{ "schemaVersion": "1.0", "item": { "slug": "ssh-essentials", "name": "Ssh Essentials", "source": "tencent", "type": "skill", "category": "开发工具", "sourceUrl": "https://clawhub.ai/Arnarsson/ssh-essentials", "canonicalUrl": "https://clawhub.ai/Arnarsson/ssh-essentials", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/ssh-essentials", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=ssh-essentials", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "SKILL.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "slug": "ssh-essentials", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-05-10T03:04:56.249Z", "expiresAt": "2026-05-17T03:04:56.249Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=ssh-essentials", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=ssh-essentials", "contentDisposition": "attachment; filename=\"ssh-essentials-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null, "slug": "ssh-essentials" }, "scope": "item", "summary": "Item download looks usable.", "detail": "Yavira can redirect you to the upstream package for this item.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/ssh-essentials" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/ssh-essentials", "agentPageUrl": "https://openagent3.xyz/skills/ssh-essentials/agent", "manifestUrl": "https://openagent3.xyz/skills/ssh-essentials/agent.json", "briefUrl": "https://openagent3.xyz/skills/ssh-essentials/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "SSH Essentials", "body": "Secure Shell (SSH) for remote access and secure file transfers." }, { "title": "Connecting", "body": "# Connect with username\nssh user@hostname\n\n# Connect to specific port\nssh user@hostname -p 2222\n\n# Connect with verbose output\nssh -v user@hostname\n\n# Connect with specific key\nssh -i ~/.ssh/id_rsa user@hostname\n\n# Connect and run command\nssh user@hostname 'ls -la'\nssh user@hostname 'uptime && df -h'" }, { "title": "Interactive use", "body": "# Connect with forwarding agent\nssh -A user@hostname\n\n# Connect with X11 forwarding (GUI apps)\nssh -X user@hostname\nssh -Y user@hostname # Trusted X11\n\n# Escape sequences (during session)\n# ~. - Disconnect\n# ~^Z - Suspend SSH\n# ~# - List forwarded connections\n# ~? - Help" }, { "title": "Generating keys", "body": "# Generate RSA key\nssh-keygen -t rsa -b 4096 -C \"your_email@example.com\"\n\n# Generate ED25519 key (recommended)\nssh-keygen -t ed25519 -C \"your_email@example.com\"\n\n# Generate with custom filename\nssh-keygen -t ed25519 -f ~/.ssh/id_myserver\n\n# Generate without passphrase (automation)\nssh-keygen -t ed25519 -N \"\" -f ~/.ssh/id_deploy" }, { "title": "Managing keys", "body": "# Copy public key to server\nssh-copy-id user@hostname\n\n# Copy specific key\nssh-copy-id -i ~/.ssh/id_rsa.pub user@hostname\n\n# Manual key copy\ncat ~/.ssh/id_rsa.pub | ssh user@hostname 'cat >> ~/.ssh/authorized_keys'\n\n# Check key fingerprint\nssh-keygen -lf ~/.ssh/id_rsa.pub\n\n# Change key passphrase\nssh-keygen -p -f ~/.ssh/id_rsa" }, { "title": "SSH agent", "body": "# Start ssh-agent\neval $(ssh-agent)\n\n# Add key to agent\nssh-add ~/.ssh/id_rsa\n\n# List keys in agent\nssh-add -l\n\n# Remove key from agent\nssh-add -d ~/.ssh/id_rsa\n\n# Remove all keys\nssh-add -D\n\n# Set key lifetime (seconds)\nssh-add -t 3600 ~/.ssh/id_rsa" }, { "title": "Local port forwarding", "body": "# Forward local port to remote\nssh -L 8080:localhost:80 user@hostname\n# Access via: http://localhost:8080\n\n# Forward to different remote host\nssh -L 8080:database.example.com:5432 user@jumphost\n# Access database through jumphost\n\n# Multiple forwards\nssh -L 8080:localhost:80 -L 3306:localhost:3306 user@hostname" }, { "title": "Remote port forwarding", "body": "# Forward remote port to local\nssh -R 8080:localhost:3000 user@hostname\n# Remote server can access localhost:3000 via its port 8080\n\n# Make service accessible from remote\nssh -R 9000:localhost:9000 user@publicserver" }, { "title": "Dynamic port forwarding (SOCKS proxy)", "body": "# Create SOCKS proxy\nssh -D 1080 user@hostname\n\n# Use with browser or apps\n# Configure SOCKS5 proxy: localhost:1080\n\n# With Firefox\nfirefox --profile $(mktemp -d) \\\n --preferences \"network.proxy.type=1;network.proxy.socks=localhost;network.proxy.socks_port=1080\"" }, { "title": "Background tunnels", "body": "# Run in background\nssh -f -N -L 8080:localhost:80 user@hostname\n\n# -f: Background\n# -N: No command execution\n# -L: Local forward\n\n# Keep alive\nssh -o ServerAliveInterval=60 -L 8080:localhost:80 user@hostname" }, { "title": "SSH config file (~/.ssh/config)", "body": "# Simple host alias\nHost myserver\n HostName 192.168.1.100\n User admin\n Port 2222\n\n# With key and options\nHost production\n HostName prod.example.com\n User deploy\n IdentityFile ~/.ssh/id_prod\n ForwardAgent yes\n \n# Jump host (bastion)\nHost internal\n HostName 10.0.0.5\n User admin\n ProxyJump bastion\n\nHost bastion\n HostName bastion.example.com\n User admin\n\n# Wildcard configuration\nHost *.example.com\n User admin\n ForwardAgent yes\n \n# Keep connections alive\nHost *\n ServerAliveInterval 60\n ServerAliveCountMax 3" }, { "title": "Using config", "body": "# Connect using alias\nssh myserver\n\n# Jump through bastion automatically\nssh internal\n\n# Override config options\nssh -o \"StrictHostKeyChecking=no\" myserver" }, { "title": "SCP (Secure Copy)", "body": "# Copy file to remote\nscp file.txt user@hostname:/path/to/destination/\n\n# Copy file from remote\nscp user@hostname:/path/to/file.txt ./local/\n\n# Copy directory recursively\nscp -r /local/dir user@hostname:/remote/dir/\n\n# Copy with specific port\nscp -P 2222 file.txt user@hostname:/path/\n\n# Copy with compression\nscp -C large-file.zip user@hostname:/path/\n\n# Preserve attributes (timestamps, permissions)\nscp -p file.txt user@hostname:/path/" }, { "title": "SFTP (Secure FTP)", "body": "# Connect to SFTP server\nsftp user@hostname\n\n# Common SFTP commands:\n# pwd - Remote working directory\n# lpwd - Local working directory\n# ls - List remote files\n# lls - List local files\n# cd - Change remote directory\n# lcd - Change local directory\n# get file - Download file\n# put file - Upload file\n# mget *.txt - Download multiple files\n# mput *.jpg - Upload multiple files\n# mkdir dir - Create remote directory\n# rmdir dir - Remove remote directory\n# rm file - Delete remote file\n# exit/bye - Quit\n\n# Batch mode\nsftp -b commands.txt user@hostname" }, { "title": "Rsync over SSH", "body": "# Sync directory\nrsync -avz /local/dir/ user@hostname:/remote/dir/\n\n# Sync with progress\nrsync -avz --progress /local/dir/ user@hostname:/remote/dir/\n\n# Sync with delete (mirror)\nrsync -avz --delete /local/dir/ user@hostname:/remote/dir/\n\n# Exclude patterns\nrsync -avz --exclude '*.log' --exclude 'node_modules/' \\\n /local/dir/ user@hostname:/remote/dir/\n\n# Custom SSH port\nrsync -avz -e \"ssh -p 2222\" /local/dir/ user@hostname:/remote/dir/\n\n# Dry run\nrsync -avz --dry-run /local/dir/ user@hostname:/remote/dir/" }, { "title": "Hardening SSH", "body": "# Disable password authentication (edit /etc/ssh/sshd_config)\nPasswordAuthentication no\nPubkeyAuthentication yes\n\n# Disable root login\nPermitRootLogin no\n\n# Change default port\nPort 2222\n\n# Use protocol 