User Tools

Site Tools


terminal:ssh

Introduction


The `ssh` application is essential to just about everyone. Are you using it as efficiently as possible? Check out these tips and config settings that will make your life easier, including aliases, specifying identify files, forwarding ports, and using jump hosts.

We will assume you already have OpenSSH installed. It comes installed by default with most Linux distributions. If you are using Windows, try Windows Subsystem for Linux.

Also, check out my `issh` tool for a convenient SSH menu with a curses TUI: [https://github.com/DevDungeon/issh](https://github.com/DevDungeon/issh).

<center> <iframe width=“560” height=“315” src=“https://www.youtube.com/embed/VmJrvG3ngkk” frameborder=“0” allow=“accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture” allowfullscreen></iframe> </center>

SSH options


SSH has a lot of potential options:

``` ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]

  [-D [bind_address:]port] [-E log_file] [-e escape_char]
  [-F configfile] [-I pkcs11] [-i identity_file]
  [-J [user@]host[:port]] [-L address] [-l login_name] [-m mac_spec]
  [-O ctl_cmd] [-o option] [-p port] [-Q query_option] [-R address]
  [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]]
  [user@]hostname [command]

```

Some simple usage example uses may include:

ssh devdungeon.com
ssh nanodano@devdungeon.com
ssh -p 2222 -i ~/.ssh/custom_id_rsa devdungeon.com

It can be tedious to configure all of the options using command-line flags, so the SSH config file allows you to set settings for different hosts and access them using a convenient alias.

In the SSH config file you can configure aliases to use. For example, if we set up an alias for host `dd` for `devdungeon.com`, we could simply connect using:

ssh dd

We will look at an example configuration in the next section.

SSH config file template


``` # Example ~/.ssh/config

# Connect using ``ssh sandbox`` or ``scp sandbox:* .`` Host sandbox

  HostName sandbox.local
  User myusername
  IdentityFile ~/.ssh/id_rsa
  Port 22
  ServerAliveInternal 30
  ProxyJump jumphost.local
  # To run remote X11 apps. Might need `export DISPLAY=:0` on the remote host
  ForwardX11 yes
  
  # If using local forward, do ssh -f -N host
  # -f puts ssh in background
  # -N makes it not execute a remote command
  LocalForward 9906 127.0.0.1:3306
  
  # Another local forward example.
  # This one will take the service that sits on the remote host
  # listening locally on port 3006 and makes it available
  # via a local listener that listens on localhost:9999.
  # E.g. Make a remote database that only listens locally available
  #      on your localhost port 9999
  LocalForward 127.0.0.1:9999 127.0.0.1:3306
  # Remote forward will make something available on the local 
  # machine/network available to the remote server.
  # E.g. Making an internal git server available to the host you are
  #   connecting to that would not normally be able to reach the git
  #   server. This eample makes git available on the remote server's port 9999 while on
  #   the remote SSH server
  # In the SSHD config set GatewayPorts to yes to allow public access
  RemoteForward 9999 locally-accessible-address:22
  # Set up a SOCKS proxy on 127.0.0.1:9999 that lets you pivot through the remote host(HostName) 
  # Then configure the local tool/browser to use a SOCKS proxy of localhost:9999
  DynamicForward 127.0.0.1:9999

Host myotherhostalias

HostName example.com

# This will apply to all hosts. Host *

  IPQoS=throughput
  # This fix errors like this in VMWare: packet_write_wait: Connection to x.x.x.x port 22: Broken pipe
  # https://www.devdungeon.com/content/fix-broken-pipe-error-ssh-connection-fedoravmware

```

Connecting through jump hosts


SSH through jump host with the `-J` option:

ssh -J myjumpserver destinationserver

SCP through jump host with the `-o ProxyJump` option:

scp -o ProxyJump=myjumphost <source> <dest>
scp -o ProxyJump=myjumphost devdungeon.com:file.txt .

You can reference aliases in the ProxyJump settings that are defined in the SSH config file, or specify it literally.

Forward a local port to a remote server


There are occassions when you want to expose a local port to the world so it can be accessed publicly on the internet.

For example, if you want to share you local development environment publicly Be able to receive webhooks from external services for your local development environment.

You can accomplish this with port forwarding. Be careful though, doing this could expose your local computer and network to the entire internet!

```bash # This will SSH to `my-remote-host.com` and while # the session is open, the remote server will # start listening on on port 9999 and any # connection it recieves will get forward # straight back to port 8000 on your local computer ssh -R 9999:localhost:8000 my-remote-host.com

# Or do it without a shell ssh -f -N -R 9999:localhost:8000 my-remote-host.com ```

To learn more check out my dedicated tutorial [Expose a Local Port over a Remote VPS with SSH Remote Port Forwarding](https://www.devdungeon.com/content/expose-local-port-over-remote-vps-ssh-remote-port-forwarding).

Conclusion


You should now have a solid grasp on how to configure your SSH client for extra convenience.

References


- [Expose a Local Port over a Remote VPS with SSH Remote Port Forwarding](https://www.devdungeon.com/content/expose-local-port-over-remote-vps-ssh-remote-port-forwarding) - [ISSH - Improved SSH launcher](https://github.com/DevDungeon/issh)

terminal/ssh.txt · Last modified: 2022/03/13 22:27 by nanodano