4.3 KiB
SSH Notes
SSH Tunneling
Local Forwarding
Examples
NOTE: these use autossh to prevent the tunnel from dying
Plex
autossh -f -nNT -p3141 -N -L 8080:192.168.0.209:32400 chawley@aristotle.planethawleywood.com
ESXi
autossh -f -nNT -p3141 -N -L 8090:192.168.0.208:443 chawley@aristotle.planethawleywood.com
Both ESXi and AWX
autossh -f -nNT -p3141 -N -L 8090:192.168.0.208:443 -L 8091:192.168.0.25:80 chawley@aristotle.planethawleywood.com
Both Plex and Derry OD
autossh -f -nNT -p3141 -N -L 8080:192.168.0.209:32400 -L 8070:192.168.0.209:80 chawley@aristotle.planethawleywood.com
| Protocol | SSH |
| From | my office workstation |
| To | RRD Jumpbox (54.84.9.50) |
| Via | chawley2@ladmin2 |
| Notes | I have the jumpbox host configured in.ssh/config on both machines |
ssh -N -L 8090:54.184.92.50:22 chawley2@ladmin2.precisiondm.com
|
|
| Protocol | web |
| From | my office workstation |
| To | Plex (derry) |
| Via | chawley@aristotle |
ssh -p3141 -N -L 8080:192.168.0.209:32400 chawley@aristotle.planethawleywood.com
|
|
Remote Forwarding
NOTE: By default, OpenSSH only allows connecting to remote forwarded ports from the server host. However, the GatewayPorts option in the server configuration file sshd_config can be used to control this.
The following alternatives are possible:
GatewayPorts no
This prevents connecting to forwarded ports from outside the server computer.
GatewayPorts yes
This allows anyone to connect to the forwarded ports. If the server is on the public Internet, anyone on the Internet can connect to the port.
Examples
| Protocol | web |
| From | derry |
| To | overlook |
| Notes | This allows you to access apache web pages on derry by visiting http://overlook.planethawleywood.com:8888 as long as GatewayPorts yes is present in /etc/ssh/sshd_config (as explained above) and port 8888 is open on Overlook
|
ssh -R 8888:localhost:80 root@overlook
|
|
Reference
Kill Unresponsive SSH
Summary
Let’s say you’re happily typing in your remote shell when all of a sudden, the crappy Wi-Fi network you’re using goes down. You end up with a perfectly unusable frozen shell, ugh!
To do that, assuming you lost connectivity, press in that order:
[Enter]
~
.
That is, <return key> then tilde then period
This will send an escape sequence to your local SSH client and terminate the connection.—So this will always work even without a network connection.
Here’s the list of escape sequences:
Supported escape sequences:
~. - terminate connection (and any multiplexed sessions)
~B - send a BREAK to the remote system
~C - open a command line
~R - Request rekey (SSH protocol 2 only)
~^Z - suspend ssh
#
& - background ssh (when waiting for connections to terminate)
~? - this message
~~ - send the escape character by typing it twice
(Note that escapes are only recognized immediately after newline.)
SSH Keygen
Generate an SSH Key with a comment
ssh-keygen -C "comment" -f <file>