Quick reference tables
SSH key generation
| Command | What it does |
|---|---|
ssh-keygen -t ed25519 -C "you@email.com" | Generate Ed25519 key (recommended) |
ssh-keygen -t rsa -b 4096 -C "you@email.com" | Generate RSA 4096 (legacy systems) |
ssh-keygen -t ed25519 -f ~/.ssh/work_key | Custom filename |
ssh-keygen -p -f ~/.ssh/id_ed25519 | Change passphrase on existing key |
ssh-keygen -l -f ~/.ssh/id_ed25519.pub | Show key fingerprint |
SSH connections
| Command | What it does |
|---|---|
ssh user@host | Connect to a host |
ssh -p 2222 user@host | Non-standard port |
ssh -i ~/.ssh/mykey user@host | Use specific key |
ssh -v user@host | Verbose (debug connection issues) |
ssh -A user@host | Enable agent forwarding |
ssh -J jump@bastion user@target | Jump host (ProxyJump) |
ssh user@host "ls /var/log" | Run command without interactive shell |
Copy keys & files
| Command | What it does |
|---|---|
ssh-copy-id user@host | Copy public key to server |
ssh-copy-id -i ~/.ssh/mykey.pub user@host | Copy specific key |
scp file.txt user@host:/remote/path/ | Copy file to remote |
scp user@host:/remote/file.txt ./ | Copy file from remote |
scp -r dir/ user@host:/path/ | Copy directory recursively |
rsync -avz src/ user@host:/dest/ | Sync directories (resumable) |
SSH agent
| Command | What it does |
|---|---|
eval "$(ssh-agent -s)" | Start ssh-agent |
ssh-add ~/.ssh/id_ed25519 | Add key to agent |
ssh-add -l | List keys in agent |
ssh-add -d ~/.ssh/id_ed25519 | Remove key from agent |
ssh-add -D | Remove all keys from agent |
ssh-add -t 3600 ~/.ssh/id_ed25519 | Add with 1-hour expiry |
SSH tunnels / port forwarding
| Command | What it does |
|---|---|
ssh -L 8080:localhost:80 user@host | Forward local 8080 → remote 80 |
ssh -R 8080:localhost:3000 user@host | Forward remote 8080 → local 3000 |
ssh -D 1080 user@host | SOCKS5 proxy on local port 1080 |
ssh -N -L 5432:localhost:5432 user@host | DB tunnel (no shell, just tunnel) |
ssh -f -N -L 8080:localhost:80 user@host | Background tunnel |
GPG key management
| Command | What it does |
|---|---|
gpg --gen-key | Generate a new GPG key |
gpg --full-generate-key | Full key generation (custom settings) |
gpg --list-keys | List all public keys |
gpg --list-secret-keys | List private keys |
gpg --export -a "Name" | Export public key (ASCII) |
gpg --export-secret-keys -a "Name" | Export private key |
gpg --import key.asc | Import a key |
gpg --delete-key "Name" | Delete a public key |
gpg --delete-secret-key "Name" | Delete a private key |
gpg --send-keys KEY_ID | Upload to keyserver |
gpg --recv-keys KEY_ID | Download from keyserver |
GPG encryption & signing
| Command | What it does |
|---|---|
gpg -e -r "recipient@email.com" file.txt | Encrypt file for recipient |
gpg -d file.txt.gpg | Decrypt file |
gpg --sign file.txt | Sign file (binary signature) |
gpg --clearsign file.txt | Sign with readable text |
gpg --detach-sign file.txt | Detached signature (.sig file) |
gpg --verify file.txt.sig file.txt | Verify signature |
Git commit signing
| Command | What it does |
|---|---|
git config --global user.signingkey KEY_ID | Set signing key |
git config --global commit.gpgsign true | Sign all commits |
git commit -S -m "message" | Sign this commit |
git log --show-signature | Show signatures in log |
git verify-commit HEAD | Verify last commit signature |
Detailed sections
SSH config file — stop typing long commands
Create ~/.ssh/config to give servers short aliases:
# Personal GitHub
Host github.com
HostName github.com
User git
IdentityFile ~/.ssh/id_ed25519
# Work GitHub
Host github-work
HostName github.com
User git
IdentityFile ~/.ssh/work_key
# Remote server
Host myserver
HostName 192.168.1.100
User ubuntu
Port 22
IdentityFile ~/.ssh/id_ed25519
ServerAliveInterval 60
# Bastion jump host
Host internal-server
HostName 10.0.0.50
User ec2-user
ProxyJump bastion@jump.example.com
IdentityFile ~/.ssh/prod_keyNow you can just:
ssh myserver # instead of: ssh -i ~/.ssh/id_ed25519 ubuntu@192.168.1.100
git clone github-work:org/repo # uses work key automatically
ssh internal-server # jumps through bastion automaticallyAdd SSH key to GitHub / GitLab
# 1. Generate key
ssh-keygen -t ed25519 -C "you@email.com"
# 2. Start agent and add key
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_ed25519
# 3. Copy public key to clipboard
cat ~/.ssh/id_ed25519.pub # copy this output
# On macOS:
pbcopy < ~/.ssh/id_ed25519.pub
# On Linux:
xclip -selection clipboard < ~/.ssh/id_ed25519.pub
# 4. Add to GitHub: Settings → SSH Keys → New SSH Key
# 5. Test connection
ssh -T git@github.com
# "Hi username! You've successfully authenticated..."SSH agent forwarding — connecting from server to server
If you SSH into a server and need to clone a private repo from there, agent forwarding lets you use your local keys without copying them to the server.
