> ssh
Secure server access and tunneling with SSH. Use when a user asks to connect to remote servers, set up SSH keys, create tunnels, configure jump hosts, manage SSH config, or automate remote commands.
curl "https://skillshub.wtf/TerminalSkills/skills/ssh?format=md"SSH
Overview
SSH (Secure Shell) provides encrypted remote access to servers. Beyond basic login, it handles key-based auth, port forwarding (tunnels), jump hosts (bastion), file transfer (SCP/SFTP), and agent forwarding.
Instructions
Step 1: Key Setup
# Generate ED25519 key (recommended over RSA)
ssh-keygen -t ed25519 -C "your@email.com"
# Copy public key to server
ssh-copy-id user@server.example.com
# Or manually:
cat ~/.ssh/id_ed25519.pub | ssh user@server "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"
Step 2: SSH Config
# ~/.ssh/config — Named host configurations
Host prod
HostName 203.0.113.10
User deploy
Port 2222
IdentityFile ~/.ssh/deploy_key
Host staging
HostName staging.example.com
User deploy
ProxyJump bastion
Host bastion
HostName bastion.example.com
User admin
IdentityFile ~/.ssh/bastion_key
Host dev-*
HostName %h.internal.example.com
User developer
ProxyJump bastion
# Now just:
ssh prod # connects to 203.0.113.10:2222 as deploy
ssh staging # connects through bastion
ssh dev-api # connects to dev-api.internal.example.com via bastion
Step 3: Tunneling
# Local forward: access remote service locally
ssh -L 5432:db.internal:5432 bastion
# Now connect to localhost:5432 to reach the internal database
# Remote forward: expose local service to remote
ssh -R 8080:localhost:3000 prod
# Remote server can now reach your local app at localhost:8080
# Dynamic SOCKS proxy
ssh -D 1080 prod
# Use as SOCKS proxy for all traffic
Step 4: Server Hardening
# /etc/ssh/sshd_config — Production SSH hardening
PermitRootLogin no
PasswordAuthentication no
PubkeyAuthentication yes
MaxAuthTries 3
ClientAliveInterval 300
ClientAliveCountMax 2
AllowUsers deploy admin
Port 2222
Guidelines
- Always use key-based auth in production — disable password auth.
- ED25519 keys are shorter and more secure than RSA.
- Use ProxyJump (bastion/jump host) instead of exposing internal servers to the internet.
ssh-agentcaches keys in memory — no need to enter passphrase repeatedly.
> related_skills --same-repo
> zustand
You are an expert in Zustand, the small, fast, and scalable state management library for React. You help developers manage global state without boilerplate using Zustand's hook-based stores, selectors for performance, middleware (persist, devtools, immer), computed values, and async actions — replacing Redux complexity with a simple, un-opinionated API in under 1KB.
> zoho
Integrate and automate Zoho products. Use when a user asks to work with Zoho CRM, Zoho Books, Zoho Desk, Zoho Projects, Zoho Mail, or Zoho Creator, build custom integrations via Zoho APIs, automate workflows with Deluge scripting, sync data between Zoho apps and external systems, manage leads and deals, automate invoicing, build custom Zoho Creator apps, set up webhooks, or manage Zoho organization settings. Covers Zoho CRM, Books, Desk, Projects, Creator, and cross-product integrations.
> zod
You are an expert in Zod, the TypeScript-first schema declaration and validation library. You help developers define schemas that validate data at runtime AND infer TypeScript types at compile time — eliminating the need to write types and validators separately. Used for API input validation, form validation, environment variables, config files, and any data boundary.
> zipkin
Deploy and configure Zipkin for distributed tracing and request flow visualization. Use when a user needs to set up trace collection, instrument Java/Spring or other services with Zipkin, analyze service dependencies, or configure storage backends for trace data.