuration file.
By using the -F <configfile> option in ssh, you can specify an alternative configuration file for SSH client settings, allowing you to use a different SSH configuration file instead of the default ~/.ssh/config file for connecting to SSH servers.
ssh -f
The -f option in the ssh command requests SSH to go to background just before command execution. This is useful when you want to run SSH in the background as a daemon or when you want to execute a command remotely without keeping the SSH session open.
Here are some advanced examples demonstrating the usage of ssh with the -f option:
Example 1: Running SSH in the Background to Execute a Remote Command
1
ssh -f username@hostname 'sleep 10; echo "Remote command executed"'
In this example:
-f: Requests SSH to go to background just before command execution.username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.sleep 10; echo "Remote command executed": The remote command to be executed. In this case, it sleeps for 10 seconds and then echoes a message.
Example 2: Running SSH in the Background to Execute a Remote Script
Assume you have a remote script named remote_script.sh on the remote server:
1
2
#!/bin/bash
echo "Hello from remote script"
You can execute this script remotely and run SSH in the background using the following command:
1
ssh -f username@hostname 'bash -s' < remote_script.sh
In this example:
-f: Requests SSH to go to background just before command execution.username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.bash -s < remote_script.sh: The remote command to execute theremote_script.shscript.
Example 3: Running SSH in the Background with Specific Port
1
ssh -f -p 2222 username@hostname 'echo "Remote command with specific port"'
In this example:
-f: Requests SSH to go to background just before command execution.-p 2222: Specifies a custom port number (2222 in this case) for the SSH connection.username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.echo "Remote command with specific port": The remote command to be executed.
Example 4: Running SSH in the Background with Compression
1
ssh -f -C username@hostname 'echo "Remote command with compression"'
In this example:
-f: Requests SSH to go to background just before command execution.-C: Enables compression of data during transmission.username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.echo "Remote command with compression": The remote command to be executed.
Example 5: Running SSH in the Background with Public Key Authentication
1
ssh -f -i ~/.ssh/id_rsa username@hostname 'echo "Remote command with public key authentication"'
In this example:
-f: Requests SSH to go to background just before command execution.-i ~/.ssh/id_rsa: Specifies the path to the private key file (id_rsain this case) for public key authentication.username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.echo "Remote command with public key authentication": The remote command to be executed.
By using the -f option in ssh, you can run SSH in the background to execute remote commands or scripts without keeping the SSH session open.
ssh -G
The -G option in the ssh command generates a connection parameter suitable for use in an ssh_config file. This can be useful for testing the configuration without actually connecting to the remote host.
Here are some examples demonstrating the usage of ssh with the -G option:
Example 1: Generate SSH Configuration Parameters for a Specific Host
1
ssh -G username@hostname
In this example:
-G: Generates a connection parameter suitable for use in anssh_configfile.username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.
The output will display the SSH configuration parameters for the specified host, which can be used to create or update an ssh_config file.
Example 2: Generate SSH Configuration Parameters for a Specific Host with Custom Port
1
ssh -G -p 2222 username@hostname
In this example:
-G: Generates a connection parameter suitable for use in anssh_configfile.-p 2222: Specifies a custom port number (2222 in this case) for the SSH connection.username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.
The output will display the SSH configuration parameters for the specified host with the custom port, which can be used to create or update an ssh_config file.
Example 3: Generate SSH Configuration Parameters for a Specific Host with Public Key Authentication
1
ssh -G -i ~/.ssh/id_rsa username@hostname
In this example:
-G: Generates a connection parameter suitable for use in anssh_configfile.-i ~/.ssh/id_rsa: Specifies the path to the private key file (id_rsain this case) for public key authentication.username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.
The output will display the SSH configuration parameters for the specified host with public key authentication, which can be used to create or update an ssh_config file.
Example 4: Generate SSH Configuration Parameters for a Specific Host with Compression Enabled
1
ssh -G -C username@hostname
In this example:
-G: Generates a connection parameter suitable for use in anssh_configfile.-C: Enables compression of data during transmission.username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.
The output will display the SSH configuration parameters for the specified host with compression enabled, which can be used to create or update an ssh_config file.
Example 5: Generate SSH Configuration Parameters for a Specific Host with Specific Cipher
1
ssh -G -c aes256-ctr username@hostname
In this example:
-G: Generates a connection parameter suitable for use in anssh_configfile.-c aes256-ctr: Specifies the AES-256-CTR cipher for encrypting the data during the SSH connection.username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.
The output will display the SSH configuration parameters for the specified host with the specific cipher, which can be used to create or update an ssh_config file.
By using the -G option in ssh, you can generate connection parameters suitable for use in an ssh_config file, allowing you to test the SSH configuration without actually connecting to the remote host.
ssh -g
The -g option in the ssh command allows remote hosts to connect to local forwarded ports. This can be useful when you want to set up port forwarding and allow remote hosts to access the forwarded ports.
Here are some examples demonstrating the usage of ssh with the -g option:
Example 1: Setting Up Local Port Forwarding with -g
1
ssh -g -L 8080:localhost:80 username@hostname
In this example:
-g: Allows remote hosts to connect to local forwarded ports.-L 8080:localhost:80: Sets up local port forwarding from local port 8080 to port 80 on localhost.username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.
After establishing the SSH connection with this command, remote hosts can connect to port 8080 on the SSH client machine, and the connection will be forwarded to port 80 on the SSH server machine.
Example 2: Setting Up Local Port Forwarding with Custom Port and -g
1
ssh -g -L 9090:localhost:22 -p 2222 username@hostname
In this example:
-g: Allows remote hosts to connect to local forwarded ports.-L 9090:localhost:22: Sets up local port forwarding from local port 9090 to port 22 on localhost.-p 2222: Specifies a custom port number (2222 in this case) for the SSH connection.username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.
After establishing the SSH connection with this command, remote hosts can connect to port 9090 on the SSH client machine, and the connection will be forwarded to port 22 (SSH) on the SSH server machine.
Example 3: Setting Up Local Port Forwarding with -g and Compression
1
ssh -g -C -L 7070:localhost:8080 username@hostname
In this example:
-g: Allows remote hosts to connect to local forwarded ports.-C: Enables compression of data during transmission.-L 7070:localhost:8080: Sets up local port forwarding from local port 7070 to port 8080 on localhost.username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.
After establishing the SSH connection with this command, remote hosts can connect to port 7070 on the SSH client machine, and the connection will be forwarded to port 8080 on the SSH server machine with data compression enabled.
Example 4: Setting Up Local Port Forwarding with -g and Specific Cipher
1
ssh -g -c aes256-ctr -L 6060:localhost:443 username@hostname
In this example:
-g: Allows remote hosts to connect to local forwarded ports.-c aes256-ctr: Specifies the AES-256-CTR cipher for encrypting the data during the SSH connection.-L 6060:localhost:443: Sets up local port forwarding from local port 6060 to port 443 on localhost.username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.
After establishing the SSH connection with this command, remote hosts can connect to port 6060 on the SSH client machine, and the connection will be forwarded to port 443 (HTTPS) on the SSH server machine with the specific cipher.
