SSH

Basic Connections

ssh user@host
ssh -p 2222 user@host
ssh -i ~/.ssh/id_ed25519 user@host
ssh -J bastion user@private-host
ssh -L 8080:127.0.0.1:80 user@host
ssh -R 9090:127.0.0.1:9090 user@host
ssh -D 1080 user@host

Keys

ssh-keygen -t ed25519 -C "ivan@lkrv.dev"
ssh-copy-id user@host
ssh-add ~/.ssh/id_ed25519
ssh-add -l

Useful ~/.ssh/config

Host bastion
  HostName bastion.example.com
  User ubuntu
  IdentityFile ~/.ssh/id_ed25519

Host prod-app
  HostName 10.0.10.25
  User ubuntu
  ProxyJump bastion
  IdentityFile ~/.ssh/id_ed25519

Diagnostics

ssh -v user@host
ssh -vvv user@host
ss -tulpn | grep :22
systemctl status sshd
journalctl -u sshd -xe

SCP and SFTP

scp file user@host:/tmp/
scp -r ./dir user@host:/srv/
sftp user@host

Practice

• Prefer ed25519 for new keys.
• PasswordAuthentication no and key-based access should usually be the default for servers.
• For bastion-based access, ProxyJump is usually better than maintaining manual tunnels.