20 essential shell commands for DevOps engineers
Moving from software development to DevOps means the terminal is no longer just for Git commits; it’s your primary interface for production infrastructure. This guide categorizes the 20 most critical commands by their real-world utility.
I. Connectivity & remote management
The first step is to reach a server.
1. ssh - Secure shell access
Use it to execute remote commands without opening a full interactive shell to speed up automation.
ssh user@prod-server # Standard login
ssh -i ~/.ssh/id_rsa user@host # Login using a specific private key (-i specifies the private key file for authentication)
ssh user@host "df -h" # Execute command and return result immediately
2. scp - Secure Copy
Moving files between your local machine and a cluster. Warning: scp overwrites without confirmation—always verify the destination first.
scp ./nginx.conf user@host:/etc/nginx/ # Push local config to server
scp -r user@host:/var/log/app/ ./logs/ # Pull remote log directory to local (-r copies directories recursively)
scp -p user@host:/file ./local/ # -p preserves permissions (safer for configs)
II. Filesystem Navigation & Cleanup
3. ls & pwd - List Files and Show Location
ls -la is the industry standard to see hidden files (like .env or .git). Know where you are with pwd.
ls -la # detailed listing with hidden files
ls -lh # readable file sizes (KB, MB, etc)
ls -lt # sorted by modification time
pwd # show current directory path
pwd -P # show physical path (resolves symlinks) — reveals where you really are
4. cd - Change Directory
cd /var/log # absolute path
cd ../config # relative path - go up one level
cd - # toggle between your current and previous directory
5. find - Locating Files
find / -type f -name "*.conf" # Find every config file on the system
find . -type f -mtime -1 # Find files modified in the last 24 hours
find /var/log -type f -size +100M # Find large files taking up space
6. mkdir - Create Directories
Use mkdir -p path/to/dir to create a full nested directory tree in one go.
mkdir /var/backups/daily # Create a single directory
mkdir -p /var/app/logs/archive # Create nested directories
7. rm - Remove Files
Warning: Always use ls with your wildcards before running rm to ensure you aren’t deleting more than intended.
rm /tmp/old_file.txt # Delete a single file
find /var/log -type f -name "*.old" -delete # Find and delete old log files
III. System Observability & Troubleshooting
When “the site is down,” these are the tools you use to find the bottleneck.
8. top - Process Monitoring
Real-time view of CPU, Memory, and Load Average.
top # Standard system monitor
9. ps - Process Status
Find specific process IDs (PIDs).
ps aux | grep python # Find all running Python scripts
ps -ef --forest # Visualize process hierarchy (who spawned what) — reveals dependencies
10. df & du - Disk Usage
“Disk Full” is a leading cause of database failures.
df -h # Human-readable disk space per partition
du -sh /var/log/* | sort -hr # Find the largest files in the log directory
11. journalctl - Systemd logs
The modern way to view logs for services managed by systemd. Use time filters to scope logs for faster debugging.
journalctl -u docker.service -f # Follow logs for the Docker daemon
journalctl --since "10 min ago" # Scope to recent events (huge time saver)
journalctl -u nginx --since "1 hour ago" # Combine unit and time filters
IV. Log Parsing & Text Manipulation
DevOps is also about reading logs.
12. tail & head - File ends
tail -f /var/log/nginx/access.log # Stream logs in real-time
tail -n 100 error.log # View the last 100 lines
head -20 config.txt # View first 20 lines of a file
13. grep - Pattern Matching
grep -i "error" app.log # Case-insensitive search
grep -r "127.0.0.1" /etc/nginx/ # Recursive search through all config files
grep -c "warning" system.log # Count matching lines
14. cat & less - File Reading
Use cat for small files and less for massive logs to avoid “bombing” your terminal.
cat /etc/resolv.conf # Quick check of DNS settings
less /var/log/syslog # Searchable, scrollable view (Press 'q' to quit)
V. Service & Permissions Control
Managing the lifecycle of applications and securing the filesystem.
15. systemctl - Service Manager
sudo systemctl restart nginx # Restart a service after config change
sudo systemctl status kubelet # Check if Kubernetes agent is healthy
sudo systemctl enable prometheus # Ensure service starts on boot
16. sudo - Elevated privileges
Run commands with root-level access when needed.
sudo command # Execute with root privileges
sudo !! # Repeat the last command as sudo
17. chmod & chown - Permissions
Warning: Never use chmod 777 as a quick fix—it’s a security disaster. Use specific permissions.
chmod 400 private_key.pem # Secure a private key (Read-only for owner)
chown -R www-data:www-data /var/www # Change directory ownership to web server user
chmod 755 /var/app/script.sh # Owner: rwx, Others: rx (scripts)
chmod 640 config.conf # Owner: rw, Group: r, Others: nothing (sensitive)
18. kill - Terminate processes
Best practice: Use SIGTERM first to let the process clean up gracefully. Only force-kill if it refuses.
kill -15 <PID> # SIGTERM: Ask nicely to shut down
sleep 5
kill -9 <PID> # SIGKILL: Force immediate stop (only if needed)
killall nginx # Kill all processes with a given name
VI. Network & API testing
Validating that services are actually listening and responding.
19. curl - The Swiss Army Knife of HTTP
curl -I https://google.com # Fetch headers only (-I shows response headers; great for checking status codes)
curl -X POST -d @data.json http://api # Send JSON data to an endpoint (-X specifies HTTP method; -d sends data)
curl -H "Authorization: Bearer token" https://api.example.com # Add custom headers (-H adds custom HTTP header, like auth tokens)
20. netstat / ss - Socket Statistics
Check if a port is actually open and listening.
ss -tulpn | grep :80 # See what process is using port 80
netstat -an | grep ESTABLISHED # View all active connections