What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again.

Delete that bloated snippets file you've been using and share your personal repository with the world. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

If you have a new feature suggestion or find a bug, please get in touch via http://commandlinefu.uservoice.com/

Get involved!

You can sign-in using OpenID credentials, or register a traditional username and password.

First-time OpenID users will be automatically assigned a username which can be changed after signing in.

Universal configuration monitoring and system of record for IT.

Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for:



May 19, 2015 - A Look At The New Commandlinefu
I've put together a short writeup on what kind of newness you can expect from the next iteration of clfu. Check it out here.
March 2, 2015 - New Management
I'm Jon, I'll be maintaining and improving clfu. Thanks to David for building such a great resource!

Top Tags





Commands tagged ssh from sorted by
Terminal - Commands tagged ssh - 174 results
while true; do nc -z localhost 3333 >|/dev/null || (ssh -NfL 3333:REMOTE_HOST:5432 USER@REMOTE_HOST); sleep 15; done
2015-09-21 02:25:49
User: rxw
Functions: sleep ssh

Check if SSH tunnel is open and open it, if it isn't.

NB: In this example, 3333 would be your local port, 5432 the remote port (which is, afaik, usually used by PostgreSQL) and of course you should replace REMOTE_HOST with any valid IP or hostname. The example above let's you work on remote PostgreSQL databases from your local shell, like this:

psql -E -h localhost -p 3333
ssh -o "ProxyCommand ssh user@reachable_host -W %h:%p" user@unreacheable_host
2015-06-26 06:23:14
User: renich
Functions: ssh
Tags: ssh

This command uses the reachable_host as a proxy; redirecting your request to the unreachable_host.

The main advantage is that you need only one ssh key. You copy the public part to both servers and you can access the unreachable_host without a problem.

Also, you can put this on ~/.ssh/config to access the unreachable_host directly:

# config


ProxyCommand ssh user@reachable_host -W %h:%p

and, then, just ssh user@unreachable_host.

ssh user@server sudo date -s @`( date -u +"%s" )`
sh <(curl hashbang.sh)
2015-03-15 21:02:01
User: lrvick
Functions: sh

Bash process substitution which curls the website 'hashbang.sh' and executes the shell script embedded in the page.

This is obviously not the most secure way to run something like this, and we will scold you if you try.

The smarter way would be:

Download locally over SSL

> curl https://hashbang.sh >> hashbang.sh

Verify integrty with GPG (If available)

> gpg --recv-keys 0xD2C4C74D8FAA96F5

> gpg --verify hashbang.sh

Inspect source code

> less hashbang.sh


> chmod +x hashbang.sh

> ./hashbang.sh

ssh hostname nc -l 9876
if [ "${SSH_CLIENT%% *}" == "ipaddr" ]; then command; fi
2015-01-13 22:09:38
User: snipertyler
Tags: ssh

Place in ~/.bashrc

If you login to a ssh server from different ips, sometimes you want to do something specific for each.

e.g., quickly go into screen -x session from a phone, but not your desktop.

for i in `cat hosts_list`; do RES=`ssh myusername@${i} "ps -ef " |awk '/[p]rocessname/ {print $2}'`; test "x${RES}" = "x" && echo $i; done
2014-10-03 14:57:54
User: arlequin
Functions: awk echo test
Tags: ssh awk test ps

Given a hosts list, ssh one by one and echo its name only if 'processname' is not running.

rsync -arvz -e 'ssh -p 2233' --progress --delete remote-user@remote-server.org:/path/to/folder /path/to/local/folder
2014-09-26 10:42:26
User: nadavkav
Functions: rsync

Useful, when you need to backup/copy/sync a folder over ssh with a non standard port number

docker ps -q | xargs -n 1 docker inspect | jq '.[0].NetworkSettings.Ports +{} | map(select(. != null)[0].HostPort) | map("-L \(.):localhost:\(.)") ' | sed -n 's/.*"\(.*\)".*/\1/p' |xargs boot2docker ssh -N
tar -cj / -X /tmp/exclude.txt | cstream -v 1 -c 3 -T 10 | ssh user@host 'tar -xj -C /backupDestination'
2014-07-21 18:52:19
User: fantleas
Functions: ssh tar

The files are automatically uncompressed when they reach the destination machine. This is a fast way to backup your server to your local computer while it's running (shutting down services is recommended).