Example 5: Setting Up Local Port Forwarding with -g and Public Key Authentication
1
ssh -g -i ~/.ssh/id_rsa -L 5050:localhost:3306 username@hostname
In this example:
-g: Allows remote hosts to connect to local forwarded ports.-i ~/.ssh/id_rsa: Specifies the path to the private key file (id_rsain this case) for public key authentication.-L 5050:localhost:3306: Sets up local port forwarding from local port 5050 to port 3306 (MySQL) on localhost.username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.
After establishing the SSH connection with this command, remote hosts can connect to port 5050 on the SSH client machine, and the connection will be forwarded to port 3306 (MySQL) on the SSH server machine with public key authentication.
By using the -g option in ssh, you can set up local port forwarding and allow remote hosts to connect to the forwarded ports, providing a way to access services running on the SSH server machine from remote hosts securely.
ssh -i <identity_file>
The -i <identity_file> option in the ssh command specifies the path to the private key file for public key authentication. This is useful when you want to use a specific private key file for authentication instead of the default ~/.ssh/id_rsa or ~/.ssh/id_dsa.
Here are some examples demonstrating the usage of ssh with the -i <identity_file> option:
Example 1: Connecting to a Server with a Specific Private Key File
1
ssh -i ~/.ssh/my_private_key username@hostname
In this example:
-i ~/.ssh/my_private_key: Specifies the path to the private key file (my_private_key) for public key authentication.username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.
Example 2: Connecting to a Server with a Specific Private Key File and Custom Port
1
ssh -i /path/to/private_key -p 2222 username@hostname
In this example:
-i /path/to/private_key: Specifies the path to the private key file for public key authentication.-p 2222: Specifies a custom port number (2222 in this case) for the SSH connection.username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.
Example 3: Running a Remote Command with a Specific Private Key File
1
ssh -i ~/.ssh/my_private_key username@hostname 'echo "Hello, World!"'
In this example:
-i ~/.ssh/my_private_key: Specifies the path to the private key file (my_private_key) for public key authentication.username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.echo "Hello, World!": The remote command to be executed.
Example 4: Using SSH with Compression and a Specific Private Key File
1
ssh -i ~/.ssh/my_private_key -C username@hostname
In this example:
-i ~/.ssh/my_private_key: Specifies the path to the private key file (my_private_key) for public key authentication.-C: Enables compression of data during transmission.username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.
Example 5: Using SSH with a Specific Private Key File and Specific Cipher
1
ssh -i ~/.ssh/my_private_key -c aes256-ctr username@hostname
In this example:
-i ~/.ssh/my_private_key: Specifies the path to the private key file (my_private_key) for public key authentication.-c aes256-ctr: Specifies the AES-256-CTR cipher for encrypting the data during the SSH connection.username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.
By using the -i <identity_file> option in ssh, you can specify a specific private key file for public key authentication, allowing you to connect to SSH servers with the corresponding private key instead of the default private key.
ssh -J <user@host>
The -J <user@host> option in the ssh command specifies a jump host to connect through when establishing an SSH connection to the target host. This is useful when you need to connect to a target host that is not directly accessible but can be reached via a jump host.
Here are some examples demonstrating the usage of ssh with the -J <user@host> option:
Example 1: Connecting to a Target Host via a Jump Host
1
ssh -J jumpuser@jumphost targetuser@targethost
In this example:
-J jumpuser@jumphost: Specifies the jump host to connect through (jumphostwithjumpuseras the username).targetuser@targethost: Specifies the target host to connect to after jumping through the jump host.
Example 2: Connecting to a Target Host via a Jump Host with Custom Port
1
ssh -J jumpuser@jumphost:2222 targetuser@targethost
In this example:
-J jumpuser@jumphost:2222: Specifies the jump host to connect through (jumphostwithjumpuseras the username) and the custom port (2222) for the jump host.targetuser@targethost: Specifies the target host to connect to after jumping through the jump host.
Example 3: Connecting to a Target Host via a Jump Host with Specific Private Key
1
ssh -J jumpuser@jumphost -i ~/.ssh/my_private_key targetuser@targethost
In this example:
-J jumpuser@jumphost: Specifies the jump host to connect through (jumphostwithjumpuseras the username).-i ~/.ssh/my_private_key: Specifies the path to the private key file (my_private_key) for public key authentication.targetuser@targethost: Specifies the target host to connect to after jumping through the jump host.
Example 4: Connecting to a Target Host via Multiple Jump Hosts
1
ssh -J jumpuser1@jumphost1,jumpuser2@jumphost2 targetuser@targethost
In this example:
-J jumpuser1@jumphost1,jumpuser2@jumphost2: Specifies multiple jump hosts (jumphost1withjumpuser1as the username andjumphost2withjumpuser2as the username) to connect through.targetuser@targethost: Specifies the target host to connect to after jumping through the jump hosts.
Example 5: Connecting to a Target Host via a Jump Host with Compression Enabled
1
ssh -J jumpuser@jumphost -C targetuser@targethost
In this example:
-J jumpuser@jumphost: Specifies the jump host to connect through (jumphostwithjumpuseras the username).-C: Enables compression of data during transmission.targetuser@targethost: Specifies the target host to connect to after jumping through the jump host.
By using the -J <user@host> option in ssh, you can specify a jump host to connect through, allowing you to reach target hosts that are not directly accessible from your local machine. This is particularly useful in environments with strict networking rules or when accessing private networks through a gateway.
ssh -L <local_port:remote_host:remote_port>
The -L <local_port:remote_host:remote_port> option in the ssh command sets up local port forwarding. It forwards traffic from a specified local port to a specified remote host and port through the SSH connection.
Here are some examples demonstrating the usage of ssh with the -L <local_port:remote_host:remote_port> option:
Example 1: Basic Local Port Forwarding
1
ssh -L 8080:localhost:80 username@hostname
In this example:
-L 8080:localhost:80: Sets up local port forwarding from local port 8080 to port 80 onlocalhost.username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.
After establishing this SSH connection, you can access a web server running on port 80 of the remote host by browsing to http://localhost:8080 on the SSH client machine.
Example 2: Local Port Forwarding with Custom Port
1
ssh -L 9090:localhost:22 -p 2222 username@hostname
In this example:
-L 9090:localhost:22: Sets up local port forwarding from local port 9090 to port 22 (SSH) onlocalhost.-p 2222: Specifies a custom port number (2222) for the SSH connection.username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.
After establishing this SSH connection, you can SSH into the remote host by running ssh -p 9090 username@localhost on the SSH client machine.
Example 3: Local Port Forwarding with Specific Private Key File
1
ssh -L 7070:localhost:8080 -i ~/.ssh/my_private_key username@hostname
In this example:
-L 7070:localhost:8080: Sets up local port forwarding from local port 7070 to port 8080 onlocalhost.-i ~/.ssh/my_private_key: Specifies the path to the private key file (my_private_key) for public key authentication.username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.
After establishing this SSH connection, you can access a web server running on port 8080 of the remote host by browsing to http://localhost:7070 on the SSH client machine.
Example 4: Local Port Forwarding with Compression
1
ssh -L 6060:localhost:443 -C username@hostname
In this example:
-L 6060:localhost:443: Sets up local port forwarding from local port 6060 to port 443 (HTTPS) onlocalhost.-C: Enables compression of data during transmission.username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.
