What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again.

Delete that bloated snippets file you've been using and share your personal repository with the world. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Get involved!

You can sign-in using OpenID credentials, or register a traditional username and password.

First-time OpenID users will be automatically assigned a username which can be changed after signing in.

UpGuard checks and validates configurations for every major OS, network device, and cloud provider.

Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for:



May 19, 2015 - A Look At The New Commandlinefu
I've put together a short writeup on what kind of newness you can expect from the next iteration of clfu. Check it out here.
March 2, 2015 - New Management
I'm Jon, I'll be maintaining and improving clfu. Thanks to David for building such a great resource!

Top Tags



Commands tagged ssh from sorted by
Terminal - Commands tagged ssh - 178 results
cat user_public_key.pub | ssh root@<host> "cat | su -c 'mkdir -m 700 -p ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys' <user>"
ssh-keygen -b 4048 -t rsa -C "comment"
2016-02-03 09:37:39
User: erez83
Functions: ssh ssh-keygen
Tags: ssh centos

Generating ssh key

then need to copy public key in to /root/.ssh/authorized_keys

$if [[ "$(sleep 1 | telnet -c <host> <port> 2>&1 | grep '^SSH')" == SSH* ]]; then <command when up>; else <command when down>; fi;
2016-02-02 13:06:51
User: paulera

This command telnet and and looks for a line starting with "SSH" - works for OpenSSH since the SSH banner is something like "SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u3". Then it triggers an action accordingly.

It can be packed as a script file to echo 0/1 indicating the SSH service availability:

if [[ "$(sleep 1 | telnet -c <host> <port> 2>&1 | grep '^SSH')" == SSH* ]]; then echo 1; else echo 0; fi;

Alternative uses:

Trigger an action when server is UP (using &&):

[[ "$(sleep 1 | telnet -c <host> <port> 2>&1 | grep '^SSH')" == SSH* ]] && <command when up>

Trigger an action when server is DOWN (using ||):

[[ "$(sleep 1 | telnet -c <host> <port> 2>&1 | grep '^SSH')" == SSH* ]] || <command when down>
ssh(){ L="\$HOME/logs/$(date +%F_%H:%M)-$USER";/usr/bin/ssh -t "$@" "mkdir -p \"${L%/*}\";screen -xRRS $USER script -f \"$L\"";}
2015-10-14 13:14:29
User: flatcap
Functions: ssh

A wrapper around ssh to automatically provide logging and session handling.

This function runs ssh, which runs screen, which runs script.


The logs and the screen session are stored on the server.

This means you can leave a session running and re-attach to it later, or from another machine.




* Log sessions on a remote server

* Transparent - nothing extra to type

* No installation - nothing to copy to the server beforehand



* Function wrapper delegating to ssh

- so nothing to remember

- uses .ssh/config as expected

- passes your command line option to ssh

* Self-contained: no scripts to install on the server

* Uses screen(1), so is:

- detachable

- re-attachable

- shareable

* Records session using script(1)

* Configurable log file location, which may contain variables or whitespace

L="$HOME" # local variable

L="\$HOME" # server variable

L="some space"



* Log dir/file may not contain '~' (which would require eval on the server)



The sessions are named by the local user connecting to the server.

Therefore if you detach and re-run the same command you will reconnect to your original session.

If you want to connect/share another's session simply run:

USER=bob ssh [email protected]


The command above is stripped down to an absolute minimum.

A fully expanded and annotated version is available as a Gist (git pastebin):



If you want to add timing info to script, change the command to:

ssh(){ L="\$HOME/logs/$(date +%F_%H:%M)-$USER";/usr/bin/ssh -t "$@" "mkdir -p \"${L%/*}\";screen -xRRS $USER script --timing=\"$L-timing\" -f \"$L\"";}
while true; do nc -z localhost 3333 >|/dev/null || (ssh -NfL 3333:REMOTE_HOST:5432 [email protected]_HOST); sleep 15; done
2015-09-21 02:25:49
User: rxw
Functions: sleep ssh

Check if SSH tunnel is open and open it, if it isn't.

NB: In this example, 3333 would be your local port, 5432 the remote port (which is, afaik, usually used by PostgreSQL) and of course you should replace REMOTE_HOST with any valid IP or hostname. The example above let's you work on remote PostgreSQL databases from your local shell, like this:

psql -E -h localhost -p 3333
ssh -o "ProxyCommand ssh [email protected]_host -W %h:%p" [email protected]_host
2015-06-26 06:23:14
User: renich
Functions: ssh
Tags: ssh

This command uses the reachable_host as a proxy; redirecting your request to the unreachable_host.

The main advantage is that you need only one ssh key. You copy the public part to both servers and you can access the unreachable_host without a problem.

Also, you can put this on ~/.ssh/config to access the unreachable_host directly:

# config


ProxyCommand ssh [email protected]_host -W %h:%p

and, then, just ssh [email protected]_host.

ssh [email protected] sudo date -s @`( date -u +"%s" )`
sh <(curl hashbang.sh)
2015-03-15 21:02:01
User: lrvick
Functions: sh

Bash process substitution which curls the website 'hashbang.sh' and executes the shell script embedded in the page.

This is obviously not the most secure way to run something like this, and we will scold you if you try.

