Secure Shell, of course. Besides the obvious OpenSSH link, this page will hold some of the less obvious (and more useful) stuff:



  • fail2ban – block script kiddies and other pests from trying to do dictionary-based attacks on your server (on the internet, nobody knows that you only use key-based authentication – not even morons).





Useful tricks:

macOS keychain:

SSH key handling has been changing throughout the years, but in Sierra (10.12.2) things can be restored to a modicum of sanity with these settings:

Host *
  UseKeychain yes
  AddKeysToAgent yes

Automatic session forwarding

If you routinely need to access a host behind another (or a VM inside a host), this is a relatively painless way to do so (won’t allow you to do SFTP, though, since that’s a different subsystem):

cat ~/.ssh/authorized_keys | grep command
command="ssh [email protected]" of key


Using the built-in keepalive feature to maintain tunnels with a TCP keepalive and a 30s internal (in-band) client active check (will try 10 times before disconnecting):

KeepAlive yes
ClientAliveInterval 30
ClientAliveCountMax 10

Speeding up connections to the same host (thanks to Melo):

$ head -3 ~/.ssh/config
Host *
  ControlMaster auto
  ControlPath /tmp/501/mux-%h-%p-%r

(on my machine the socket file is in 502 – more similar tips here)