ssh-remote

SSH remote access patterns and secure shell utilities. Covers connections, config management, key generation (Ed25519, FIDO2), tunneling, port forwarding, file transfers, and multiplexing. Use when connecting to servers, managing SSH keys, setting up tunnels, transferring files over SSH, configuring jump hosts, or hardening SSH access.

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "ssh-remote" with this command: npx skills add oakoss/agent-skills/oakoss-agent-skills-ssh-remote

SSH Remote Access

Overview

SSH (Secure Shell) provides encrypted remote access, file transfer, and tunneling over untrusted networks. OpenSSH is the standard implementation on Linux, macOS, and Windows (via built-in client). The client configuration lives at ~/.ssh/config and supports per-host settings, identity management, and connection reuse.

When to use: Remote server management, secure file transfers, port forwarding, jump host traversal, automated deployments, SOCKS proxying.

When NOT to use: High-throughput bulk data transfer across WANs (use Globus or similar), GUI-heavy remote desktop (use VNC/RDP), container orchestration (use kubectl/docker CLI).

Quick Reference

PatternCommand / DirectiveKey Points
Basic connectssh user@hostAdd -p PORT for non-default port
Identity filessh -i ~/.ssh/key user@hostSpecify private key explicitly
Remote commandssh user@host "command"Add -t for interactive commands
SSH config aliasHost myserver block in ~/.ssh/configSimplifies repeated connections
File copy (rsync)rsync -avzP src user@host:destPreferred over scp for all transfers
File copy (scp)scp file user@host:pathLegacy protocol; uses SFTP internally
Local tunnelssh -L local:remote_host:remote_portAccess remote services locally
Remote tunnelssh -R remote:localhost:local_portExpose local services to remote
SOCKS proxyssh -D 1080 user@hostDynamic port forwarding
Jump hostssh -J jump user@targetProxyJump, available since OpenSSH 7.3
Key generationssh-keygen -t ed25519Ed25519 recommended for all new keys
FIDO2 keyssh-keygen -t ed25519-skHardware-backed, requires OpenSSH 8.2+
Agentssh-add ~/.ssh/keyCache key passphrase for session
MultiplexingControlMaster auto in configReuse TCP connections across sessions
Debugssh -v user@hostUp to -vvv for maximum verbosity

Key Type Recommendations

AlgorithmRecommendationNotes
Ed25519Default for all new keys256-bit, fast, secure, supported on OpenSSH 6.5+
Ed25519-SK (FIDO2)Strongest option with hardware keyRequires physical security key, OpenSSH 8.2+
RSA 4096Legacy compatibility onlyUse only when Ed25519 is unsupported by the remote system
ECDSAAvoidImplementation concerns; prefer Ed25519

File Transfer Decision Guide

ScenarioToolWhy
Recurring syncs or large directoriesrsync -avzPDelta sync, compression, resume, progress
Quick one-off file copyscp or rsyncscp is simpler; rsync is more capable
Interactive file browsingsftpTab completion, directory navigation
High-bandwidth WAN transfersSpecialized tools (Globus)SSH buffer limits reduce WAN throughput

Common Mistakes

MistakeCorrect Pattern
Using RSA keys for new setupsGenerate Ed25519 keys -- faster, smaller, and equally secure
Using scp for large or recurring transfersUse rsync -avzP for compression, progress, and resumable delta sync
Typing passphrase repeatedly during sessionsUse ssh-agent and ssh-add to cache keys for the session
Connecting through multiple hops with nested SSHUse -J (ProxyJump) for clean bastion/jump host traversal
Running interactive commands without -t flagUse ssh -t user@host "htop" to allocate a pseudo-terminal
Using ForwardAgent yes through untrusted hostsUse ProxyJump instead -- agent forwarding exposes keys to compromised hosts
Setting ControlPath without %h, %p, %rInclude all three tokens to ensure unique sockets per connection
Disabling host key checking globallyOnly use StrictHostKeyChecking no in trusted, ephemeral environments
Not using IdentitiesOnly yesPrevents offering every loaded key to every server

Security Checklist

  • Generate Ed25519 keys with strong passphrases
  • Set PasswordAuthentication no on servers
  • Set PermitRootLogin prohibit-password or no
  • Use IdentitiesOnly yes in client config
  • Restrict keys with command= and from= in authorized_keys
  • Use FIDO2 hardware keys (ed25519-sk) for high-security environments
  • Install fail2ban on servers to block brute-force attempts
  • Consider SSH certificate authentication for fleet management

Delegation

  • Server inventory discovery and connection testing: Use Explore agent
  • Multi-host deployment or bulk file transfers: Use Task agent
  • Network architecture and bastion host planning: Use Plan agent

References

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Automation

playwright

No summary provided by upstream source.

Repository SourceNeeds Review
99-oakoss
Automation

ui-ux-polish

No summary provided by upstream source.

Repository SourceNeeds Review
48-oakoss
Automation

tanstack-form

No summary provided by upstream source.

Repository SourceNeeds Review
43-oakoss
Automation

find-skills

No summary provided by upstream source.

Repository SourceNeeds Review
42-oakoss