Ssh Essentials
Essential SSH commands for secure remote access, key management, tunneling, and file transfers.
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 13 · 6.8k · 67 current installs · 70 all-time installs
MIT-0
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill's name/description match the SKILL.md content (SSH commands, key management, tunneling, transfers). Minor incoherence: the SKILL.md metadata lists a required binary ("ssh") but the registry metadata reported no required binaries. This is a small mismatch in metadata, not a functional red flag.
Instruction Scope
Instructions are focused on SSH usage and configuration (ssh, ssh-keygen, ssh-agent, scp, sftp, rsync, editing /etc/ssh/sshd_config, and ~/.ssh/*). These touch sensitive files (private keys in ~/.ssh and system SSH daemon config) which is expected for an SSH guide, but you should not run these commands blindly. There is no instruction to collect unrelated system data or to transmit secrets to third-party endpoints.
Install Mechanism
No install spec or code files are present (instruction-only). Nothing is downloaded or written by the skill itself.
Credentials
The skill requests no environment variables or credentials. It does instruct operations on sensitive files (private keys, /etc/ssh/sshd_config), which is proportional to an SSH tutorial but requires care from the user/agent when executed.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request permanent presence or elevated platform privileges.
Assessment
This is a plain SSH command/reference (no code bundled). It does not request credentials or install anything, but many commands operate on sensitive files (your private keys in ~/.ssh and /etc/ssh/sshd_config). Before running any commands: (1) verify the skill source and only run commands you understand, (2) back up ~/.ssh and /etc/ssh/sshd_config first, (3) avoid generating or copying private keys without a passphrase unless you understand the tradeoffs, and (4) note the small metadata mismatch (SKILL.md expects the ssh binary) — ensure your environment has ssh and don’t grant this skill autonomous shell execution unless you trust it.Like a lobster shell, security has layers — review code before you run it.
Current versionv1.0.0
Download ziplatest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🔐 Clawdis
Binsssh
SKILL.md
SSH Essentials
Secure Shell (SSH) for remote access and secure file transfers.
Basic Connection
Connecting
# Connect with username
ssh user@hostname
# Connect to specific port
ssh user@hostname -p 2222
# Connect with verbose output
ssh -v user@hostname
# Connect with specific key
ssh -i ~/.ssh/id_rsa user@hostname
# Connect and run command
ssh user@hostname 'ls -la'
ssh user@hostname 'uptime && df -h'
Interactive use
# Connect with forwarding agent
ssh -A user@hostname
# Connect with X11 forwarding (GUI apps)
ssh -X user@hostname
ssh -Y user@hostname # Trusted X11
# Escape sequences (during session)
# ~. - Disconnect
# ~^Z - Suspend SSH
# ~# - List forwarded connections
# ~? - Help
SSH Keys
Generating keys
# Generate RSA key
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
# Generate ED25519 key (recommended)
ssh-keygen -t ed25519 -C "your_email@example.com"
# Generate with custom filename
ssh-keygen -t ed25519 -f ~/.ssh/id_myserver
# Generate without passphrase (automation)
ssh-keygen -t ed25519 -N "" -f ~/.ssh/id_deploy
Managing keys
# Copy public key to server
ssh-copy-id user@hostname
# Copy specific key
ssh-copy-id -i ~/.ssh/id_rsa.pub user@hostname
# Manual key copy
cat ~/.ssh/id_rsa.pub | ssh user@hostname 'cat >> ~/.ssh/authorized_keys'
# Check key fingerprint
ssh-keygen -lf ~/.ssh/id_rsa.pub
# Change key passphrase
ssh-keygen -p -f ~/.ssh/id_rsa
SSH agent
# Start ssh-agent
eval $(ssh-agent)
# Add key to agent
ssh-add ~/.ssh/id_rsa
# List keys in agent
ssh-add -l
# Remove key from agent
ssh-add -d ~/.ssh/id_rsa
# Remove all keys
ssh-add -D
# Set key lifetime (seconds)
ssh-add -t 3600 ~/.ssh/id_rsa
Port Forwarding & Tunneling
Local port forwarding
# Forward local port to remote
ssh -L 8080:localhost:80 user@hostname
# Access via: http://localhost:8080
# Forward to different remote host
ssh -L 8080:database.example.com:5432 user@jumphost
# Access database through jumphost
# Multiple forwards
ssh -L 8080:localhost:80 -L 3306:localhost:3306 user@hostname
Remote port forwarding
# Forward remote port to local
ssh -R 8080:localhost:3000 user@hostname
# Remote server can access localhost:3000 via its port 8080
# Make service accessible from remote
ssh -R 9000:localhost:9000 user@publicserver
Dynamic port forwarding (SOCKS proxy)
# Create SOCKS proxy
ssh -D 1080 user@hostname
# Use with browser or apps
# Configure SOCKS5 proxy: localhost:1080
# With Firefox
firefox --profile $(mktemp -d) \
--preferences "network.proxy.type=1;network.proxy.socks=localhost;network.proxy.socks_port=1080"
Background tunnels
# Run in background
ssh -f -N -L 8080:localhost:80 user@hostname