A file named "exclude.txt" is needed at /tmp/ containing the following :


















curl "https://coinurl.com/api.php?uuid=5378..........5&url=http://www.commandlinefu.com"
ssh [remote-machine] "cat file" | xclip -selection c
2014-05-19 16:34:44
User: conga
Functions: ssh

ssh from local to remote and pipe output of file to the local clipboard

for id in `ls -1 ~/.ssh | grep -v "authorized\|known_hosts\|config\|\."` ; do echo -n "$id: " ; ssh-keygen -l -f .ssh/$id ; done
2014-04-16 14:12:20
User: drockney
Functions: echo grep id ssh-keygen

Find all private keys and dump their fingerprints.

dpipe /usr/lib/openssh/sftp-server = ssh $REMOTE_HOST sshfs whatever:$LOCAL_PATH $REMOTE_PATH -o slave
2014-03-25 17:40:34
User: em
Functions: ssh

While `sshfs $REMOTE_HOST:$REMOTE_PATH $LOCAL_PATH` "pulls" a directory from the remote server to the local host, the above command does the reverse and "pushes" a directory from the local host to the remote server.

This makes use of the "slave" option of sshfs which instructs it to communicate over plain stdin/stdout and the `dpipe` tool from vde2 to connect the sftp-server stdout to the sshfs stdin and vice-versa.

ssh -NL 12345:localhost:631 username@remote_server
date -u `ssh user@remotehost date -u '+%m%d%H%M%Y.%S'`
2014-02-10 03:11:14
User: scruss
Functions: date

Useful if localhost is a small machine running BusyBox, which uses a slightly unusual format to set the date. Remotehost can be pretty much any Linux machine, including one running BusyBox. Uses UTC for portability.

ssh HOST '(cd REPO_DIR && git diff --name-only HEAD | cpio -o -Hnewc --quiet)' | cpio -iduv --quiet -Hnewc
2014-02-01 18:40:31
User: ivan4th
Functions: cd cpio diff ssh
Tags: ssh git cpio

Copy changed files from remote git repository, _including binary ones_, staged and unstaged alike. Note that this command doesn't handle deleted files properly.

rsync -av -e "ssh -o MACs=hmac-ripemd160" --progress --partial user@remotehost://path/to/remote/stuff .
2014-02-01 00:46:38
User: RAKK
Functions: rsync
Tags: ssh rsync hmac

This command allows you to mirror folders or files with rsync using a secure SSH channel with a forced HMAC integrity algorithm. Use this if you are absolutely adamant about preserving data integrity while mirroring a set of files. --partial is for resumability.

clush -w 192.168.100.[1-50] -t 10 'uptime'
2013-11-29 12:20:04
User: mgutierrez

clush (cluster sh) is a very powerful tool to perform this kind of tests. The [a-b] syntax is expanded by clush. You can also play with names: cn[001-010] expands to cn001, cn002, cn003 .. cn010. Note that does not expands to cn1, cn2, etc., which is very useful, cause normally servers are named cn001, cn002... cn100

ssh USER@HOST cat REMOTE_FILE.mp4 | tee LOCAL_FILE.mp4 | mplayer -
2013-11-28 11:25:26
User: flatcap
Functions: cat ssh tee

Securely stream a file from a remote server (and save it locally).

Useful if you're impatient and want to watch a movie immediately and download it at the same time without using extra bandwidth.

This is an extension of snipertyler's idea.

Note: This command uses an encrypted connection, unlike the original.

mussh -h 192.168.100.{1..50} -m -t 10 -c uptime
2013-11-27 18:01:12
User: pdxdoughnut
Tags: ssh uptime mussh

This will run them at the same time and timeout for each host in ten seconds. Also, mussh will append the ip addres to the beginning of the output so you know which host resonded with which time.

The use of the sequence expression {1..50} is not specific to mussh. The `seq ...` works, but is less efficient.

brew install ssh-copy-id; ssh-copy-id user@host
diff <(ssh-keygen -y -f ~/.ssh/id_rsa) <(cut -d' ' -f1,2 ~/.ssh/id_rsa.pub)
rhost() { if [[ $1 =~ ^[0-9]+$ ]]; then sed -i "$1"d ${HOME}/.ssh/known_hosts; else echo "rhost [n]"; fi }
2013-08-01 21:10:34
User: lowjax
Functions: echo sed

Quickly remove the conflicting line (key) from current users known_hosts file when there is an SSH host conflict. Very nice when you get tired of writing out full commands. Ideally you would place this into your .bash_profile

Usage: rhost [n]

Example: rhost 33 (removes line 33 from ~/.ssh/known_hosts)

Function assumes the $HOME exists, you could alternatively use "~/.ssh/known_hosts"

Mac OSX likes a space for sed -i "$1" d

socat udp-listen:1611 system:'ssh remoteserver "socat stdio udp-connect:remotetarget:161"'
2013-07-02 15:08:14
User: kbo
Tags: ssh socat

Forward local UDP port to remotetarget via ssh.