After establishing this SSH connection, you can access an HTTPS server running on port 443 of the remote host by browsing to https://localhost:6060 on the SSH client machine with data compression enabled.
Example 5: Local Port Forwarding with Specific Cipher
1
ssh -L 5050:localhost:3306 -c aes256-ctr username@hostname
In this example:
-L 5050:localhost:3306: Sets up local port forwarding from local port 5050 to port 3306 (MySQL) onlocalhost.-c aes256-ctr: Specifies the AES-256-CTR cipher for encrypting the data during the SSH connection.username: Specifies the username for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.
After establishing this SSH connection, you can connect to a MySQL database running on port 3306 of the remote host by running mysql -h localhost -P 5050 -u <username> -p on the SSH client machine with the specific cipher.
By using the -L <local_port:remote_host:remote_port> option in ssh, you can set up local port forwarding to forward traffic from a specified local port to a specified remote host and port through the SSH connection, allowing you to access remote services securely from your local machine.
ssh -l <login_name>
The -l <login_name> option in the ssh command specifies the username for authentication on the remote server. This is useful when you want to explicitly specify the login name instead of relying on the local username or the user@hostname format.
Here are some examples demonstrating the usage of ssh with the -l <login_name> option:
Example 1: Connecting to a Remote Server with a Specific Login Name
1
ssh -l username hostname
In this example:
-l username: Specifies the login name (username) for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.
Example 2: Connecting to a Remote Server with a Specific Login Name and Custom Port
1
ssh -l username -p 2222 hostname
In this example:
-l username: Specifies the login name (username) for authentication on the remote server.-p 2222: Specifies a custom port number (2222) for the SSH connection.hostname: Specifies the hostname or IP address of the remote server to connect to.
Example 3: Running a Remote Command with a Specific Login Name
1
ssh -l username hostname 'echo "Hello, World!"'
In this example:
-l username: Specifies the login name (username) for authentication on the remote server.hostname: Specifies the hostname or IP address of the remote server to connect to.echo "Hello, World!": The remote command to be executed.
Example 4: Using SSH with Compression and a Specific Login Name
1
ssh -l username -C hostname
In this example:
-l username: Specifies the login name (username) for authentication on the remote server.-C: Enables compression of data during transmission.hostname: Specifies the hostname or IP address of the remote server to connect to.
Example 5: Using SSH with a Specific Login Name and Specific Cipher
1
ssh -l username -c aes256-ctr hostname
In this example:
-l username: Specifies the login name (username) for authentication on the remote server.-c aes256-ctr: Specifies the AES-256-CTR cipher for encrypting the data during the SSH connection.hostname: Specifies the hostname or IP address of the remote server to connect to.
By using the -l <login_name> option in ssh, you can specify a specific login name for authentication on the remote server, allowing you to connect to SSH servers with the specified username instead of the default local username or the user@hostname format.
ssh -M
The -M option in the ssh command specifies that the SSH session should be multiplexed. This means that multiple sessions can be multiplexed over a single SSH connection. This can be useful for reducing the overhead of multiple SSH connections and improving performance.
Here are some examples demonstrating the usage of ssh with the -M option:
Example 1: Setting Up SSH Multiplexing
To set up SSH multiplexing, you can use the following command:
1
ssh -M -S ~/.ssh/socket -fnNT username@hostname
In this example:
-M: Specifies that the SSH session should be multiplexed.-S ~/.ssh/socket: Specifies the control socket to use for multiplexing.-fnNT: These options instructsshto run in the background (-f), not execute any commands (-N), and not request a tty (-T).username@hostname: Specifies the username and hostname of the remote server to connect to.
Example 2: Adding a Remote Port Forwarding with SSH Multiplexing
Once the multiplexing is set up, you can add a remote port forwarding using the same control socket:
1
ssh -S ~/.ssh/socket -O forward -L 8080:localhost:80 username@hostname
In this example:
-S ~/.ssh/socket: Specifies the control socket to use for multiplexing.-O forward: Specifies that a remote port forwarding should be added.-L 8080:localhost:80: Sets up remote port forwarding from local port 8080 to port 80 onlocalhost.username@hostname: Specifies the username and hostname of the remote server.
Example 3: Adding a Dynamic Port Forwarding with SSH Multiplexing
You can also add a dynamic port forwarding using the control socket:
1
ssh -S ~/.ssh/socket -O forward -D 7070 username@hostname
In this example:
-S ~/.ssh/socket: Specifies the control socket to use for multiplexing.-O forward: Specifies that a remote port forwarding should be added.-D 7070: Sets up dynamic port forwarding on local port 7070.username@hostname: Specifies the username and hostname of the remote server.
Example 4: Checking the Status of SSH Multiplexing
You can check the status of the multiplexed SSH connection with the following command:
1
ssh -S ~/.ssh/socket -O check username@hostname
In this example:
-S ~/.ssh/socket: Specifies the control socket to use for multiplexing.-O check: Specifies that the status of the multiplexed connection should be checked.username@hostname: Specifies the username and hostname of the remote server.
Example 5: Terminating SSH Multiplexing
To terminate the multiplexed SSH connection, use the following command:
1
ssh -S ~/.ssh/socket -O exit username@hostname
In this example:
-S ~/.ssh/socket: Specifies the control socket to use for multiplexing.-O exit: Specifies that the multiplexed connection should be terminated.username@hostname: Specifies the username and hostname of the remote server.
By using the -M option in ssh, you can set up multiplexed SSH sessions, allowing you to efficiently manage multiple SSH connections over a single connection, which can improve performance and reduce overhead.
ssh -m <mac_spec>
The -m <mac_spec> option in the ssh command specifies a MAC (Message Authentication Code) algorithm to use for encrypting the data during the SSH connection. This option is used to specify the HMAC (Hash-based Message Authentication Code) algorithm for data integrity protection.
Here are some examples demonstrating the usage of ssh with the -m <mac_spec> option:
Example 1: Connecting to a Remote Server with a Specific MAC Algorithm
1
ssh -m hmac-sha2-256 username@hostname
In this example:
-m hmac-sha2-256: Specifies thehmac-sha2-256MAC algorithm for encrypting the data during the SSH connection.username@hostname: Specifies the username and hostname of the remote server to connect to.
Example 2: Connecting to a Remote Server with a Specific MAC Algorithm and Custom Port
1
ssh -m hmac-sha2-512 -p 2222 username@hostname
In this example:
-m hmac-sha2-512: Specifies thehmac-sha2-512MAC algorithm for encrypting the data during the SSH connection.-p 2222: Specifies a custom port number (2222) for the SSH connection.username@hostname: Specifies the username and hostname of the remote server to connect to.
Example 3: Running a Remote Command with a Specific MAC Algorithm
1
ssh -m hmac-sha1 username@hostname 'echo "Hello, World!"'
In this example:
-m hmac-sha1: Specifies thehmac-sha1MAC algorithm for encrypting the data during the SSH connection.username@hostname: Specifies the username and hostname of the remote server to connect to.echo "Hello, World!": The remote command to be executed.
Example 4: Using SSH with Compression and a Specific MAC Algorithm
1
ssh -m hmac-md5 -C username@hostname
In this example:
-m hmac-md5: Specifies thehmac-md5MAC algorithm for encrypting the data during the SSH connection.-C: Enables compression of data during transmission.username@hostname: Specifies the username and hostname of the remote server to connect to.
