Strict Host Key Checking
no instructs SSH to bypass verification of the remote host's key. Including this options will disable the mismatch prompt and automatically add the host key to
$ ssh -o "StrictHostKeyChecking=no" firstname.lastname@example.org
This option prevents SSH from hanging until the TCP connection times out when a remote host is unresponsive. The value is time in seconds.
$ ssh -o "ConnectTimeout=10" email@example.com
In combination with public/private key authentication, the
BatchMode option forces public key authentication and skips password authentication rather than prompting should public key authentication fail. NOTE: This will not work for systems that use MFA over SSH.
$ ssh -o "BatchMode=yes" firstname.lastname@example.org uptime 12:35:14 up 41 days, 9:07, 1 user, load average: 0.48, 0.64, 0.86
$ ssh -o "BatchMode=yes" email@example.com uptime firstname.lastname@example.org: Permission denied (publickey).
User Known Hosts File
This option allows specifying a non-standard known hosts file. In a script, it can be useful to set to
/dev/null to avoid errors relating to mismatches when an IP is reused.
$ ssh -o "UserKnownHostsFile=/dev/null" email@example.com
Local Port Forwarding
Local port forwarding is useful for tunneling traffic on predetermined ports through an SSH connection. This is particularly relevant for remote firewalled networks, and accessing services on remote machines bound exclusively to
$ ssh -L 8080:localhost:80 firstname.lastname@example.org
Remote Port Forwarding
Remote port forwarding allows connections from the remote host through the SSH connection back to the local host/network
$ ssh -R 5900:localhost:5900 email@example.com
Dynamic Port Forwarding
SSH can function as a SOCKS proxy when used with dynamic port forwarding. The standard SOCKS port is
1001, and while any port may be used, some applications do not support non-standard SOCKS proxy ports. The
-C option can be included to enable compression, which is useful primarily when proxying text-based information like web browsing.
$ ssh -C -D 1001 firstname.lastname@example.org
Forwarding X11 Applications
When connecting to Linux/Unix/MacOS hosts via SSH, it is sometimes desirable to start a GUI application on the remote host. For X11-based applications, this can be achieved by enabling trusted X11 forwarding. Note: the local host will need to be running an X11 server for this to work.
$ ssh -X email@example.com