overthinkos/ssh-client
ov-foundation/skills/ssh-client/SKILL.md
OpenSSH client tools for SSH agent forwarding. Use when working with SSH client, SSH agent forwarding, or the ssh-client layer.
tools
Updated May 10, 2026
$ install --global
skillsauthnpx skillsauth add overthinkos/overthink-plugins ssh-clientInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 10, 2026, 5:33 AM141.4s1 file scanned
SKILL.md
- name:
- ssh-client
- description:
- |
ssh-client -- OpenSSH client tools
Layer Properties
| Property | Value |
|----------|-------|
| Install files | layer.yml (packages only) |
Packages
RPM: openssh-clients · PAC: openssh · DEB: openssh-client (singular — Debian splits client/server, unlike Arch's unified openssh).
Note: On Arch Linux, openssh is a single package that includes both client and server. The sshd layer also installs this package but adds a systemd service and opens port 22. On Debian/Ubuntu, openssh-client ships only the client tools; openssh-server is a separate package installed by the sshd layer.
Usage
# image.yml
my-image:
layers:
- ssh-client
Typically used as part of the agent-forwarding composition layer rather than directly. Use the sshd layer instead if you need an SSH server.
Runtime Behavior
Provides ssh, ssh-add, ssh-keygen, ssh-agent, scp, sftp binaries. When combined with SSH agent forwarding (ov shell, ov start direct mode), the container's SSH commands use the host's SSH agent via a forwarded socket at /run/host-ssh-auth.sock.
No SSH agent runs inside the container — the SSH_AUTH_SOCK environment variable points to the forwarded host socket.
Used In Images
Part of agent-forwarding composition layer, used in 27 application images.
Related Layers
/ov-foundation:agent-forwarding-- metalayer that includes gnupg + direnv + ssh-client/ov-coder:sshd-- SSH server + client (includes systemd service, port 22)/ov-coder:gh-- GitHub CLI + git (uses SSH for git operations)
When to Use This Skill
Use when the user asks about:
- SSH client tools inside containers
- SSH agent forwarding
- The
ssh-clientlayer - The difference between
ssh-clientandsshdlayers
Related
/ov-build:layer— layer authoring reference (layer.ymlschema, task verbs, service declarations)/ov-build:eval— declarative testing (eval:block,ov eval image,ov eval live)
Related Skills
overthinkos/charly
tools
VerifiedTrustedCommunity
OpenCharly CLI (charly) binary installed into container/VM images for in-container use. Use when working with charly binary deployment inside containers, native D-Bus support, or the full charly toolchain (charly binary + virtualization + gocryptfs + socat).
SKILL.mdUpdated Jun 10, 2026
overthinkos/charly-cachyos
development
VerifiedTrustedCommunity
Operator CachyOS workstation profile — a kind:local template + target:local deploy that installs the full dev stack (30 candies) onto a CachyOS host via ShellExecutor. Lives in the overthinkos/cachyos submodule. MUST be invoked before editing or applying the charly-cachyos workstation profile.
SKILL.mdUpdated Jun 10, 2026
overthinkos/charly-fedora
tools
VerifiedTrustedCommunity
Fedora box with the full charly toolchain using shared candies. Rootless-first — runs as uid=1000 with passwordless sudo (no root, no cap_add: ALL). Same candy list as charly-arch. Includes NVIDIA GPU runtime. MUST be invoked before building, deploying, configuring, or troubleshooting the charly-fedora box.
SKILL.mdUpdated Jun 10, 2026
overthinkos/charly-arch
tools
VerifiedTrustedCommunity
Arch Linux box with the full charly toolchain. Rootless-first — runs as uid=1000 with passwordless sudo (no root, no cap_add: ALL). Composes /charly-coder:charly-mcp so the box is reachable as an MCP gateway on port 18765. NVIDIA GPU runtime composed in. MUST be invoked before building, deploying, configuring, or troubleshooting the charly-arch box.
SKILL.mdUpdated Jun 10, 2026