Example 5: Using SSH with a Specific MAC Algorithm and Specific Cipher
1
ssh -m hmac-sha2-256 -c aes256-ctr username@hostname
In this example:
-m hmac-sha2-256: Specifies thehmac-sha2-256MAC algorithm for encrypting the data during the SSH connection.-c aes256-ctr: Specifies theaes256-ctrcipher for encrypting the data during the SSH connection.username@hostname: Specifies the username and hostname of the remote server to connect to.
By using the -m <mac_spec> option in ssh, you can specify a specific MAC algorithm for encrypting the data during the SSH connection, allowing you to customize the data integrity protection according to your specific security requirements.
ssh -N
The -N option in the ssh command specifies that no commands should be executed on the remote host. This is useful when you only want to establish an SSH tunnel or connection without executing any commands on the remote server.
Here are some examples demonstrating the usage of ssh with the -N option:
Example 1: Establishing an SSH Tunnel for Local Port Forwarding
To set up local port forwarding without executing any commands on the remote host, you can use the following command:
1
ssh -N -L 8080:localhost:80 username@hostname
In this example:
-N: Specifies that no commands should be executed on the remote host.-L 8080:localhost:80: Sets up local port forwarding from local port 8080 to port 80 onlocalhost.username@hostname: Specifies the username and hostname of the remote server to connect to.
After establishing this SSH connection, you can access a web server running on port 80 of the remote host by browsing to http://localhost:8080 on the SSH client machine.
Example 2: Establishing an SSH Tunnel for Dynamic Port Forwarding
You can also set up dynamic port forwarding without executing any commands on the remote host using the -N option:
1
ssh -N -D 7070 username@hostname
In this example:
-N: Specifies that no commands should be executed on the remote host.-D 7070: Sets up dynamic port forwarding on local port 7070.username@hostname: Specifies the username and hostname of the remote server to connect to.
Example 3: Establishing an SSH Tunnel with Specific Private Key
To establish an SSH tunnel with a specific private key without executing any commands on the remote host, you can use the following command:
1
ssh -N -i ~/.ssh/my_private_key username@hostname
In this example:
-N: Specifies that no commands should be executed on the remote host.-i ~/.ssh/my_private_key: Specifies the path to the private key file (my_private_key) for public key authentication.username@hostname: Specifies the username and hostname of the remote server to connect to.
Example 4: Establishing an SSH Tunnel with Compression
To establish an SSH tunnel with compression without executing any commands on the remote host, you can use the following command:
1
ssh -N -C username@hostname
In this example:
-N: Specifies that no commands should be executed on the remote host.-C: Enables compression of data during transmission.username@hostname: Specifies the username and hostname of the remote server to connect to.
Example 5: Establishing an SSH Tunnel with Specific Cipher
To establish an SSH tunnel with a specific cipher without executing any commands on the remote host, you can use the following command:
1
ssh -N -c aes256-ctr username@hostname
In this example:
-N: Specifies that no commands should be executed on the remote host.-c aes256-ctr: Specifies theaes256-ctrcipher for encrypting the data during the SSH connection.username@hostname: Specifies the username and hostname of the remote server to connect to.
By using the -N option in ssh, you can establish an SSH tunnel or connection without executing any commands on the remote host, allowing you to set up SSH tunnels or connections for port forwarding or other purposes without running any commands on the remote server.
ssh -n
The -n option in the ssh command specifies that no command should be executed on the remote host. It’s similar to the -N option but doesn’t set up any port forwarding or dynamic port forwarding. It’s useful when you want to connect to a remote host without executing any commands or setting up any tunnels.
Here are some examples demonstrating the usage of ssh with the -n option:
Example 1: Connecting to a Remote Server without Executing Any Commands
1
ssh -n username@hostname
In this example:
-n: Specifies that no commands should be executed on the remote host.username@hostname: Specifies the username and hostname of the remote server to connect to.
Example 2: Connecting to a Remote Server with Custom Port without Executing Any Commands
1
ssh -n -p 2222 username@hostname
In this example:
-n: Specifies that no commands should be executed on the remote host.-p 2222: Specifies a custom port number (2222) for the SSH connection.username@hostname: Specifies the username and hostname of the remote server to connect to.
Example 3: Connecting to a Remote Server with a Specific Private Key without Executing Any Commands
1
ssh -n -i ~/.ssh/my_private_key username@hostname
In this example:
-n: Specifies that no commands should be executed on the remote host.-i ~/.ssh/my_private_key: Specifies the path to the private key file (my_private_key) for public key authentication.username@hostname: Specifies the username and hostname of the remote server to connect to.
Example 4: Connecting to a Remote Server with Compression without Executing Any Commands
1
ssh -n -C username@hostname
In this example:
-n: Specifies that no commands should be executed on the remote host.-C: Enables compression of data during transmission.username@hostname: Specifies the username and hostname of the remote server to connect to.
Example 5: Connecting to a Remote Server with a Specific Cipher without Executing Any Commands
1
ssh -n -c aes256-ctr username@hostname
In this example:
-n: Specifies that no commands should be executed on the remote host.-c aes256-ctr: Specifies theaes256-ctrcipher for encrypting the data during the SSH connection.username@hostname: Specifies the username and hostname of the remote server to connect to.
By using the -n option in ssh, you can connect to a remote server without executing any commands, allowing you to establish an SSH connection to the remote host without running any commands on the remote server.
ssh -O <ctl_cmd>
The -O <ctl_cmd> option in the ssh command is used for controlling the master connection when multiplexing is enabled using the -M option. This option allows you to perform various control operations on the master SSH connection, such as checking its status, adding or removing port forwardings, and exiting the connection.
Here are some examples demonstrating the usage of ssh with the -O <ctl_cmd> option:
Example 1: Checking the Status of the Master SSH Connection
To check the status of the master SSH connection, you can use the following command:
1
ssh -S ~/.ssh/socket -O check username@hostname
In this example:
-S ~/.ssh/socket: Specifies the control socket to use for multiplexing.-O check: Specifies that the status of the master SSH connection should be checked.username@hostname: Specifies the username and hostname of the remote server.
Example 2: Adding a Remote Port Forwarding to the Master SSH Connection
To add a remote port forwarding to the master SSH connection, you can use the following command:
1
ssh -S ~/.ssh/socket -O forward -L 8080:localhost:80 username@hostname
In this example:
-S ~/.ssh/socket: Specifies the control socket to use for multiplexing.-O forward: Specifies that a remote port forwarding should be added.-L 8080:localhost:80: Sets up remote port forwarding from local port 8080 to port 80 onlocalhost.username@hostname: Specifies the username and hostname of the remote server.
Example 3: Adding a Dynamic Port Forwarding to the Master SSH Connection
To add a dynamic port forwarding to the master SSH connection, you can use the following command:
1
ssh -S ~/.ssh/socket -O forward -D 7070 username@hostname
In this example:
-S ~/.ssh/socket: Specifies the control socket to use for multiplexing.-O forward: Specifies that a remote port forwarding should be added.-D 7070: Sets up dynamic port forwarding on local port 7070.username@hostname: Specifies the username and hostname of the remote server.
