Strict Host Key Checking

Setting StrictHostKeyChecking to no instructs SSH to bypass verification of the remote host's key.  Including this options will disable the mismatch prompt and automatically add the host key to ~/.ssh/known_hosts

$ ssh -o "StrictHostKeyChecking=no" user@example.com

Connection Timeout

This option prevents SSH from hanging until the TCP connection times out when a remote host is unresponsive.  The value is time in seconds.

$ ssh -o "ConnectTimeout=10" user@example.com

Batch Mode

In combination with public/private key authentication, the BatchMode option forces public key authentication and skips password authentication rather than prompting should public key authentication fail.  NOTE: This will not work for systems that use MFA over SSH.

Success mode:

$ ssh -o "BatchMode=yes" user@example.com uptime

12:35:14 up 41 days, 9:07, 1 user, load average: 0.48, 0.64, 0.86

Failure mode:

$ ssh -o "BatchMode=yes" user@not.my.example.com uptime

user@not.my.example.com: Permission denied (publickey).

User Known Hosts File

This option allows specifying a non-standard known hosts file.  In a script, it can be useful to set to /dev/null to avoid errors relating to mismatches when an IP is reused.

$ ssh -o "UserKnownHostsFile=/dev/null" user@example.com

Local Port Forwarding

Local port forwarding is useful for tunneling traffic on predetermined ports through an SSH connection.  This is particularly relevant for remote firewalled networks, and accessing services on remote machines bound exclusively to 127.0.0.1

$ ssh -L 8080:localhost:80 user@example.com

Remote Port Forwarding

Remote port forwarding allows connections from the remote host through the SSH connection back to the local host/network

$ ssh -R 5900:localhost:5900 user@example.com

Dynamic Port Forwarding

SSH can function as a SOCKS proxy when used with dynamic port forwarding.  The standard SOCKS port is 1001, and while any port may be used, some applications do not support non-standard SOCKS proxy ports.  The -C option can be included to enable compression, which is useful primarily when proxying text-based information like web browsing.

$ ssh -C -D 1001 user@example.com

Forwarding X11 Applications

When connecting to Linux/Unix/MacOS hosts via SSH, it is sometimes desirable to start a GUI application on the remote host.  For X11-based applications, this can be achieved by enabling trusted X11 forwarding.  Note: the local host will need to be running an X11 server for this to work.

$ ssh -X user@example.com