What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again.

Delete that bloated snippets file you've been using and share your personal repository with the world. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

If you have a new feature suggestion or find a bug, please get in touch via http://commandlinefu.uservoice.com/

Get involved!

You can sign-in using OpenID credentials, or register a traditional username and password.

First-time OpenID users will be automatically assigned a username which can be changed after signing in.


Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for:



2011-03-12 - Confoo 2011 presentation
Slides are available from the commandlinefu presentation at Confoo 2011: http://presentations.codeinthehole.com/confoo2011/
2011-01-04 - Moderation now required for new commands
To try and put and end to the spamming, new commands require moderation before they will appear on the site.
2010-12-27 - Apologies for not banning the trolls sooner
Have been away from the interwebs over Christmas. Will be more vigilant henceforth.
2010-09-24 - OAuth and pagination problems fixed
Apologies for the delay in getting Twitter's OAuth supported. Annoying pagination gremlin also fixed.




Commands tagged ssh from sorted by
Terminal - Commands tagged ssh - 163 results
ssh -v jsmith@remotehost.example.com
2012-06-26 16:11:35
User: ankush108
Functions: ssh
Tags: ssh debug

Sometimes it is necessary to view debug messages to troubleshoot any

SSH connection issues. pass -v (lowercase v) option to the ssh as shown

below to view the ssh debug messages.

ash prod<tab>
2012-05-12 19:51:02
User: c3w


. a Ruby SSH helper script

. reads a JSON config file to read host, FQDN, user, port, tunnel options

. changes OSX Terminal profiles based on host 'type'


put 'ash' ruby script in your PATH

modify and copy ashrc-dist to ~/.ashrc

configure OSX Terminal profiles, such as "webserver", "development", etc

run "ash myhostname" and away you go!

v.2 will re-attach to a 'screen' named in your ~/.ashrc

ssh user@host "ffmpeg -f x11grab -r 5 -s 1280x720 -i :0 -f avi -" | ffplay - &>/dev/null
2012-05-01 06:26:49
User: buhrietoe
Functions: ssh
Tags: ssh ffmpeg ffplay

Play with the framerate option '-r' to scale back bandwidth usage.

The '-s' option is the captured screan area, not the rescaled size. If you want to rescale add a second '-s' option after '-i :0'. Rescaling smaller will also decrease bandwidth.

ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no username@host
2012-04-20 01:54:04
User: dmmst19
Functions: ssh

This command will bypass checking the host key of the target server against the local known_hosts file.

When you SSH to a server whose host key does not match the one stored in your local machine's known_hosts file, you'll get a error like " WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!" that indicates a key mismatch. If you know the key has legitimately changed (like the server was reinstalled), a permanent solution is to remove the stored key for that server in known_hosts.

However, there are some occasions where you may not want to make the permanent change. For example, you've done some port-forwarding trickery with ssh -R or ssh -L, and are doing ssh user@localhost to connect over the port-forwarding to some other machine (not actually your localhost). Since this is usually temporary, you probably don't want to change the known_hosts file. This command is useful for those situations.

Credit: Command found at http://linuxcommando.blogspot.com/2008/10/how-to-disable-ssh-host-key-checking.html. Further discussion of how it works is there also.

Note this is a bit different than command #5307 - with that one you will still be prompted to store the unrecognized key, whereas this one won't prompt you for the key at all.

ssh user@remote "cat /path/to/archive.tgz" | tar zxvf -
sudo curl "http://hg.mindrot.org/openssh/raw-file/c746d1a70cfa/contrib/ssh-copy-id" -o /usr/bin/ssh-copy-id && sudo chmod 755 /usr/bin/ssh-copy-id
2012-02-09 20:29:24
User: misterich
Functions: chmod sudo

Mac install ssh-copy-id

From there on out, you would upload keys to a server like this:

(make sure to double quote the full path to your key)

ssh-copy-id -i "/PATH/TO/YOUR/PRIVATE/KEY" username@server

or, if your SSH server uses a different port (often, they will require that the port be '2222' or some other nonsense:

(note the double quotes on *both* the "/path/to/key" and "user@server -pXXXX"):

ssh-copy-id -i "/PATH/TO/YOUR/PRIVATE/KEY" "username@server -pXXXX"

...where XXXX is the ssh port on that server

ssh -f -N -R 8888:localhost:22 user@somedomain.org
2012-02-08 20:24:38
User: 0disse0
Functions: ssh
Tags: ssh

this command from the source server and this follow in the destination server:

ssh user@localhost -p 8888

ssh user@server.com sudo tcpdump -i eth0 -w - 'port 80'| /Applications/Wireshark.app/Contents/Resources/bin/wireshark -k -i -
for HOSTTOREMOVE in $(dig +short host.domain.tld); do ssh-keygen -qR $HOSTTOREMOVE; done
ssh-keygen -R $(dig +short host.domain.tld)
2012-01-19 15:08:50
User: atoponce
Functions: dig ssh ssh-keygen

Quick shortcut if you know the hostname and want to save yourself one step for looking up the IP address separately.

perl -p -i -e 's/.*\n//g if $.==2' ~/.ssh/known_hosts
ssh "gzip -c /tmp/backup.sql" |gunzip > backup.sql
2012-01-06 17:44:06
User: ultips
Functions: gunzip ssh

If you have servers on Wide Area Network (WAN), you may experience very long transfer rates due to limited bandwidth and latency.

To speed up you transfers you need to compress the data so you will have less to transfer.

So the solution is to use a compression tools like gzip or bzip or compress before and after the data transfer.

Using ssh "-C" option is not compatible with every ssh version (ssh2 for instance).

echo -e '#!/bin/bash\nssh remote-user@remote-host $0 "$@"' >> /usr/local/bin/ssh-rpc; chmod +x /usr/local/bin/ssh-rpc; ln -s hostname /usr/local/bin/ssh-rpc; hostname
2011-12-28 17:43:34
User: mechmind
Functions: chmod echo hostname ln
Tags: ssh rpc

It's useful mostly for your custom scripts, which running on specific host and tired on ssh'ing every time when you need one simple command (i use it for update remote apt repository, when new package have to be downloaded from another host).

Don't forget to set up authorization by keys, for maximum comfort.

ssh user@host "tar -zcf - /path/to/dir" > dir.tar.gz
2011-12-16 05:48:38
User: __
Functions: ssh
Tags: ssh tar gzip

This improves on #9892 by compressing the directory on the remote machine so that the amount of data transferred over the network is much smaller. The command uses ssh(1) to get to a remote host, uses tar(1) to archive and compress a remote directory, prints the result to STDOUT, which is written to a local file. In other words, we are archiving and compressing a remote directory to our local box.

ssh user@host "tar -czf - /path/to/dir" > dir.tar.gz
ssh user@host "tar -cf - /path/to/dir" | gzip > dir.tar.gz
2011-12-14 15:54:57
User: atoponce
Functions: gzip ssh
Tags: ssh tar gzip

The command uses ssh(1) to get to a remote host, uses tar(1) to archive a remote directory, prints the result to STDOUT, which is piped to gzip(1) to compress to a local file. In other words, we are archiving and compressing a remote directory to our local box.

sshostnew () {sed -i "$1d" $HOME/.ssh/known_hosts ; }
2011-11-07 10:33:04
User: _john
Tags: ssh sed

If you work in an environment, where some ssh hosts change regularly this might be handy...

cat /var/log/auth.log | grep -i "pam_unix(sshd:auth): authentication failure;" | cut -d' ' -f14,15 | cut -d= -f2 | sort | uniq
2011-10-25 04:58:09
User: JohnQUnknown
Functions: cat cut grep sort

This command shows a sorted list of the IP addresses from which there have been authentication errors via SSH (possible script kiddies trying to gain access to your server), it eliminates duplicates so it's easier to read, but you can remove the "uniq" command at the end, or even do a "uniq -c" to have a count of how many times each IP address shows in the log (the path to the log may vary from system to system)

rsync -P -e 'ssh -p PORT' SRC DEST
2011-10-13 08:59:07
User: vickio
Functions: rsync
Tags: ssh rsync

Transfer files with rsync over ssh on a non-standard port, showing a progress bar and resuming partial transfers.

multitail -l 'ssh machine1 "tail -f /var/log/apache2/error.log"' -l 'ssh machine2 "tail -f /var/log/apache2/error.log"'
2011-10-12 10:05:18

this way you have the multitail with all its options running on your own machine with the tails of the two remote machines inside :)

Tunnel a MySQL server listening on a UNIX socket to the local machine
2011-10-07 18:53:19
User: michaelmior
Tags: mysql ssh tunnel

Listens on local port 5500 and connects to remotehost with username user to tunnel the given socket file. Will work with anything, but can be useful if there's a need for a local application to connect with a remote server which was started without networking.

ssh <user>@<host> 'mkdir -m 700 ~/.ssh; echo ' $(< ~/.ssh/id_rsa.pub) ' >> ~/.ssh/authorized_keys ; chmod 600 ~/.ssh/authorized_keys'
2011-10-03 15:59:43
User: Halki
Functions: chmod echo ssh
Tags: ssh ksh

Creates the .ssh directory on the remote host with proper permissions, if it doesnt exist. Appends your public key to authorized_keys, and verifies it has proper permissions. (if it didnt exist it may have been created with undesireable permissions).

*Korn shell syntax, may or may not work with bash

cat ~/.ssh/id_rsa.pub | ssh <REMOTE> "(cat > tmp.pubkey ; mkdir -p .ssh ; touch .ssh/authorized_keys ; sed -i.bak -e '/$(awk '{print $NF}' ~/.ssh/id_rsa.pub)/d' .ssh/authorized_keys; cat tmp.pubkey >> .ssh/authorized_keys; rm tmp.pubkey)"
2011-09-30 07:39:24
User: tamouse
Functions: cat ssh
Tags: ssh awk

This one is a bit more robust -- the remote machine may not have an .ssh directory, and it may not have an authorized_keys file, but if it does already, and you want to replace your ssh public key for some reason, this will work in that case as well, without duplicating the entry.

ssh root@HOST tcpdump -iany -U -s0 -w - 'not port 22' | wireshark -k -i -
2011-09-13 21:10:40
User: dr3s
Functions: ssh tcpdump

analyze traffic remotely over ssh w/ wireshark

When using tcpdump, specify -U option to prevent buffering and -iany to see all interfaces.

sshmysql() { ssh -L 13306: -N $* & }
2011-09-01 10:21:55
Functions: ssh

Create a secure tunnelled connection for access to a remote MySQL database.

For example, connect with MySQL Workbench to root@