SSH (Secure Shell) is the universal protocol for encrypted remote access, file transfer, and network tunneling across Linux, macOS, BSD, and Windows systems. It replaced insecure tools like telnet and rsh in the 1990s and remains the backbone of every DevOps, cloud, and system administration workflow in 2026. A key insight practitioners often miss: SSH keys authenticate only during the initial handshake β the actual session traffic is encrypted with ephemeral symmetric keys derived via Diffie-Hellman, meaning compromising a session key does not expose your identity key.
What This Cheat Sheet Covers
This topic spans 16 focused tables and 160 indexed concepts. Below is a complete table-by-table outline of this topic, spanning foundational concepts through advanced details.
Table 1: SSH Client Basic Usage and Essential Flags
The ssh command connects you to remote machines, runs commands, and opens tunnels β all from a single binary. Mastering its flags eliminates the need for GUI SSH clients in almost every scenario.
| Command | Example | Description |
|---|---|---|
ssh alice | β’ Connect to a remote host as the specified user β’ prompts for password or uses key auth | |
ssh -p 2222 alice | Connect to a non-default port (default is 22). | |
ssh -i ~/.ssh/id_ed25519 alice | Specify a private key file to use for authentication. | |
ssh -l alice server.example.com | Specify remote username (alternative to user@host syntax). | |
ssh alice 'ls /var/log' | Execute a command on the remote host without opening an interactive shell. | |
ssh -vvv alice | β’ Increase verbosity for debugging connection issues β’ -vvv gives maximum detail | |
ssh -A alice | β’ Forward the local ssh-agent to the remote hostβ’ allows hopping further without copying keys. Use sparingly β anyone with root on the remote host can abuse the forwarded agent socket | |
ssh -N -L 8080:localhost:80 alice | β’ Do not execute a remote command β’ useful when only tunneling is needed |