Example 4: Removing a Remote Port Forwarding from the Master SSH Connection
To remove a remote port forwarding from the master SSH connection, you can use the following command:
1
ssh -S ~/.ssh/socket -O cancel -L 8080:localhost:80 username@hostname
In this example:
-S ~/.ssh/socket: Specifies the control socket to use for multiplexing.-O cancel: Specifies that a remote port forwarding should be canceled.-L 8080:localhost:80: Removes the remote port forwarding from local port 8080 to port 80 onlocalhost.username@hostname: Specifies the username and hostname of the remote server.
Example 5: Terminating the Master SSH Connection
To terminate the master SSH connection, you can use the following command:
1
ssh -S ~/.ssh/socket -O exit username@hostname
In this example:
-S ~/.ssh/socket: Specifies the control socket to use for multiplexing.-O exit: Specifies that the master SSH connection should be terminated.username@hostname: Specifies the username and hostname of the remote server.
By using the -O <ctl_cmd> option in ssh, you can control the master SSH connection when multiplexing is enabled, allowing you to perform various control operations on the master SSH connection, such as checking its status, adding or removing port forwardings, and exiting the connection.
ssh -o <option>
The -o <option> option in the ssh command allows you to set various options and parameters for the SSH connection. These options are specified as a key-value pair, where the key is the name of the option and the value is the setting for that option. This is particularly useful for setting specific SSH options that are not available as command-line options.
Here are some examples demonstrating the usage of ssh with the -o <option> option:
Example 1: Specifying a Custom Port for SSH Connection
To specify a custom port (e.g., 2222) for the SSH connection, you can use the following command:
1
ssh -o Port=2222 username@hostname
In this example:
-o Port=2222: Specifies that the SSH connection should use port 2222.username@hostname: Specifies the username and hostname of the remote server to connect to.
Example 2: Specifying a Specific Private Key File for Public Key Authentication
To specify a specific private key file (e.g., ~/.ssh/my_private_key) for public key authentication, you can use the following command:
1
ssh -o IdentityFile=~/.ssh/my_private_key username@hostname
In this example:
-o IdentityFile=~/.ssh/my_private_key: Specifies the path to the private key file (my_private_key) for public key authentication.username@hostname: Specifies the username and hostname of the remote server to connect to.
Example 3: Specifying a Custom Cipher for SSH Connection
To specify a custom cipher (e.g., aes256-ctr) for the SSH connection, you can use the following command:
1
ssh -o Ciphers=aes256-ctr username@hostname
In this example:
-o Ciphers=aes256-ctr: Specifies that the SSH connection should use theaes256-ctrcipher for encrypting the data.username@hostname: Specifies the username and hostname of the remote server to connect to.
Example 4: Specifying a Custom MAC Algorithm for SSH Connection
To specify a custom MAC algorithm (e.g., hmac-sha2-256) for the SSH connection, you can use the following command:
1
ssh -o MACs=hmac-sha2-256 username@hostname
In this example:
-o MACs=hmac-sha2-256: Specifies that the SSH connection should use thehmac-sha2-256MAC algorithm for data integrity protection.username@hostname: Specifies the username and hostname of the remote server to connect to.
Example 5: Disabling Host Key Checking for SSH Connection
To disable host key checking for the SSH connection (this is not recommended for security reasons), you can use the following command:
1
ssh -o StrictHostKeyChecking=no username@hostname
In this example:
-o StrictHostKeyChecking=no: Specifies that host key checking should be disabled for the SSH connection.username@hostname: Specifies the username and hostname of the remote server to connect to.
By using the -o <option> option in ssh, you can set various options and parameters for the SSH connection, allowing you to customize the SSH connection according to your specific requirements and preferences.
ssh -p <port>
The -p <port> option in the ssh command specifies the port number on which the SSH server is running. By default, SSH uses port 22. If the SSH server is running on a different port, you can use the -p option to specify the custom port number.
Here are some examples demonstrating the usage of ssh with the -p <port> option:
Example 1: Connecting to a Remote Server on Port 2222
To connect to a remote server running SSH on port 2222, you can use the following command:
1
ssh -p 2222 username@hostname
In this example:
-p 2222: Specifies that the SSH connection should use port 2222.username@hostname: Specifies the username and hostname of the remote server to connect to.
Example 2: Connecting to a Remote Server on Port 2222 with Specific Private Key
To connect to a remote server running SSH on port 2222 using a specific private key (~/.ssh/my_private_key), you can use the following command:
1
ssh -p 2222 -i ~/.ssh/my_private_key username@hostname
In this example:
-p 2222: Specifies that the SSH connection should use port 2222.-i ~/.ssh/my_private_key: Specifies the path to the private key file (my_private_key) for public key authentication.username@hostname: Specifies the username and hostname of the remote server to connect to.
Example 3: Connecting to a Remote Server on Port 2222 with Compression
To connect to a remote server running SSH on port 2222 with compression enabled, you can use the following command:
1
ssh -p 2222 -C username@hostname
In this example:
-p 2222: Specifies that the SSH connection should use port 2222.-C: Enables compression of data during transmission.username@hostname: Specifies the username and hostname of the remote server to connect to.
Example 4: Connecting to a Remote Server on Port 2222 with Specific Cipher
To connect to a remote server running SSH on port 2222 using a specific cipher (aes256-ctr), you can use the following command:
1
ssh -p 2222 -c aes256-ctr username@hostname
In this example:
-p 2222: Specifies that the SSH connection should use port 2222.-c aes256-ctr: Specifies theaes256-ctrcipher for encrypting the data during the SSH connection.username@hostname: Specifies the username and hostname of the remote server to connect to.
Example 5: Connecting to a Remote Server on Port 2222 with Custom MAC Algorithm
To connect to a remote server running SSH on port 2222 using a custom MAC algorithm (hmac-sha2-256), you can use the following command:
1
ssh -p 2222 -o MACs=hmac-sha2-256 username@hostname
In this example:
-p 2222: Specifies that the SSH connection should use port 2222.-o MACs=hmac-sha2-256: Specifies that the SSH connection should use thehmac-sha2-256MAC algorithm for data integrity protection.username@hostname: Specifies the username and hostname of the remote server to connect to.
By using the -p <port> option in ssh, you can specify a custom port number to connect to an SSH server running on a different port, allowing you to establish an SSH connection to the remote server on the specified port.
ssh -Q <query_option>
The -Q <query_option> option in the ssh command is used to query the SSH client or server for specific information. This option allows you to retrieve various information about the SSH client or server, such as supported algorithms, configuration options, and status information.
Here are some examples demonstrating the usage of ssh with the -Q <query_option> option:
Example 1: Querying Supported SSH Algorithms
To query the SSH client for the list of supported algorithms, you can use the following command:
1
ssh -Q cipher
This will display the list of supported ciphers by the SSH client.
Example 2: Querying Supported SSH MAC Algorithms
To query the SSH client for the list of supported MAC (Message Authentication Code) algorithms, you can use the following command:
1
ssh -Q mac
This will display the list of supported MAC algorithms by the SSH client.
Example 3: Querying Supported SSH Key Types
To query the SSH client for the list of supported key types, you can use the following command:
1
ssh -Q key
This will display the list of supported key types by the SSH client.