2 only\nProtocol 2\n\n# Limit users\nAllowUsers user1 user2\n\n# Restart SSH service\nsudo systemctl restart sshd" }, { "title": "Connection security", "body": "# Check host key\nssh-keygen -F hostname\n\n# Remove old host key\nssh-keygen -R hostname\n\n# Strict host key checking\nssh -o StrictHostKeyChecking=yes user@hostname\n\n# Use specific cipher\nssh -c aes256-ctr user@hostname" }, { "title": "Debugging", "body": "# Verbose output\nssh -v user@hostname\nssh -vv user@hostname # More verbose\nssh -vvv user@hostname # Maximum verbosity\n\n# Test connection\nssh -T user@hostname\n\n# Check permissions\nls -la ~/.ssh/\n# Should be: 700 for ~/.ssh, 600 for keys, 644 for .pub files" }, { "title": "Common issues", "body": "# Fix permissions\nchmod 700 ~/.ssh\nchmod 600 ~/.ssh/id_rsa\nchmod 644 ~/.ssh/id_rsa.pub\nchmod 644 ~/.ssh/authorized_keys\n\n# Clear known_hosts entry\nssh-keygen -R hostname\n\n# Disable host key checking (not recommended)\nssh -o StrictHostKeyChecking=no user@hostname" }, { "title": "Jump hosts (ProxyJump)", "body": "# Connect through bastion\nssh -J bastion.example.com user@internal.local\n\n# Multiple jumps\nssh -J bastion1,bastion2 user@final-destination\n\n# Using config (see Configuration section above)\nssh internal # Automatically uses ProxyJump" }, { "title": "Multiplexing", "body": "# Master connection\nssh -M -S ~/.ssh/control-%r@%h:%p user@hostname\n\n# Reuse connection\nssh -S ~/.ssh/control-user@hostname:22 user@hostname\n\n# In config:\n# ControlMaster auto\n# ControlPath ~/.ssh/control-%r@%h:%p\n# ControlPersist 10m" }, { "title": "Execute commands", "body": "# Single command\nssh user@hostname 'uptime'\n\n# Multiple commands\nssh user@hostname 'cd /var/log && tail -n 20 syslog'\n\n# Pipe commands\ncat local-script.sh | ssh user@hostname 'bash -s'\n\n# With sudo\nssh -t user@hostname 'sudo command'" }, { "title": "Tips", "body": "Use SSH keys instead of passwords\nUse ~/.ssh/config for frequently accessed hosts\nEnable SSH agent forwarding carefully (security risk)\nUse ProxyJump for accessing internal networks\nKeep SSH client and server updated\nUse fail2ban or similar to prevent brute force\nMonitor /var/log/auth.log for suspicious activity\nUse port knocking or VPN for additional security\nBackup your SSH keys securely\nUse different keys for different purposes" }, { "title": "Documentation", "body": "Official docs: https://www.openssh.com/manual.html\nMan pages: man ssh, man ssh_config, man sshd_config" } ], "body": "SSH Essentials\n\nSecure Shell (SSH) for remote access and secure file transfers.\n\nBasic Connection\nConnecting\n# Connect with username\nssh user@hostname\n\n# Connect to specific port\nssh user@hostname -p 2222\n\n# Connect with verbose output\nssh -v user@hostname\n\n# Connect with specific key\nssh -i ~/.ssh/id_rsa user@hostname\n\n# Connect and run command\nssh user@hostname 'ls -la'\nssh user@hostname 'uptime && df -h'\n\nInteractive use\n# Connect with forwarding agent\nssh -A user@hostname\n\n# Connect with X11 forwarding (GUI apps)\nssh -X user@hostname\nssh -Y user@hostname # Trusted X11\n\n# Escape sequences (during session)\n# ~. - Disconnect\n# ~^Z - Suspend SSH\n# ~# - List forwarded connections\n# ~? - Help\n\nSSH Keys\nGenerating keys\n# Generate RSA key\nssh-keygen -t rsa -b 4096 -C \"your_email@example.com\"\n\n# Generate ED25519 key (recommended)\nssh-keygen -t ed25519 -C \"your_email@example.com\"\n\n# Generate with custom filename\nssh-keygen -t ed25519 -f ~/.ssh/id_myserver\n\n# Generate without passphrase (automation)\nssh-keygen -t ed25519 -N \"\" -f ~/.ssh/id_deploy\n\nManaging keys\n# Copy public key to