SSH snippets

Page content

Local Port forwarding

ssh -L 50088:remote2.myserver.com:80 atlex@remote1.myserver.com

SSH portforwarding in backgraound

ssh -fNT -L 8888:localhost:8888 myuser@mydomain.com

official mannual

  • -f: Requests ssh to go to background just before command execution.
  • -N: Do not execute a remote command. This is useful for just forwarding ports (protocol version 2 only).
  • -T: Disable pseudo-tty allocation.

Config file

Host github.com
    User git
    Port 22
    Hostname github.com
    IdentityFile ~/.ssh/id_ecdsa
    TCPKeepAlive yes
    IdentitiesOnly yes

Host myserver*.com
    User atlex00

Host gcp
    User atlex00
    Hostname 192.168.0.123
    IdentityFile ~/.ssh/id_ecdsa
    IdentitiesOnly yes

Default bastion in config file

ProxyJump option:

Host final.destination.com
    User atlex00
    Port 22
    IdentityFile ~/.ssh/id_rsa
    TCPKeepAlive yes
    ProxyJump my.bastion.com

SSH with certificate

https://datatracker.ietf.org/doc/html/rfc6187

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/sec-using_openssh_certificate_authentication

Good figures:

https://chandanduttachowdhury.wordpress.com/2014/12/31/certificate-based-ssh-user-authentication/

Daemon configuration

/etc/ssh/sshd_config:

...
PermitRootLogin no
PasswordAuthentication no
PubkeyAuthentication yes
...

Don’t forget to put ~/.ssh/authorized_keys and systemctl restart sshd.