Example 4: Querying SSH Client Configuration Options
To query the SSH client for the list of supported configuration options, you can use the following command:
1
ssh -Q options
This will display the list of supported configuration options by the SSH client.
Example 5: Querying SSH Server Features
To query the SSH server for the list of supported features, you can use the following command:
1
ssh -Q server
This will display the list of supported features by the SSH server.
Example 6: Querying SSH Client Version
To query the SSH client for its version, you can use the following command:
1
ssh -Q version
This will display the version of the SSH client.
Example 7: Querying SSH Server Version
To query the SSH server for its version, you can use the following command:
1
ssh -Q server-version username@hostname
In this example:
-Q server-version: Specifies that the SSH server version should be queried.username@hostname: Specifies the username and hostname of the remote server.
By using the -Q <query_option> option in ssh, you can query the SSH client or server for specific information, allowing you to retrieve various information about the SSH client or server, such as supported algorithms, configuration options, and status information.
ssh -q
The -q option in the ssh command is used to suppress the informational messages and warnings. It is useful when you want a quieter output, typically used in scripts or automated tasks.
Here are some examples demonstrating the usage of ssh with the -q option:
Example 1: Connecting to a Remote Server Quietly
To connect to a remote server quietly without displaying any warning or informational messages, you can use the following command:
1
ssh -q username@hostname
In this example:
-q: Suppresses informational messages and warnings.username@hostname: Specifies the username and hostname of the remote server to connect to.
Example 2: Running a Remote Command Quietly
To run a remote command quietly without displaying any output, you can use the following command:
1
ssh -q username@hostname 'echo "Hello, World!"'
In this example:
-q: Suppresses informational messages and warnings.username@hostname: Specifies the username and hostname of the remote server to connect to.echo "Hello, World!": The remote command to be executed quietly.
Example 3: Copying a File to a Remote Server Quietly
To copy a file to a remote server quietly without displaying any output, you can use the following command:
1
scp -q file.txt username@hostname:/path/to/destination/
In this example:
-q: Suppresses informational messages and warnings.file.txt: Specifies the file to be copied to the remote server.username@hostname:/path/to/destination/: Specifies the username, hostname, and destination path on the remote server.
Example 4: Transferring Files with rsync Quietly
To transfer files using rsync quietly without displaying any output, you can use the following command:
1
rsync -avz -e 'ssh -q' /path/to/source/ username@hostname:/path/to/destination/
In this example:
-q: Suppresses informational messages and warnings./path/to/source/: Specifies the source directory or files to be transferred.username@hostname:/path/to/destination/: Specifies the username, hostname, and destination path on the remote server.
Example 5: Running SSH in a Script Quietly
Here’s a simple example of using ssh with -q in a script:
1
2
3
4
#!/bin/bash
# Connect to the remote server quietly
ssh -q username@hostname 'echo "Connected successfully!"'
In this example:
-q: Suppresses informational messages and warnings.username@hostname: Specifies the username and hostname of the remote server to connect to.echo "Connected successfully!": The remote command to be executed quietly.
By using the -q option in ssh, you can suppress informational messages and warnings, making the SSH command quieter and more suitable for use in scripts or automated tasks.
ssh -R <remote_port:local_host:local_port>
The -R <remote_port:local_host:local_port> option in the ssh command is used to set up reverse port forwarding. Reverse port forwarding allows you to forward a port from the remote server to the local machine, enabling you to access services running on the local machine from the remote server.
Here are some examples demonstrating the usage of ssh with the -R <remote_port:local_host:local_port> option:
Example 1: Setting up Reverse Port Forwarding for SSH Service
To set up reverse port forwarding for the SSH service, you can use the following command:
1
ssh -R 2222:localhost:22 username@hostname
In this example:
-R 2222:localhost:22: Sets up reverse port forwarding from port 2222 on the remote server to port 22 (SSH service) onlocalhost.username@hostname: Specifies the username and hostname of the remote server to connect to.
After establishing this SSH connection, you can access the SSH service running on port 22 of the local machine by connecting to port 2222 on the remote server.
Example 2: Setting up Reverse Port Forwarding for a Web Server
To set up reverse port forwarding for a web server running on port 80 of the local machine, you can use the following command:
1
ssh -R 8080:localhost:80 username@hostname
In this example:
-R 8080:localhost:80: Sets up reverse port forwarding from port 8080 on the remote server to port 80 (web server) onlocalhost.username@hostname: Specifies the username and hostname of the remote server to connect to.
After establishing this SSH connection, you can access the web server running on port 80 of the local machine by browsing to http://localhost:8080 on the remote server.
Example 3: Setting up Reverse Port Forwarding with Specific Private Key
To set up reverse port forwarding using a specific private key (~/.ssh/my_private_key), you can use the following command:
1
ssh -R 2222:localhost:22 -i ~/.ssh/my_private_key username@hostname
In this example:
-R 2222:localhost:22: Sets up reverse port forwarding from port 2222 on the remote server to port 22 (SSH service) onlocalhost.-i ~/.ssh/my_private_key: Specifies the path to the private key file (my_private_key) for public key authentication.username@hostname: Specifies the username and hostname of the remote server to connect to.
Example 4: Setting up Reverse Port Forwarding with Compression
To set up reverse port forwarding with compression, you can use the following command:
1
ssh -R 2222:localhost:22 -C username@hostname
In this example:
-R 2222:localhost:22: Sets up reverse port forwarding from port 2222 on the remote server to port 22 (SSH service) onlocalhost.-C: Enables compression of data during transmission.username@hostname: Specifies the username and hostname of the remote server to connect to.
Example 5: Setting up Reverse Port Forwarding with Specific Cipher
To set up reverse port forwarding using a specific cipher (aes256-ctr), you can use the following command:
1
ssh -R 2222:localhost:22 -c aes256-ctr username@hostname
In this example:
-R 2222:localhost:22: Sets up reverse port forwarding from port 2222 on the remote server to port 22 (SSH service) onlocalhost.-c aes256-ctr: Specifies theaes256-ctrcipher for encrypting the data during the SSH connection.username@hostname: Specifies the username and hostname of the remote server to connect to.
By using the -R <remote_port:local_host:local_port> option in ssh, you can set up reverse port forwarding, enabling you to forward a port from the remote server to the local machine and access services running on the local machine from the remote server.
ssh -S <ctl_path>
The -S <ctl_path> option in the ssh command specifies the control socket for connection sharing. This option is used in conjunction with the -M option to enable multiplexing, allowing multiple SSH sessions to share a single network connection.
Here are some examples demonstrating the usage of ssh with the -S <ctl_path> option:
Example 1: Establishing a Control Master Connection
To establish a control master connection using a control socket located at ~/.ssh/master-%r@%h:%p, you can use the following command:
1
ssh -M -S ~/.ssh/master-%r@%h:%p username@hostname
In this example:
-M: Specifies that the connection should be used to set up a control master.-S ~/.ssh/master-%r@%h:%p: Specifies the control socket path.