server\nssh-copy-id user@hostname\n\n# Copy specific key\nssh-copy-id -i ~/.ssh/id_rsa.pub user@hostname\n\n# Manual key copy\ncat ~/.ssh/id_rsa.pub | ssh user@hostname 'cat >> ~/.ssh/authorized_keys'\n\n# Check key fingerprint\nssh-keygen -lf ~/.ssh/id_rsa.pub\n\n# Change key passphrase\nssh-keygen -p -f ~/.ssh/id_rsa\n\nSSH agent\n# Start ssh-agent\neval $(ssh-agent)\n\n# Add key to agent\nssh-add ~/.ssh/id_rsa\n\n# List keys in agent\nssh-add -l\n\n# Remove key from agent\nssh-add -d ~/.ssh/id_rsa\n\n# Remove all keys\nssh-add -D\n\n# Set key lifetime (seconds)\nssh-add -t 3600 ~/.ssh/id_rsa\n\nPort Forwarding & Tunneling\nLocal port forwarding\n# Forward local port to remote\nssh -L 8080:localhost:80 user@hostname\n# Access via: http://localhost:8080\n\n# Forward to different remote host\nssh -L 8080:database.example.com:5432 user@jumphost\n# Access database through jumphost\n\n# Multiple forwards\nssh -L 8080:localhost:80 -L 3306:localhost:3306 user@hostname\n\nRemote port forwarding\n# Forward remote port to local\nssh -R 8080:localhost:3000 user@hostname\n# Remote server can access localhost:3000 via its port 8080\n\n# Make service accessible from remote\nssh -R 9000:localhost:9000 user@publicserver\n\nDynamic port forwarding (SOCKS proxy)\n# Create SOCKS proxy\nssh -D 1080 user@hostname\n\n# Use with browser or apps\n# Configure SOCKS5 proxy: localhost:1080\n\n# With Firefox\nfirefox --profile $(mktemp -d) \\\n --preferences \"network.proxy.type=1;network.proxy.socks=localhost;network.proxy.socks_port=1080\"\n\nBackground tunnels\n# Run in background\nssh -f -N -L 8080:localhost:80 user@hostname\n\n# -f: Background\n# -N: No command execution\n# -L: Local forward\n\n# Keep alive\nssh -o ServerAliveInterval=60 -L 8080:localhost:80 user@hostname\n\nConfiguration\nSSH config file (~/.ssh/config)\n# Simple host alias\nHost myserver\n HostName 192.168.1.100\n User admin\n Port 2222\n\n# With key and options\nHost production\n HostName prod.example.com\n User deploy\n IdentityFile ~/.ssh/id_prod\n ForwardAgent yes\n \n# Jump host (bastion)\nHost internal\n HostName 10.0.0.5\n User admin\n ProxyJump bastion\n\nHost bastion\n HostName bastion.example.com\n User admin\n\n# Wildcard configuration\nHost *.example.com\n User admin\n ForwardAgent yes\n \n# Keep connections alive\nHost *\n ServerAliveInterval 60\n ServerAliveCountMax 3\n\nUsing config\n# Connect using alias\nssh myserver\n\n# Jump through bastion automatically\nssh internal\n\n# Override config options\nssh -o \"StrictHostKeyChecking=no\" myserver\n\nFile Transfers\nSCP (Secure Copy)\n# Copy file to remote\nscp file.txt user@hostname:/path/to/destination/\n\n# Copy file from remote\nscp user@hostname:/path/to/file.txt ./local/\n\n# Copy directory recursively\nscp -r /local/dir user@hostname:/remote/dir/\n\n# Copy with specific port\nscp -P 2222 file.txt user@hostname:/path/\n\n# Copy with compression\nscp -C large-file.zip user@hostname:/path/\n\n# Preserve attributes (timestamps, permissions)\nscp -p file.txt user@hostname:/path/\n\nSFTP (Secure FTP)\n# Connect to SFTP server\nsftp user@hostname\n\n# Common SFTP commands:\n# pwd - Remote working directory\n# lpwd - Local working directory\n# ls - List remote files\n# lls - List local files\n# cd - Change remote directory\n# lcd - Change local directory\n# get file - Download file\n# put file - Upload file\n# mget *.txt - Download multiple files\n# mput *.jpg - Upload multiple files\n# mkdir dir - Create remote directory\n# rmdir dir - Remove remote directory\n# rm file - Delete remote file\n# exit/bye - Quit\n\n# Batch mode\nsftp -b commands.txt user@hostname\n\nRsync over SSH\n# Sync