SSH Oneliners

ssh -X remotehost # yawn. X forwarding through ssh.
ssh -Y remotehost # trusted X forwarding through ssh. Still yawn, let’s do something fun.
ssh -D2222 remotehost # This is okay. This command sets up a SOCKS proxy on port 2222 which can be used with firefox (and Internet Explorer if you really hate yourself) to avoid office internet filters…. not that I condone such anti-social behavior.
ssh -L # okay, now we’re getting interesting. This generates an ssh tunnel between your machine and the remote box on port 3306. This works for connecting to remote mysql instances when firewalls would ordinarily interfere. Simply point your mysql client to localhost:3306 and you’re off and running. This can also be applied to other applications as well. A slight modification, and you get the string below:
ssh -L3389:remote.win2k3.server:3389 # This command is a variation on the command above, allowing us to connect to those unsightly windows machines via rdesktop for remote administration. Best of all, we do this without opening up the remote desktop ports to the outside world. Remember folks, that windows code is expensive, you have to keep your precious little snowflakes safe after all.
With the commands above, you can alternatively add -f , if you want ssh to go to the background after the authentication portion is handled. Otherwise it’ll just leave you sitting at a remote shell prompt. If you wanted to add a built-in self-destruct, you could add ‘sleep 30′ after the ssh command strings above. This tells ssh to exit after 30 seconds if nothing has made a connection via the tunnel created.
(A side note for windows 7 users: 3389 may not work properly for you. Set the source port to something else like 3391 or 3399 and it'll work fine.)

ssh -nNT -R 2222:localbox:2222 remotebox # This command lets you create a reverse ssh tunnel, so that if you connect to remotebox:2222, you’ll be connected to the local machine on port 2222 also. This is useful when you really want to go home at night, but your boss demands you keep working. This way, you each get what you want, and you can avoid the firewall your office employs to keep folks from remotely connecting to…well, if you’re using this, you don’t really care. :-P
Crap, what if I already have an ssh session open, but I forgot to create the tunnel? Not to worry, there are escape keys to rescue you. Operating a little like screen, ~C will open an ssh command prompt so that you can start or stop tunnels as needed. It’ll look a bit like the one below:

[jperrin@server ~]$
ssh> help
-Lport:host:hostport Request local forward
-Rport:host:hostport Request remote forward
-KRhostport Cancel remote forward

As always, we’re just scratching the surface of what ssh can do, so if you want more information, fire up ‘man ssh’ in your favorite terminal and sit down for a good read.


Post a Comment

Copyright © Bit Integrity