Example 2: Creating a New Session Using the Control Master Connection
To create a new SSH session using the existing control master connection, you can use the following command:
1
ssh -S ~/.ssh/master-%r@%h:%p username@hostname
In this example:
-S ~/.ssh/master-%r@%h:%p: Specifies the control socket path, which is used to establish a new SSH session using the existing control master connection.
Example 3: Querying the Status of the Control Master Connection
To query the status of the control master connection, you can use the following command:
1
ssh -S ~/.ssh/master-%r@%h:%p -O check username@hostname
In this example:
-S ~/.ssh/master-%r@%h:%p: Specifies the control socket path.-O check: Specifies that the status of the control master connection should be checked.
Example 4: Terminating the Control Master Connection
To terminate the control master connection, you can use the following command:
1
ssh -S ~/.ssh/master-%r@%h:%p -O exit username@hostname
In this example:
-S ~/.ssh/master-%r@%h:%p: Specifies the control socket path.-O exit: Specifies that the control master connection should be terminated.
Example 5: Creating a New Session with Specific Options Using Control Master
To create a new SSH session with specific options (e.g., port 2222 and compression) using the existing control master connection, you can use the following command:
1
ssh -S ~/.ssh/master-%r@%h:%p -p 2222 -C username@hostname
In this example:
-S ~/.ssh/master-%r@%h:%p: Specifies the control socket path.-p 2222: Specifies the port to connect to (using the existing control master connection).-C: Enables compression of data during transmission.username@hostname: Specifies the username and hostname of the remote server.
By using the -S <ctl_path> option in ssh, you can specify the control socket for connection sharing, enabling multiplexing and allowing multiple SSH sessions to share a single network connection.
ssh -T
The -T option in the ssh command is used to disable pseudo-terminal allocation. This option is useful when you want to run remote commands that do not require a terminal, like running a remote command in a script or in a batch mode.
Here are some examples demonstrating the usage of ssh with the -T option:
Example 1: Running a Remote Command Without Pseudo-Terminal
To run a remote command without pseudo-terminal allocation, you can use the following command:
1
ssh -T username@hostname 'echo "Hello, World!"'
In this example:
-T: Disables pseudo-terminal allocation.username@hostname: Specifies the username and hostname of the remote server to connect to.echo "Hello, World!": The remote command to be executed without a terminal.
Example 2: Running a Remote Script Without Pseudo-Terminal
Suppose you have a remote script named remote_script.sh on the remote server that does not require a terminal. You can run this script without pseudo-terminal allocation using the following command:
1
ssh -T username@hostname 'bash -s' < remote_script.sh
In this example:
-T: Disables pseudo-terminal allocation.username@hostname: Specifies the username and hostname of the remote server to connect to.bash -s < remote_script.sh: The remote command to be executed without a terminal, which reads and executes theremote_script.sh.
Example 3: Running Multiple Commands Without Pseudo-Terminal
To run multiple commands without pseudo-terminal allocation, you can use the following command:
1
2
3
4
5
6
ssh -T username@hostname << EOF
echo "Running command 1"
ls -l
echo "Running command 2"
whoami
EOF
In this example:
-T: Disables pseudo-terminal allocation.username@hostname: Specifies the username and hostname of the remote server to connect to.- The commands between
<< EOFandEOFare executed on the remote server without a terminal.
Example 4: Running rsync Without Pseudo-Terminal
To transfer files using rsync without pseudo-terminal allocation, you can use the following command:
1
rsync -avz -e 'ssh -T' /path/to/source/ username@hostname:/path/to/destination/
In this example:
-T: Disables pseudo-terminal allocation in the SSH connection./path/to/source/: Specifies the source directory or files to be transferred.username@hostname:/path/to/destination/: Specifies the username, hostname, and destination path on the remote server.
Example 5: Using scp Without Pseudo-Terminal
To copy a file to a remote server without pseudo-terminal allocation, you can use the following command:
1
scp -T file.txt username@hostname:/path/to/destination/
In this example:
-T: Disables pseudo-terminal allocation.file.txt: Specifies the file to be copied to the remote server.username@hostname:/path/to/destination/: Specifies the username, hostname, and destination path on the remote server.
By using the -T option in ssh, you can disable pseudo-terminal allocation, allowing you to run remote commands that do not require a terminal, such as running a remote command in a script or in batch mode.
ssh -t
The -t option in the ssh command is used to force pseudo-terminal allocation, even if a command is given on the remote server. This option is useful when you need to run interactive commands or applications on the remote server that require a terminal.
Here are some examples demonstrating the usage of ssh with the -t option:
Example 1: Running an Interactive Shell on the Remote Server
To open an interactive shell on the remote server, you can use the following command:
1
ssh -t username@hostname
In this example:
-t: Forces pseudo-terminal allocation.username@hostname: Specifies the username and hostname of the remote server to connect to.
Example 2: Running a Specific Command with Interactive Shell
To run a specific command with an interactive shell on the remote server, you can use the following command:
1
ssh -t username@hostname 'top'
In this example:
-t: Forces pseudo-terminal allocation.username@hostname: Specifies the username and hostname of the remote server to connect to.top: The specific command to be executed with an interactive shell on the remote server.
Example 3: Running screen or tmux Session on the Remote Server
To start a screen or tmux session on the remote server, you can use the following command:
For screen:
1
ssh -t username@hostname 'screen -R'
For tmux:
1
ssh -t username@hostname 'tmux new-session -s mysession'
In these examples:
-t: Forces pseudo-terminal allocation.username@hostname: Specifies the username and hostname of the remote server to connect to.screen -Rortmux new-session -s mysession: The command to start ascreenortmuxsession on the remote server.
Example 4: Running Remote Script with Interactive Prompt
Suppose you have a remote script named remote_script.sh that requires an interactive prompt. You can run this script using the following command:
1
ssh -t username@hostname 'bash -s' < remote_script.sh
In this example:
-t: Forces pseudo-terminal allocation.username@hostname: Specifies the username and hostname of the remote server to connect to.bash -s < remote_script.sh: The command to execute theremote_script.shscript with an interactive shell.
Example 5: Running sudo Command with Interactive Prompt
To run a sudo command that requires an interactive prompt on the remote server, you can use the following command:
1
ssh -t username@hostname 'sudo apt update'
In this example:
-t: Forces pseudo-terminal allocation.username@hostname: Specifies the username and hostname of the remote server to connect to.sudo apt update: Thesudocommand to update the package list on the remote server.
By using the -t option in ssh, you can force pseudo-terminal allocation, allowing you to run interactive commands or applications on the remote server that require a terminal, such as an interactive shell, screen or tmux session, or sudo commands that require an interactive prompt.
ssh -V
The -V option in the ssh command is used to display the version of the SSH client.
Here are some examples demonstrating the usage of ssh with the -V option:
Example 1: Displaying SSH Client Version
To display the version of the SSH client, you can use the following command:
1
ssh -V
Example 2: Verifying SSH Client Version in a Script
You can also use the -V option within a script to verify the SSH client version. Here’s an example script:
1
2
3
4
#!/bin/bash
ssh_version=$(ssh -V 2>&1)
echo "SSH client version: $ssh_version"
In this example:
-V: Displays the version of the SSH client.2>&1: Redirects the error output to standard output so that it can be captured by the script.
