Created Sun Jun, 09 2019 at 11:40AM
ssh -T git@github.com
SSH Tunneling basically creates a secure encrypted network tunnel where traffic is either forwarded from your local machine to a remote machine (local), or requests destined for a remote host are intercepted and sent down to your local machine (remote).
Usage examples: - I want run a development instance on a server, but call it on my remote machine - I want to tunnel my routers webUI (which is not accessible outside of the internal LAN)
ssh -L -N 5000:localhost:8080 user@remote # forwarding 8080 from remote server to localhost 5000
ssh -L -N 5000:192.168.100.1:443 user@remote # forwarding another machines https (port 443) through user@remote to localhost:5000
Occasionally you may need to push up a service e.g. webserver and have others connect to it. You may need to use socat
to get this accomplished.
# first shell start remotely pushing up port 10000 from local machine to "accessible-server"
ssh -N -R 10000:127.0.0.1:10000 jaime@accessible-server
# second shell - start socat to allow connections from 0.0.0.0:10001 => 127.0.0.1:10000 (relay)
socat TCP4-LISTEN:10001,fork TCP4:127.0.0.1:10000
https://172.21.70.123:10001
Usage example: I want to push my local development instance up to a public server so a remote client can see & interact with it.
ssh -L -N 8080:localhost:8080 user@server
If you want that forwarded port to be available to everyone try 0.0.0.0:8080:localhost:8080, if that doesn't work install socat and do this:
ssh -R 8080:localhost:8080 -N user@remote.srv
socat TCP-LISTEN:5000,fork TCP:127.0.0.1:8080
# this makes port 5000 available globally i.e. *:5000
One of the first things I do when connecting to a new server is add it to my ssh config. This makes it super easy to connect to the same host in the future. There are many advanced options you can set per host as demonstrated below.
# most simple example. You can just type `ssh simple`, but what this config does is `ssh fl-pr-usawest.003-oof.somelong-not-so.simple.com`
Host simple
HostName fl-pr-usawest.003-oof.somelong-not-so.simple.com
User jwick
# this example shows wildcard for IP
# you can even use more than one wildcard 10.0.*.* for example
Host 172.16.16.*
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
# Here we see non-standard (22) port + keyfile authenication
Host ec2foo
HostName 192.168.56.3
User admin
Port 5000
IdentityFile ~/.ssh/id_rsa
# MacOS keychain, see bullet below to add your key to keychain.
Host git
HostName gitrepo.local
User git
PreferredAuthentications publickey
IdentityFile /Users/barney/.ssh/gitrepo_key
UseKeychain yes
# UseKeychain seems like a MacOS thing, ymmv
AddKeysToAgent yes
# Here we have an old ssh server where we have to specify unused ciphers + server keep alives if your device is set to kill old connections
Host fw1
HostName 10.0.0.1
Ciphers="3des-cbc"
KexAlgorithms="diffie-hellman-group1-sha1"
User netadmin
ServerAliveInterval 300
ServerAliveCountMax 2
ssh-add -K ~/.ssh/[your-private-key]