SSH

Make SSH tunnels

1

ssh -L <client-port>:<internal-host-ip>:<host-port> host

The tunnels are useful to connect to remote services like:

• Databases not exposed to internet:
  • Mongodb ssh -L 0.0.0.0:27017:127.0.0.1:27017 databasehost

Open ssh to outside somehost from client

1

ssh somehost -R 0:localhost:22

SSH Proxy Command

If you want to reach a non exposed host from a one which is exposed you can make use of SSH ProxyComman.

1
2
3
4
5
6
7
8
9
10

    +--------+       +----------+      +-----------------+
    | Laptop | <---> | home NAS | <--> | my-private-host |
    +--------+       +----------+      +-----------------+

              OR

    +--------+       +----------+      +-----------------+
    | Laptop | <---> | Firewall | <--> | my-private-host |
    +--------+       +----------+      +-----------------+
192.168.1.5        121.1.2.3         10.10.29.68

Just add this lines in your .ssh/config

1
2
3

host *.my-private-host
    user root
    ProxyCommand ssh root@my-exposed-host -W %h:%p

NOTE The proxy host must be able to resolve the host passed (in this case *.my-private-host which could be tv.myhome). You can add the host and ip definition in the /etc/hosts file.

• More information
• OpenSSH/Cookbook/Proxies and Jump Hosts

Tools

• advanced-ssh-config - 💻 make your ssh client smarter
• autossh - Persistent SSH tunnels https://www.npmjs.com/package/autossh