Created Sun Jun, 09 2019 at 11:40AM

testing credentials

ssh -T git@github.com

Tunneling

SSH Tunneling basically creates a secure encrypted network tunnel where traffic is either forwarded from your local machine to a remote machine (local), or requests destined for a remote host are intercepted and sent down to your local machine (remote).

Local Port Tunneling

Usage examples: - I want run a development instance on a server, but call it on my remote machine - I want to tunnel my routers webUI (which is not accessible outside of the internal LAN)

ssh -L -N 5000:localhost:8080 user@remote       # forwarding 8080 from remote server to localhost 5000
ssh -L -N 5000:192.168.100.1:443 user@remote  # forwarding another machines https (port 443) through user@remote to localhost:5000

Occasionally you may need to push up a service e.g. webserver and have others connect to it. You may need to use socat to get this accomplished.

# first shell start remotely pushing up port 10000 from local machine to "accessible-server"
ssh -N -R 10000:127.0.0.1:10000 jaime@accessible-server
# second shell - start socat to allow connections from 0.0.0.0:10001 => 127.0.0.1:10000 (relay)
socat TCP4-LISTEN:10001,fork TCP4:127.0.0.1:10000
https://172.21.70.123:10001

Remote Port Tunneling

Usage example: I want to push my local development instance up to a public server so a remote client can see & interact with it.

ssh -L -N 8080:localhost:8080 user@server

If you want that forwarded port to be available to everyone try 0.0.0.0:8080:localhost:8080, if that doesn't work install socat and do this:

ssh -R 8080:localhost:8080 -N user@remote.srv
socat TCP-LISTEN:5000,fork TCP:127.0.0.1:8080
# this makes port 5000 available globally i.e. *:5000

SSH Config

One of the first things I do when connecting to a new server is add it to my ssh config. This makes it super easy to connect to the same host in the future. There are many advanced options you can set per host as demonstrated below.

# most simple example. You can just type `ssh simple`, but what this config does is `ssh fl-pr-usawest.003-oof.somelong-not-so.simple.com`
Host simple
  HostName fl-pr-usawest.003-oof.somelong-not-so.simple.com
  User jwick

# this example shows wildcard for IP
# you can even use more than one wildcard 10.0.*.* for example
Host 172.16.16.*
    StrictHostKeyChecking no
    UserKnownHostsFile /dev/null

# Here we see non-standard (22) port + keyfile authenication
Host ec2foo
  HostName 192.168.56.3
  User admin
  Port 5000
  IdentityFile ~/.ssh/id_rsa

# MacOS keychain, see bullet below to add your key to keychain. 
Host git
        HostName gitrepo.local
        User git
        PreferredAuthentications publickey
        IdentityFile /Users/barney/.ssh/gitrepo_key
        UseKeychain yes
        # UseKeychain seems like a MacOS thing, ymmv
        AddKeysToAgent yes

# Here we have an old ssh server where we have to specify unused ciphers + server keep alives if your device is set to kill old connections
Host fw1
  HostName 10.0.0.1
  Ciphers="3des-cbc"
  KexAlgorithms="diffie-hellman-group1-sha1"
  User netadmin
  ServerAliveInterval 300
  ServerAliveCountMax 2

Adding your SSH key into MacOS keychain

ssh-add -K ~/.ssh/[your-private-key]

SSH Notes and Tips