directory\nrsync -avz /local/dir/ user@hostname:/remote/dir/\n\n# Sync with progress\nrsync -avz --progress /local/dir/ user@hostname:/remote/dir/\n\n# Sync with delete (mirror)\nrsync -avz --delete /local/dir/ user@hostname:/remote/dir/\n\n# Exclude patterns\nrsync -avz --exclude '*.log' --exclude 'node_modules/' \\\n /local/dir/ user@hostname:/remote/dir/\n\n# Custom SSH port\nrsync -avz -e \"ssh -p 2222\" /local/dir/ user@hostname:/remote/dir/\n\n# Dry run\nrsync -avz --dry-run /local/dir/ user@hostname:/remote/dir/\n\nSecurity Best Practices\nHardening SSH\n# Disable password authentication (edit /etc/ssh/sshd_config)\nPasswordAuthentication no\nPubkeyAuthentication yes\n\n# Disable root login\nPermitRootLogin no\n\n# Change default port\nPort 2222\n\n# Use protocol 2 only\nProtocol 2\n\n# Limit users\nAllowUsers user1 user2\n\n# Restart SSH service\nsudo systemctl restart sshd\n\nConnection security\n# Check host key\nssh-keygen -F hostname\n\n# Remove old host key\nssh-keygen -R hostname\n\n# Strict host key checking\nssh -o StrictHostKeyChecking=yes user@hostname\n\n# Use specific cipher\nssh -c aes256-ctr user@hostname\n\nTroubleshooting\nDebugging\n# Verbose output\nssh -v user@hostname\nssh -vv user@hostname # More verbose\nssh -vvv user@hostname # Maximum verbosity\n\n# Test connection\nssh -T user@hostname\n\n# Check permissions\nls -la ~/.ssh/\n# Should be: 700 for ~/.ssh, 600 for keys, 644 for .pub files\n\nCommon issues\n# Fix permissions\nchmod 700 ~/.ssh\nchmod 600 ~/.ssh/id_rsa\nchmod 644 ~/.ssh/id_rsa.pub\nchmod 644 ~/.ssh/authorized_keys\n\n# Clear known_hosts entry\nssh-keygen -R hostname\n\n# Disable host key checking (not recommended)\nssh -o StrictHostKeyChecking=no user@hostname\n\nAdvanced Operations\nJump hosts (ProxyJump)\n# Connect through bastion\nssh -J bastion.example.com user@internal.local\n\n# Multiple jumps\nssh -J bastion1,bastion2 user@final-destination\n\n# Using config (see Configuration section above)\nssh internal # Automatically uses ProxyJump\n\nMultiplexing\n# Master connection\nssh -M -S ~/.ssh/control-%r@%h:%p user@hostname\n\n# Reuse connection\nssh -S ~/.ssh/control-user@hostname:22 user@hostname\n\n# In config:\n# ControlMaster auto\n# ControlPath ~/.ssh/control-%r@%h:%p\n# ControlPersist 10m\n\nExecute commands\n# Single command\nssh user@hostname 'uptime'\n\n# Multiple commands\nssh user@hostname 'cd /var/log && tail -n 20 syslog'\n\n# Pipe commands\ncat local-script.sh | ssh user@hostname 'bash -s'\n\n# With sudo\nssh -t user@hostname 'sudo command'\n\nTips\nUse SSH keys instead of passwords\nUse ~/.ssh/config for frequently accessed hosts\nEnable SSH agent forwarding carefully (security risk)\nUse ProxyJump for accessing internal networks\nKeep SSH client and server updated\nUse fail2ban or similar to prevent brute force\nMonitor /var/log/auth.log for suspicious activity\nUse port knocking or VPN for additional security\nBackup your SSH keys securely\nUse different keys for different purposes\nDocumentation\n\nOfficial docs: https://www.openssh.com/manual.html Man pages: man ssh, man ssh_config, man sshd_config" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/Arnarsson/ssh-essentials", "publisherUrl": "https://clawhub.ai/Arnarsson/ssh-essentials", "owner": "Arnarsson", "version": "1.0.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/ssh-essentials", "downloadUrl": "https://openagent3.xyz/downloads/ssh-essentials", "agentUrl": "https://openagent3.xyz/skills/ssh-essentials/agent", "manifestUrl": "https://openagent3.xyz/skills/ssh-essentials/agent.json", "briefUrl": "https://openagent3.xyz/skills/ssh-essentials/agent.md" } }