SSH tunneling

Make remote port available locally

Make the remote port 8080 available locally on port 9000:

ssh -L 9000:localhost:8080 user@hostname.domain.tld
curl -v --http2 http://localhost:9000

Open Socks tunnel

Parameter explanation

Configure localhost:8123 as your socks proxy to send all traffic to the remote system:

ssh -D 8123 -f -C -q -N user@hostname.domain.tld

Helpful parameters

-C      Requests compression of all data (including stdin, stdout, stderr, and data for forwarded X11 and
        TCP connections).  The compression algorithm is the same used by gzip(1), and the “level” can be
        controlled by the CompressionLevel option for protocol version 1.  Compression is desirable on
        modem lines and other slow connections, but will only slow down things on fast networks.  The
        default value can be set on a host-by-host basis in the configuration files; see the Compression
        option.

-f      Requests ssh to go to background just before command execution.  This is useful if ssh is going to
        ask for passwords or passphrases, but the user wants it in the background.  This implies -n.  The
        recommended way to start X11 programs at a remote site is with something like ssh -f host xterm.

        If the ExitOnForwardFailure configuration option is set to “yes”, then a client started with -f
        will wait for all remote port forwards to be successfully established before placing itself in the
        background.

-N      Do not execute a remote command.  This is useful for just forwarding ports (protocol version 2
        only).

-q      Quiet mode.  Causes most warning and diagnostic messages to be suppressed.

List open SSH tunnels

report_local_port_forwardings() {
  
  # -a ands the selection criteria (default is or)
  # -i4 limits to ipv4 internet files
  # -P inhibits the conversion of port numbers to port names
  # -c /regex/ limits to commands matching the regex
  # -u$USER limits to processes owned by $USER
  # http://man7.org/linux/man-pages/man8/lsof.8.html
  # https://stackoverflow.com/q/34032299
  
  echo 
  echo "LOCAL PORT FORWARDING"
  echo
  echo "You set up the following local port forwardings:"
  echo
  
  lsof -a -i4 -P -c '/^ssh$/' -u$USER -s TCP:LISTEN
  
  echo
  echo "The processes that set up these forwardings are:"
  echo
  
  ps -f -p $(lsof -t -a -i4 -P -c '/^ssh$/' -u$USER -s TCP:LISTEN)
  
}
  
report_remote_port_forwardings() {
  
  echo 
  echo "REMOTE PORT FORWARDING"
  echo
  echo "You set up the following remote port forwardings:"
  echo
  
  ps -f -p $(lsof -t -a -i -c '/^ssh$/' -u$USER -s TCP:ESTABLISHED) | awk '
  NR == 1 || /R (\S+:)?[[:digit:]]+:\S+:[[:digit:]]+.*/
      '
}

report_local_port_forwardings
report_remote_port_forwardings

Sample output:

LOCAL PORT FORWARDING

You set up the following local port forwardings:

COMMAND   PID  USER   FD   TYPE  DEVICE SIZE/OFF NODE NAME
ssh     10086 user     7u  IPv4 1924960      0t0  TCP localhost:2301 (LISTEN)
ssh     10086 user     9u  IPv4 1924964      0t0  TCP localhost:2380 (LISTEN)
ssh     10086 user    11u  IPv4 1924968      0t0  TCP localhost:2381 (LISTEN)

The processes that set up these forwardings are:

UID        PID  PPID  C STIME TTY          TIME CMD
user     10086  7074  0 13:05 pts/21   00:00:00 ssh -N ssh.example.com

REMOTE PORT FORWARDING

You set up the following remote port forwardings:

UID        PID  PPID  C STIME TTY      STAT   TIME CMD
user      7570 30953  0 11:14 pts/18   S      0:00 ssh -N -R 9000:localhost:3000 ssh.example.com

PREVIOUSCheat Sheet - Ansible

NEXTBL3 Autoshift workaround for OIDC logins