Skip to content

Instantly share code, notes, and snippets.

@shmalex

shmalex/config.md

Last active November 7, 2023 11:03
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save shmalex/c89304a9566630757e702955c25b9268 to your computer and use it in GitHub Desktop.
Save shmalex/c89304a9566630757e702955c25b9268 to your computer and use it in GitHub Desktop.
Download ZIP
ssh config help
Raw
config.md

Generate your key and copy to server

ssh-keygen

Copy to server

linux:

ssh-copy-id -i ~/.ssh/mykey user@host -p 22

windows:

type $env:USERPROFILE\.ssh\id_rsa.pub | ssh {IP-ADDRESS-OR-FQDN} -p 22 "cat >> .ssh/authorized_keys"

Test connections

ssh -i ~/.ssh/mykey user@host -p 22

Simple config

Host [Any Host name that will be used to connect]
  User [username]
  HostName [IP or domain]

Config with private key

Host linux_bastion
  User [username]
  HostName [IP or domain]
  Port 2222
  IdentityFile [RSA Private key]

Host internalsystem
  User [username]
  HostName [IP or domain]
  ProxyJump linux_bastion
  IdentityFile [RSA Private key]
  LocalForward 3306 loocalhost:8090

# others
Host internalsystem
  User [username]
  HostName [IP or domain]
  ProxyJump linux_bastion
  IdentityFile [RSA Private key]
  StrictHostKeyChecking 
  AddKeysToAgent ['yes', (default) 'no', 'ask', 'confirm']
  UserKnownHostsFile /dev/null

DynamicForward

Host some_bastion
  Port 222
  User user
  DynamicForward 1337

Difference between "local port forwarding" and "dynamic port forwarding"?

Yes, you have to specify a destination IP and port when using local forwarding. From man ssh:

 -L [bind_address:]port:host:hostport
         Specifies that the given port on the local (client) host is to be
         forwarded to the given host and port on the remote side.

Clearly, only the bind address is optional.

No, you can't specify a destination host or port when using dynamic forwarding. In dynamic forwarding, SSH acts as a SOCKS proxy. Again from the manpage (emphasis mine):

 -D [bind_address:]port
         Specifies a local “dynamic” application-level port forwarding.
         This works by allocating a socket to listen to port on the local
         side, optionally bound to the specified bind_address.  Whenever a
         connection is made to this port, the connection is forwarded over
         the secure channel, and the application protocol is then used to
         determine where to connect to from the remote machine.  Currently
         the SOCKS4 and SOCKS5 protocols are supported, and ssh will act
         as a SOCKS server.

With -L, SSH makes no attempt to understand the traffic. It just sends everything it receives on the local port to the target port - you determine the target port at the time the connection is made. With -D, SSH acts as a proxy server, and therefore can handle connections from multiple ports (for example, a browser configured to use it as a SOCKS proxy can then access HTTP, HTTPS, FTP, etc. over the same connection). And like with other proxy servers, it will use the traffic to determine the destination.

Copy key from Ubuntu for future connections

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment