ssh-keygen -yf /path/to/private/key # restore a public key
ssh-keygen -lf /path/to/private/key # verify key
ssh-keygen -R <hostname> -f ~/.ssh/known_hosts # remove host
ssh-copy-id # install public key in server's authorized_keys file
# start ssh agent
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_rsa
# tunnel a remote port available via the proxy; i.e. remote = DB and proxy = bastion
ssh -M -S <ctl_path> -fNL <local_port>:<remote_host>:<remote_port> <proxy_host>
ssh -S <ctl_path> -O check <proxy_host> # check status of tunnel
ssh -S <ctl_path> -O exit <proxy_host> # close the tunnel
# tunnel a port from local system through ssh connection
ssh -R <remote_port>:localhost:<local_port> <remote_host>
# automatically rsync dotfiles to remote host (%d = home directory)
Match Host 192.168.123.*,another-example.org,*.example.com User myusername,myotherusername
ForwardAgent yes
PermitLocalCommand yes
LocalCommand rsync -L --exclude <dir1|file1> --exclude <dir2|file2> -vRrlptze "ssh -o PermitLocalCommand=no" %d/./.gitignore %d/./.ssh/git_ed25519.pub %d/./.ssh/authorized_keys %d/./.vimrc %d/./.zshrc %d/./.config/iterm2/ %d/./.vim/ %d/./bin/ %d/./.bash/ %r@%n:/home/%r