SSH CheatSheet

Table of Contents

SSH authentication keys

See Also:

Generate new public/private keys pairs

ssh-keygen -t ed25519 -C "MyComment" -a 100 -f ~/.ssh/MySshKeyName
    Enter passphrase (empty for no passphrase):

Set a strong passphrase to protect your key


  • -t: key algorithm used
  • -C: Comment can help to identify the key
  • -a: key derivation function (KDF) rounds/iterations (16 by default)

Change private key access rights

Only user owner must be authorized to read and write.

chmod 600 ~/.ssh/MySshKeyName
# Verrify new access rights
ls -alt ~/.ssh/MySshKeyName

First remove ineritance from the .ssh folder

Icacls $env:USERPROFILE\.ssh /c /t /Inheritance:d
Icacls $env:USERPROFILE\.ssh\ /c /t /Remove:g "Tout le monde" Administrateurs System
# Verrify new access rights
Icacls $env:USERPROFILE\.ssh\

Copy the public key to the server

The we need copy the public key to server authorized_keys file.

ssh-copy-id -i ~/.ssh/ <SSH_USER>@<SSH_HOST>

On windows we can’t use ssh-copy-id, but we can use the above onliner command or copy the key via SFTP.

type $env:USERPROFILE\.ssh\ | ssh <SSH_USER>@<SSH_HOST> "cat >> .ssh/authorized_keys"

Now we can connect to the server without password

ssh -i ~/.ssh/MySshKeyName SSH_USER@SSH_HOST

Update Passphrase

ssh-keygen -p -P <OldPassphrase> -N <NewPassphrase> -f <PrivateKey>


ssh-keygen -p -P 'Y27SH19HDIWD' -N 'azerty123' -f private-8297.key

Set SSH config

We can create ssh alias in ~/.ssh/config file.

See Man Page

# Global cofiguration
    IgnoreUnknown AddKeysToAgent,UseKeychain
    UseKeychain yes
    # Specifies whether keys should be automatically added to a running ssh-agent(1)
    AddKeysToAgent yes

# Alias Configuration
HOST MyAlias
    User SSH_USER
    IdentitiesOnly yes # Use only shh key
    IdentityFile ~/.ssh/MySshKeyName # private ssh key path

Then we need to update access rights

chmod 600 ~/.ssh/config
# to verrify
ls -alt ~/.ssh/config

Now we can connect to the server with the above command.

ssh MyAlias

Send files over SSH with SCP

Upload File

scp <LocalFilePath> <sshUser>@<targetIP>:<TargetPath> -p <SshPort>

Download File

scp <sshUser>@<targetIP>:<RemoteFilePath> -p <SshPort> <LocalPath>

Port Forwarding

Static Port Forwarding

ssh - L <LocalPort>:<TargetForwardIp>:<TargetForwardPort> <sshUser>@<targetIP> -p <SshPort>

In above examble the target machine has a service accessible locally on

To access this service from the local machine, execute port forwarding via ssh, this will turn accessible local service from target machine ( on local machine on

ssh -L 9001: matthew@

Dynamic Port Forwarding

Instead of local port forwarding, we could have also opted for dynamic port forwarding, again using SSH .
Unlike local port forwarding and remote port forwarding, which use a specific local and remote port (earlier
we used 9001 and 8080 , for instance), dynamic port forwarding uses a single local port and dynamically
assigns remote ports for each connection.

ssh -D 9001 matthew@

To make use of dynamic port forwarding, a tool such as proxychains is especially useful. In summary and
as the name implies, proxychains can be used to tunnel a connection through multiple proxies; a use case
for this could be increasing anonymity, as the origin of a connection would be significantly more difficult to
trace. In our case, we would only tunnel through one such "proxy"; the target machine.

Install Proxychains

sudo apt-get update
sudo apt-get install proxychains

Configure Proxychains

You have the option to select any editor that you like. For this example, we are using nano, but there are other alternatives such as vim, gedit, leafpad, or sublime.


sudo nano /etc/proxychains4.conf

The minimal changes that we have to make to the file for proxychains to work in our current use case is to:

  1. Ensure that strict_chain is not commented out; ( dynamic_chain and random_chain should be commented out)
  2. At the very bottom of the file, under [ProxyList] , we specify the socks5 (or socks4 ) host and port that we used for our tunnel

In our case, it would look something like this, as our tunnel is listening at localhost:9001.

# add proxy here ...
# meanwile
# defaults set to "tor"
#socks4 9050
socks5 9001

Having configured proxychains correctly, we can now connect any service on the target, as if we were on the target machine ourselves!
This is done by prefixing whatever command we want to run with proxychains, like so:

Example for accessing PostgreSQL service :

proxychains psql -U toto -h localhost -p 5432

See Also



Related Articles