ssh oneliners
April 8th, 2008 Posted in LinuxSome handy commands to remember when you really need to abuse ssh.
ssh -X remotehost # yawn. X forwarding through ssh.
ssh -Y remotehost # trusted X forwarding through ssh. Still yawn, let’s do something fun.
ssh -D2222 remotehost # This is okay. This command sets up a SOCKS proxy on port 2222 which can be used with firefox (and Internet Explorer if you really hate yourself) to avoid office internet filters…. not that I condone such anti-social behavior.
ssh -L 3306:database.example.net:3306 # okay, now we’re getting interesting. This generates an ssh tunnel between your machine and the remote box on port 3306. This works for connecting to remote mysql instances when firewalls would ordinarily interfere. Simply point your mysql client to localhost:3306 and you’re off and running. This can also be applied to other applications as well. A slight modification, and you get the string below:
ssh -L3389:remote.win2k3.server:3389 user@remote.linux.box # This command is a variation on the command above, allowing us to connect to those unsightly windows machines via rdesktop for remote administration. Best of all, we do this without opening up the remote desktop ports to the outside world. Remember folks, that windows code is expensive, you have to keep your precious little snowflakes safe after all.
With the commands above, you can alternatively add -f , if you want ssh to go to the background after the authentication portion is handled. Otherwise it’ll just leave you sitting at a remote shell prompt. If you wanted to add a built-in self-destruct, you could add ’sleep 30′ after the ssh command strings above. This tells ssh to exit after 30 seconds if nothing has made a connection via the tunnel created.
ssh -nNT -R 2222:localbox:2222 remotebox # This command lets you create a reverse ssh tunnel, so that if you connect to remotebox:2222, you’ll be connected to the local machine on port 2222 also. This is useful when you really want to go home at night, but your boss demands you keep working. This way, you each get what you want, and you can avoid the firewall your office employs to keep folks from remotely connecting to…well, if you’re using this, you don’t really care. 
Crap, what if I already have an ssh session open, but I forgot to create the tunnel? Not to worry, there are escape keys to rescue you. Operating a little like screen, ~C will open an ssh command prompt so that you can start or stop tunnels as needed. It’ll look a bit like the one below:
[jperrin@server ~]$
ssh> help
Commands:
-Lport:host:hostport Request local forward
-Rport:host:hostport Request remote forward
-KRhostport Cancel remote forward
As always, we’re just scratching the surface of what ssh can do, so if you want more information, fire up ‘man ssh’ in your favorite terminal and sit down for a good read.
2 Responses to “ssh oneliners”
By Gerard Braad on Apr 16, 2008
This is the following of what I do:
ssh -D 8080 -f -C -q -N [username]@[ssh server]
-D 8080 : This basically does a lot of dynamic stuff and makes it behave as a SOCKS server. Of course you could use any non privileged port here (above 1023).
-f : This will fork the process into the background after you type your password.
-C : Turns on compression.
-q : Quiet mode. Since this is just a tunnel we can make it quiet.
-N : Tells it no commands will be sent. (the -f will complain if we donÂ’t specify this)
In firefox use about:config and configure the following entries
network.proxy.no_proxies_on : localhost, 127.0.0.1, 192.168.0.0/24, .[companydomain.com]
network.proxy.socks : 127.0.0.1
network.proxy.socks_port : 8080
network.proxy.socks.remote_dns : true
network.proxy.socks_version : 5
network.proxy.type : 1
Especially remote_dns is a good thing, else your DNS requests will still be on the local DNS servers.
[Reply]
By jperrin on Apr 16, 2008
good stuff! Thanks for the firefox updates and additional details.
[Reply]