I use ssh all day all the time. But usually it is pretty standard login, shared keys and move into my tmux session. Other times its using a saved command to open a tunnel and doing some port forwards. Today and the last couple days I have started to fill in some of the bits and pieces to really configure ssh. That and I want to use ansible more to make my life easier, which of course leverages ssh quite a bit to get the job done. **SSH config — Tunnels!**I have this really long command string that I was pasting into a shell. It was a hassle but I had it wired up to Alfred so it was not that big of a deal. I have a feeling a number of commands that I had wired up to alfred are also going to become ansible playbook or tasks in the near future. However that is a topic for later. Lets take my ssh tunnel command here ssh -L 9906:10.0.0.1:3306 -L 9907:10.0.0.1:3307 -L 9909:10.0.0.4:3309 coolio@database.example.com -p 4444 Then with the config it gets truncated down to OR go a step further and connect it just for the ports with -N, and backgrounded with -f ssh tunnel-face ssh -f -N tunnel-face -N Do not execute a remote command. This is useful for just forwarding ports.-f Requests ssh to go to background just before command execution. Then the ssh config looks like this Host tunnel-face HostName database.example.com Port 4444 IdentityFile ~/.ssh/coolio.example.key LocalForward 9906 10.0.0.1:3306 LocalForward 9907 10.0.0.1:3307 LocalForward 9909 10.0.0.4:3309 User coolio _If you’re anything like me, you probably log in and out of a half dozen remote servers (or these days, local virtual…_nerderati.com Simplify Your Life With an SSH Config File | Nerderati Why have one when many are better. Next I want to speed up my ssh sessions because fast is better. That and make sure that the ssh multiplex doesn’t stay alive too long. There is a big difference between 10 min and a persistent multiplex. This connection is also going to be used as a bastion host so it is a great case to use the multiplex. This is done through the controlMaster and controlPersist params. Now the ssh config is going to look a bit longer. Multiplexing Host tunnel-face HostName database.example.com Port 4444 IdentityFile ~/.ssh/coolio.example.key ControlMaster auto ControlPersist 10m LocalForward 9906 10.0.0.1:3306 LocalForward 9907 10.0.0.1:3307 LocalForward 9909 10.0.0.4:3309 User coolio _In this post, I’m going to discuss how to configure and use SSH multiplexing. This is yet another aspect of Secure…_blog.scottlowe.org Using SSH Multiplexing — Scott’s Weblog — The weblog of an IT pro specializing in virtualization… noun: Fortification. a projecting portion of a rampart or fortification. I use this host for 2 different kinds of access. The first is a pivot box with a tmux and active sessions, making my life a little lazier because I don’t need to fire up all the connections every time on login. However a different way to do this is to use it like a bastion server and spool up those connections locally and then tunnel them through the host. Different use cases for different tasks. Either way it allows all ssh connection through that single port and therefore I have less open ports on the firewall. Less open ports is better. The tricky part is the reuse of bastion entry in the config and then linking the right keys to the right locations. Much like object oriented programming but from a configuration standpoint.My config now becomes this. Bastion Host bastion IdentityFile ~/.ssh/id_rsa host internal-test IdentityFile ~/.ssh/internal_key ProxyCommand ssh user1@bastion -p 3322 -W 10.0.0.1:22 User user2 I can connect to the internal host through the bastion host like this We are going to reuse the ssh key from the bastion stanza which will then connect to the internal-test using the internal key and user2. I know that may look a little confusing but just think it through a few times and it will make sense I promise. ssh internal-test **The end.**Thats it! That is my saturday morning journey through some bits of ssh. Thank you to the folks who have written about this before and I tried to cite all the articles I read about it Links links _If you’re anything like me, you probably log in and out of a half dozen remote servers (or these days, local virtual…_nerderati.com Simplify Your Life With an SSH Config File | Nerderati _In this post, I’m going to discuss how to configure and use SSH multiplexing. This is yet another aspect of Secure…_blog.scottlowe.org Using SSH Multiplexing — Scott’s Weblog — The weblog of an IT pro specializing in virtualization… _An advantage with SSH multiplexing is that the overhead of creating new TCP connections is eliminated. The overall…_en.wikibooks.org OpenSSH/Cookbook/Multiplexing — Wikibooks, open books for an open world / http://blog.scottlowe.org/2015/11/21/using-ssh-bastion-host _Edit description_man.openbsd.org ssh(1) — OpenBSD manual pages _SSH(1) FreeBSD General Commands Manual SSH(1) NAME ssh — OpenSSH SSH client (remote login program)SYNOPSIS ssh …_www.freebsd.org ssh(1)

Different

SSH tunnels multiplexing and bastions oh my!

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Untitled Story

Arduino, Meet Splunk

The Noonification: How to Deal With Flapping or Broken Tests (11/29/2023)

The Noonification: Delving Into OpenTelemetry Collector (11/18/2023)

The Noonification: How to Implement a Merkle Tree in Solidity (11/12/2023)

105 Stories To Learn About K8s

Arduino, Meet Splunk

The Noonification: How to Deal With Flapping or Broken Tests (11/29/2023)

The Noonification: Delving Into OpenTelemetry Collector (11/18/2023)

The Noonification: How to Implement a Merkle Tree in Solidity (11/12/2023)

105 Stories To Learn About K8s

Light-Mode

Classic

Newspaper

Dark-Mode

Neon Noir

Minty

HN StartUps