# -f: Background
# -N: No command execution
# -L: Local forward
# Keep alive
ssh -o ServerAliveInterval=60 -L 8080:localhost:80 user@hostname
Configuration
SSH config file (~/.ssh/config)
# Simple host alias
Host myserver
HostName 192.168.1.100
User admin
Port 2222
# With key and options
Host production
HostName prod.example.com
User deploy
IdentityFile ~/.ssh/id_prod
ForwardAgent yes
# Jump host (bastion)
Host internal
HostName 10.0.0.5
User admin
ProxyJump bastion
Host bastion
HostName bastion.example.com
User admin
# Wildcard configuration
Host *.example.com
User admin
ForwardAgent yes
# Keep connections alive
Host *
ServerAliveInterval 60
ServerAliveCountMax 3
Using config
# Connect using alias
ssh myserver
# Jump through bastion automatically
ssh internal
# Override config options
ssh -o "StrictHostKeyChecking=no" myserver
File Transfers
SCP (Secure Copy)
# Copy file to remote
scp file.txt user@hostname:/path/to/destination/
# Copy file from remote
scp user@hostname:/path/to/file.txt ./local/
# Copy directory recursively
scp -r /local/dir user@hostname:/remote/dir/
# Copy with specific port
scp -P 2222 file.txt user@hostname:/path/
# Copy with compression
scp -C large-file.zip user@hostname:/path/
# Preserve attributes (timestamps, permissions)
scp -p file.txt user@hostname:/path/
SFTP (Secure FTP)
# Connect to SFTP server
sftp user@hostname
# Common SFTP commands:
# pwd - Remote working directory
# lpwd - Local working directory
# ls - List remote files
# lls - List local files
# cd - Change remote directory
# lcd - Change local directory
# get file - Download file
# put file - Upload file
# mget *.txt - Download multiple files
# mput *.jpg - Upload multiple files
# mkdir dir - Create remote directory
# rmdir dir - Remove remote directory
# rm file - Delete remote file
# exit/bye - Quit
# Batch mode
sftp -b commands.txt user@hostname
Rsync over SSH
# Sync directory
rsync -avz /local/dir/ user@hostname:/remote/dir/
# Sync with progress
rsync -avz --progress /local/dir/ user@hostname:/remote/dir/
# Sync with delete (mirror)
rsync -avz --delete /local/dir/ user@hostname:/remote/dir/
# Exclude patterns
rsync -avz --exclude '*.log' --exclude 'node_modules/' \
/local/dir/ user@hostname:/remote/dir/
# Custom SSH port
rsync -avz -e "ssh -p 2222" /local/dir/ user@hostname:/remote/dir/
# Dry run
rsync -avz --dry-run /local/dir/ user@hostname:/remote/dir/
Security Best Practices
Hardening SSH
# Disable password authentication (edit /etc/ssh/sshd_config)
PasswordAuthentication no
PubkeyAuthentication yes
# Disable root login
PermitRootLogin no
# Change default port
Port 2222
# Use protocol 2 only
Protocol 2
# Limit users
AllowUsers user1 user2
# Restart SSH service
sudo systemctl restart sshd
Connection security
# Check host key
ssh-keygen -F hostname
# Remove old host key
ssh-keygen -R hostname
# Strict host key checking
ssh -o StrictHostKeyChecking=yes user@hostname
# Use specific cipher
ssh -c aes256-ctr user@hostname
Troubleshooting
Debugging
# Verbose output
ssh -v user@hostname
ssh -vv user@hostname # More verbose
ssh -vvv user@hostname # Maximum verbosity
# Test connection
ssh -T user@hostname
# Check permissions
ls -la ~/.ssh/
# Should be: 700 for ~/.ssh, 600 for keys, 644 for .pub files
Common issues
# Fix permissions
chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_rsa
chmod 644 ~/.ssh/id_rsa.pub
chmod 644 ~/.ssh/authorized_keys
# Clear known_hosts entry
ssh-keygen -R hostname
# Disable host key checking (not recommended)
ssh -o StrictHostKeyChecking=no user@hostname
Advanced Operations
Jump hosts (ProxyJump)
# Connect through bastion
ssh -J bastion.example.com user@internal.local
# Multiple jumps
ssh -J bastion1,bastion2 user@final-destination
# Using config (see Configuration section above)
ssh internal # Automatically uses ProxyJump
Multiplexing
# Master connection
ssh -M -S ~/.ssh/control-%r@%h:%p user@hostname
# Reuse connection
ssh -S ~/.ssh/control-user@hostname:22 user@hostname
# In config:
# ControlMaster auto
# ControlPath ~/.ssh/control-%r@%h:%p
# ControlPersist 10m
Execute commands
# Single command
ssh user@hostname 'uptime'
# Multiple commands
ssh user@hostname 'cd /var/log && tail -n 20 syslog'
# Pipe commands
cat local-script.sh | ssh user@hostname 'bash -s'
# With sudo
ssh -t user@hostname 'sudo command'
Tips
- Use SSH keys instead of passwords
- Use
~/.ssh/configfor frequently accessed hosts - Enable SSH agent forwarding carefully (security risk)
- Use ProxyJump for accessing internal networks
- Keep SSH client and server updated
- Use fail2ban or similar to prevent brute force
- Monitor
/var/log/auth.logfor suspicious activity - Use port knocking or VPN for additional security
- Backup your SSH keys securely
- Use different keys for different purposes
Documentation
Official docs: https://www.openssh.com/manual.html
Man pages: man ssh, man ssh_config, man sshd_config
Files
1 totalSelect a file
Select a file to preview.
Comments
Loading comments…