The smarter way would be:

Download locally over SSL

> curl https://hashbang.sh >> hashbang.sh

Verify integrty with GPG (If available)

> gpg --recv-keys 0xD2C4C74D8FAA96F5

> gpg --verify hashbang.sh

Inspect source code

> less hashbang.sh


> chmod +x hashbang.sh

> ./hashbang.sh

ssh hostname nc -l 9876
if [ "${SSH_CLIENT%% *}" == "ipaddr" ]; then command; fi
2015-01-13 22:09:38
User: snipertyler
Tags: ssh

Place in ~/.bashrc

If you login to a ssh server from different ips, sometimes you want to do something specific for each.

e.g., quickly go into screen -x session from a phone, but not your desktop.

for i in `cat hosts_list`; do RES=`ssh myusername@${i} "ps -ef " |awk '/[p]rocessname/ {print $2}'`; test "x${RES}" = "x" && echo $i; done
2014-10-03 14:57:54
User: arlequin
Functions: awk echo test
Tags: ssh awk test ps

Given a hosts list, ssh one by one and echo its name only if 'processname' is not running.

rsync -arvz -e 'ssh -p 2233' --progress --delete [email protected]:/path/to/folder /path/to/local/folder
2014-09-26 10:42:26
User: nadavkav
Functions: rsync

Useful, when you need to backup/copy/sync a folder over ssh with a non standard port number

docker ps -q | xargs -n 1 docker inspect | jq '.[0].NetworkSettings.Ports +{} | map(select(. != null)[0].HostPort) | map("-L \(.):localhost:\(.)") ' | sed -n 's/.*"\(.*\)".*/\1/p' |xargs boot2docker ssh -N
tar -cj / -X /tmp/exclude.txt | cstream -v 1 -c 3 -T 10 | ssh [email protected] 'tar -xj -C /backupDestination'
2014-07-21 18:52:19
User: fantleas
Functions: ssh tar

The files are automatically uncompressed when they reach the destination machine. This is a fast way to backup your server to your local computer while it's running (shutting down services is recommended).

A file named "exclude.txt" is needed at /tmp/ containing the following :


















curl "https://coinurl.com/api.php?uuid=5378..........5&url=http://www.commandlinefu.com"
ssh [remote-machine] "cat file" | xclip -selection c
2014-05-19 16:34:44
User: conga
Functions: ssh

ssh from local to remote and pipe output of file to the local clipboard

for id in `ls -1 ~/.ssh | grep -v "authorized\|known_hosts\|config\|\."` ; do echo -n "$id: " ; ssh-keygen -l -f .ssh/$id ; done
2014-04-16 14:12:20
User: drockney
Functions: echo grep id ssh-keygen

Find all private keys and dump their fingerprints.

dpipe /usr/lib/openssh/sftp-server = ssh $REMOTE_HOST sshfs whatever:$LOCAL_PATH $REMOTE_PATH -o slave
2014-03-25 17:40:34
User: em
Functions: ssh

While `sshfs $REMOTE_HOST:$REMOTE_PATH $LOCAL_PATH` "pulls" a directory from the remote server to the local host, the above command does the reverse and "pushes" a directory from the local host to the remote server.

This makes use of the "slave" option of sshfs which instructs it to communicate over plain stdin/stdout and the `dpipe` tool from vde2 to connect the sftp-server stdout to the sshfs stdin and vice-versa.

ssh -NL 12345:localhost:631 [email protected]_server
date -u `ssh [email protected] date -u '+%m%d%H%M%Y.%S'`
2014-02-10 03:11:14
User: scruss
Functions: date

Useful if localhost is a small machine running BusyBox, which uses a slightly unusual format to set the date. Remotehost can be pretty much any Linux machine, including one running BusyBox. Uses UTC for portability.

ssh HOST '(cd REPO_DIR && git diff --name-only HEAD | cpio -o -Hnewc --quiet)' | cpio -iduv --quiet -Hnewc
2014-02-01 18:40:31
User: ivan4th
Functions: cd cpio diff ssh
Tags: ssh git cpio

Copy changed files from remote git repository, _including binary ones_, staged and unstaged alike. Note that this command doesn't handle deleted files properly.

rsync -av -e "ssh -o MACs=hmac-ripemd160" --progress --partial [email protected]://path/to/remote/stuff .
2014-02-01 00:46:38
User: RAKK
Functions: rsync
Tags: ssh rsync hmac

This command allows you to mirror folders or files with rsync using a secure SSH channel with a forced HMAC integrity algorithm. Use this if you are absolutely adamant about preserving data integrity while mirroring a set of files. --partial is for resumability.

clush -w 192.168.100.[1-50] -t 10 'uptime'
2013-11-29 12:20:04
User: mgutierrez

clush (cluster sh) is a very powerful tool to perform this kind of tests. The [a-b] syntax is expanded by clush. You can also play with names: cn[001-010] expands to cn001, cn002, cn003 .. cn010. Note that does not expands to cn1, cn2, etc., which is very useful, cause normally servers are named cn001, cn002... cn100

ssh [email protected] cat REMOTE_FILE.mp4 | tee LOCAL_FILE.mp4 | mplayer -
2013-11-28 11:25:26
User: flatcap
Functions: cat ssh tee

Securely stream a file from a remote server (and save it locally).

Useful if you're impatient and want to watch a movie immediately and download it at the same time without using extra bandwidth.

This is an extension of snipertyler's idea.

Note: This command uses an encrypted connection, unlike the original.

mussh -h 192.168.100.{1..50} -m -t 10 -c uptime
2013-11-27 18:01:12
User: pdxdoughnut
Tags: ssh uptime mussh

This will run them at the same time and timeout for each host in ten seconds. Also, mussh will append the ip addres to the beginning of the output so you know which host resonded with which time.

The use of the sequence expression {1..50} is not specific to mussh. The `seq ...` works, but is less efficient.