# SSH Notes ## SSH Tunneling ### Local Forwarding #### Examples NOTE: these use autossh to prevent the tunnel from dying Plex ```shell autossh -f -nNT -p3141 -N -L 8080:192.168.0.209:32400 chawley@aristotle.planethawleywood.com ``` ESXi ```shell autossh -f -nNT -p3141 -N -L 8090:192.168.0.208:443 chawley@aristotle.planethawleywood.com ``` Both ESXi and AWX ```shell autossh -f -nNT -p3141 -N -L 8090:192.168.0.208:443 -L 8091:192.168.0.25:80 chawley@aristotle.planethawleywood.com ``` Both Plex and Derry OD ```shell autossh -f -nNT -p3141 -N -L 8080:192.168.0.209:32400 -L 8070:192.168.0.209:80 chawley@aristotle.planethawleywood.com ``` ---

Protocol	SSH
From	my office workstation
To	RRD Jumpbox (54.84.9.50)
Via	chawley2@ladmin2
Notes	I have the jumpbox host configured in.ssh/config on both machines
`ssh -N -L 8090:54.184.92.50:22 chawley2@ladmin2.precisiondm.com`

Protocol	web
From	my office workstation
To	Plex (derry)
Via	chawley@aristotle
`ssh -p3141 -N -L 8080:192.168.0.209:32400 chawley@aristotle.planethawleywood.com`

### Remote Forwarding NOTE: By default, OpenSSH only allows connecting to remote forwarded ports from the server host. However, the GatewayPorts option in the server configuration file sshd_config can be used to control this. The following alternatives are possible: ```shell GatewayPorts no ``` This prevents connecting to forwarded ports from outside the server computer. ```shell GatewayPorts yes ``` This allows anyone to connect to the forwarded ports. If the server is on the public Internet, anyone on the Internet can connect to the port. #### Examples

Protocol	web
From	derry
To	overlook
Notes	This allows you to access apache web pages on derry by visiting `http://overlook.planethawleywood.com:8888` as long as `GatewayPorts yes` is present in `/etc/ssh/sshd_config` (as explained above) and port 8888 is open on Overlook
`ssh -R 8888:localhost:80 root@overlook`

### Reference * [How To Use SSH Tunneling](https://www.howtogeek.com/168145/how-to-use-ssh-tunneling/) * [SSH Port Forwarding Example](https://www.ssh.com/ssh/tunneling/example) ## Kill Unresponsive SSH ### Summary Let’s say you’re happily typing in your remote shell when all of a sudden, the crappy Wi-Fi network you’re using goes down. You end up with a perfectly unusable frozen shell, ugh! To do that, assuming you lost connectivity, press in that order: ```shell [Enter] ~ . ``` That is, <return key> then tilde then period This will send an escape sequence to your local SSH client and terminate the connection.—So this will always work even without a network connection. Here’s the list of escape sequences: ### Supported escape sequences: `~.` - terminate connection (and any multiplexed sessions) \ `~B` - send a BREAK to the remote system \ `~C` - open a command line \ `~R` - Request rekey (SSH protocol 2 only) \ `~^Z `- suspend ssh \ ~# - list forwarded connections \ ~& - background ssh (when waiting for connections to terminate) \ ~? - this message \ ~~ - send the escape character by typing it twice \ \ (Note that escapes are only recognized immediately after newline.) ## SSH Keygen ### Generate an SSH Key with a comment ```shell ssh-keygen -C "comment" -f ```