OpenSkillIndex← back to search
claude-code

Skills ssh

install
source · Clone the upstream repo
git clone https://github.com/TerminalSkills/skills
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/TerminalSkills/skills "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/ssh" ~/.claude/skills/terminalskills-skills-ssh && rm -rf "$T"
manifest: skills/ssh/SKILL.md
safety · automated scan (low risk)
This is a pattern-based risk scan, not a security review. Our crawler flagged:
  • reads SSH private key
Always read a skill's source content before installing. Patterns alone don't mean the skill is malicious — but they warrant attention.
source content

SSH

Overview

SSH (Secure Shell) provides encrypted remote access to servers. Beyond basic login, it handles key-based auth, port forwarding (tunnels), jump hosts (bastion), file transfer (SCP/SFTP), and agent forwarding.

Instructions

Step 1: Key Setup

# Generate ED25519 key (recommended over RSA)
ssh-keygen -t ed25519 -C "your@email.com"

# Copy public key to server
ssh-copy-id user@server.example.com

# Or manually:
cat ~/.ssh/id_ed25519.pub | ssh user@server "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"

Step 2: SSH Config

# ~/.ssh/config — Named host configurations
Host prod
    HostName 203.0.113.10
    User deploy
    Port 2222
    IdentityFile ~/.ssh/deploy_key

Host staging
    HostName staging.example.com
    User deploy
    ProxyJump bastion

Host bastion
    HostName bastion.example.com
    User admin
    IdentityFile ~/.ssh/bastion_key

Host dev-*
    HostName %h.internal.example.com
    User developer
    ProxyJump bastion

# Now just:
ssh prod          # connects to 203.0.113.10:2222 as deploy
ssh staging       # connects through bastion
ssh dev-api       # connects to dev-api.internal.example.com via bastion

Step 3: Tunneling

# Local forward: access remote service locally
ssh -L 5432:db.internal:5432 bastion
# Now connect to localhost:5432 to reach the internal database

# Remote forward: expose local service to remote
ssh -R 8080:localhost:3000 prod
# Remote server can now reach your local app at localhost:8080

# Dynamic SOCKS proxy
ssh -D 1080 prod
# Use as SOCKS proxy for all traffic

Step 4: Server Hardening

# /etc/ssh/sshd_config — Production SSH hardening
PermitRootLogin no
PasswordAuthentication no
PubkeyAuthentication yes
MaxAuthTries 3
ClientAliveInterval 300
ClientAliveCountMax 2
AllowUsers deploy admin
Port 2222

Guidelines

  • Always use key-based auth in production — disable password auth.
  • ED25519 keys are shorter and more secure than RSA.
  • Use ProxyJump (bastion/jump host) instead of exposing internal servers to the internet.
  • ssh-agent
    caches keys in memory — no need to enter passphrase repeatedly.