Example 3: Displaying SSH Client Version with Other Options
To display the version of the SSH client along with other information, you can use the following command:
1
ssh -V 2>&1 | awk '{print "SSH client version: " $1 ", " $2 ", " $3 ", " $4}'
In this example:
-V: Displays the version of the SSH client.2>&1: Redirects the error output to standard output so that it can be captured byawk.awk '{print "SSH client version: " $1 ", " $2 ", " $3 ", " $4}': Formats the output to display the SSH client version along with other information.
Example 4: Displaying SSH Client Version in a Verbose Format
To display the version of the SSH client in a verbose format, you can use the following command:
1
ssh -V 2>&1 | awk '{print "SSH client version: " $1 "\nBuild date: " $2 " " $3 " " $4 "\nFeatures: " $5}'
In this example:
-V: Displays the version of the SSH client.2>&1: Redirects the error output to standard output so that it can be captured byawk.awk '{print "SSH client version: " $1 "\nBuild date: " $2 " " $3 " " $4 "\nFeatures: " $5}': Formats the output to display the SSH client version, build date, and features in a verbose format.
Example 5: Checking SSH Client Version in a Script
You can use the following script to check the SSH client version and take appropriate action based on the version:
1
2
3
4
5
6
7
8
9
10
11
12
#!/bin/bash
ssh_version=$(ssh -V 2>&1 | awk '{print $1}' | cut -d',' -f1)
echo "SSH client version: $ssh_version"
if [[ "$ssh_version" == "OpenSSH"* ]]; then
echo "OpenSSH client detected"
# Add your commands for OpenSSH client
else
echo "Unsupported SSH client detected"
# Add your commands for unsupported SSH client
fi
In this example:
-V: Displays the version of the SSH client.2>&1: Redirects the error output to standard output so that it can be captured byawk.awk '{print $1}': Extracts the SSH client version.cut -d',' -f1: Removes the comma and additional version details.
By using the -V option in ssh, you can display the version of the SSH client, allowing you to verify the SSH client version and take appropriate action based on the version in a script or for other purposes.
ssh -v
The -v option in the ssh command is used to enable verbose mode, which displays debugging messages during the SSH connection process. This can be helpful for troubleshooting connection issues or understanding the SSH connection process in detail.
Here are some examples demonstrating the usage of ssh with the -v option:
Example 1: Connecting to a Remote Server in Verbose Mode
To connect to a remote server with verbose mode enabled, you can use the following command:
1
ssh -v username@hostname
In this example:
-v: Enables verbose mode to display debugging messages.username@hostname: Specifies the username and hostname of the remote server to connect to.
Example 2: Verbose Output with Key Authentication
To connect to a remote server using a specific private key with verbose mode enabled, you can use the following command:
1
ssh -v -i ~/.ssh/my_private_key username@hostname
In this example:
-v: Enables verbose mode to display debugging messages.-i ~/.ssh/my_private_key: Specifies the path to the private key file (my_private_key) for public key authentication.username@hostname: Specifies the username and hostname of the remote server to connect to.
Example 3: Verbose Output with Specific Cipher
To connect to a remote server using a specific cipher (aes256-ctr) with verbose mode enabled, you can use the following command:
1
ssh -v -c aes256-ctr username@hostname
In this example:
-v: Enables verbose mode to display debugging messages.-c aes256-ctr: Specifies theaes256-ctrcipher for encrypting the data during the SSH connection.username@hostname: Specifies the username and hostname of the remote server to connect to.
Example 4: Verbose Output with Compression
To connect to a remote server with compression enabled and verbose mode enabled, you can use the following command:
1
ssh -v -C username@hostname
In this example:
-v: Enables verbose mode to display debugging messages.-C: Enables compression of data during transmission.username@hostname: Specifies the username and hostname of the remote server to connect to.
Example 5: Verbose Output with Specific SSH Configuration File
Assuming you have a custom SSH configuration file named custom_ssh_config, you can use it with verbose mode enabled as follows:
1
ssh -v -F custom_ssh_config username@hostname
In this example:
-v: Enables verbose mode to display debugging messages.-F custom_ssh_config: Specifies a custom SSH configuration file (custom_ssh_config).username@hostname: Specifies the username and hostname of the remote server to connect to.
Example 6: Verbose Output for SSH Connection Multiplexing
To enable verbose mode for SSH connection multiplexing, you can use the following command:
1
ssh -v -M -S ~/.ssh/master-%r@%h:%p username@hostname
In this example:
-v: Enables verbose mode to display debugging messages.-M: Specifies that the connection should be used to set up a control master.-S ~/.ssh/master-%r@%h:%p: Specifies the control socket path.username@hostname: Specifies the username and hostname of the remote server to connect to.
By using the -v option in ssh, you can enable verbose mode to display debugging messages, which can be helpful for troubleshooting connection issues or understanding the SSH connection process in detail.
ssh -W <host:port>
The -W <host:port> option in the ssh command is used to specify that a TCP/IP connection to the given host and port should be forwarded over the secure channel. This option is particularly useful for setting up simple VPN-like tunnels or for forwarding ports to internal services.
Here are some examples demonstrating the usage of ssh with the -W <host:port> option:
Example 1: Simple TCP Forwarding
To forward a local port to a remote host and port using the -W option, you can use the following command:
1
ssh -W localhost:8080 username@hostname
In this example:
-W localhost:8080: Specifies that connections tolocalhoston port8080should be forwarded over the secure channel to the remote server.username@hostname: Specifies the username and hostname of the remote server to connect to.
Example 2: Forwarding to a Different Host and Port
To forward a local port to a different host and port on the remote side, you can use the following command:
1
ssh -W internal_server:80 username@hostname
In this example:
-W internal_server:80: Specifies that connections tointernal_serveron port80should be forwarded over the secure channel to the remote server.username@hostname: Specifies the username and hostname of the remote server to connect to.
Example 3: Forwarding to a Specific IP Address and Port
To forward a local port to a specific IP address and port on the remote side, you can use the following command:
1
ssh -W 192.168.1.10:22 username@hostname
In this example:
-W 192.168.1.10:22: Specifies that connections to IP address192.168.1.10on port22should be forwarded over the secure channel to the remote server.username@hostname: Specifies the username and hostname of the remote server to connect to.
Example 4: Using Specific Key for Authentication
To forward a local port using a specific private key for authentication, you can use the following command:
1
ssh -i ~/.ssh/my_private_key -W localhost:8080 username@hostname
In this example:
-i ~/.ssh/my_private_key: Specifies the path to the private key file (my_private_key) for public key authentication.-W localhost:8080: Specifies that connections tolocalhoston port8080should be forwarded over the secure channel to the remote server.username@hostname: Specifies the username and hostname of the remote server to connect to.
Example 5: Using Compression with Forwarding
To forward a local port with compression using the -W option, you can use the following command:
1
ssh -C -W localhost:8080 username@hostname
In this example:
-C: Enables compression of data during transmission.-W localhost:8080: Specifies that connections tolocalhoston port8080should be forwarded over the secure channel to the remote server.username@hostname: Specifies the username and hostname of the remote server to connect to.
By using the -W <host:port> option in ssh, you can specify that a TCP/IP connection to the given host and port should be forwarded over the secure channel, allowing you to set up simple VPN-like tunnels or forward ports to internal services.