# Connect with agent forwarding
ssh -A user@jumpserver
# Now on jumpserver, your local keys work:
git clone git@github.com:org/private-repo.git
# Or connect to another server from there
ssh user@internal-serverSet it permanently in ~/.ssh/config:
Host jumpserver
HostName jump.example.com
ForwardAgent yesSecurity note: Only enable agent forwarding on servers you trust. Anyone with root on that server can use your forwarded agent.
Database tunneling — access remote DB locally
This is one of the most useful SSH tricks for developers:
# Forward remote PostgreSQL to local port
ssh -N -L 5432:localhost:5432 user@prod-server
# Now connect with any local Postgres client:
psql -h localhost -U dbuser mydb
# or open TablePlus, DBeaver, etc. connecting to localhost:5432Run it in background:
ssh -f -N -L 5432:localhost:5432 user@prod-server
# -f = background, -N = no command, just tunnelKill it:
ps aux | grep "5432:localhost" | awk '{print $2}' | xargs killSet up GPG for signed commits
Signed commits show a “Verified” badge on GitHub. Here’s the full setup:
# 1. Generate GPG key
gpg --full-generate-key
# Choose: RSA and RSA, 4096 bits, key doesn't expire
# Enter your name and your GitHub email
# 2. Get your key ID
gpg --list-secret-keys --keyid-format=long
# sec rsa4096/3AA5C34371567BD2 2024-01-01
# ^^^^^^^^^^^^^^^^ this is your key ID
# 3. Export public key for GitHub
gpg --armor --export 3AA5C34371567BD2
# Copy the output
# 4. Add to GitHub: Settings → SSH and GPG keys → New GPG Key
# 5. Configure Git
git config --global user.signingkey 3AA5C34371567BD2
git config --global commit.gpgsign true
git config --global gpg.program gpg
# 6. On macOS, fix GPG agent (required)
brew install pinentry-mac
echo "pinentry-program $(which pinentry-mac)" >> ~/.gnupg/gpg-agent.conf
gpgconf --kill gpg-agent
# 7. Test — commit should be signed
git commit -m "test: signed commit"
git log --show-signature -1Encrypt files with GPG
# Encrypt for someone else (they need their key imported)
gpg --encrypt --armor -r colleague@company.com secrets.txt
# Creates: secrets.txt.asc
# Encrypt for yourself
gpg --encrypt --armor -r your@email.com secrets.txt
# Decrypt
gpg --decrypt secrets.txt.asc > secrets.txt
# Symmetric encryption (password only, no keys)
gpg --symmetric --armor secrets.txt
# Enter password twice
# Creates: secrets.txt.asc
# Decrypt symmetric
gpg --decrypt secrets.txt.ascSSH hardening — server-side config
In /etc/ssh/sshd_config:
# Disable password auth (use keys only)
PasswordAuthentication no
ChallengeResponseAuthentication no
# Disable root login
PermitRootLogin no
# Only allow specific users
AllowUsers ubuntu deploy
# Change default port (security through obscurity, but reduces log noise)
Port 2222
# Timeout idle connections
ClientAliveInterval 300
ClientAliveCountMax 2After editing:
sudo sshd -t # test config for errors
sudo systemctl reload sshdNew to SSH keys? Start with How to Set Up SSH Keys for GitHub.
Related Articles
Deepen your understanding with these curated continuations.
Cheatsheet 5 min read
tmux Cheat Sheet: Sessions, Panes, Windows & Config
Complete tmux reference — prefix key, sessions, windows, panes, copy mode, key bindings, plugins, and a starter .tmux.conf for 2026.
Jena
Cheatsheet 5 min read
Git Cheat Sheet: Every Command You Actually Need
Complete Git reference with copy-paste commands for setup, staging, branching, merging, rebasing, stashing, undoing mistakes, remotes, and log inspection.
Vishnu
Cheatsheet 5 min read
Vim Cheat Sheet: Modes, Navigation, Editing & Config
Complete Vim reference covering modes, movement, editing commands, search and replace, visual mode, split panes, macros, text objects, and a starter .vimrc.
Vishnu