Neat ssh tricks

I saw a very concise article on ssh tricks here. I would highly suggest that you read the comments as they include a lot of stuff not covered in the original article or supplements it.

While you are at it, the same author has written a follow up to this article that explains how to bypass firewalls via tunneling.

Also want to mention a few tricks I learned today...

If you want to forward your X sessions from remote host to your local pc, use X
ssh -X '/usr/bin/gaim'
will run gaim on the target but will display it on your screen

If you find your ssh session timing out after 2 mins of inactivity (this is a security feature) and want to increase the time-out period, just add the following line into the /etc/ssh/sshd_config file on the target server:
# Sets time out to 10 mins
ClientAliveInterval 600
Let's say you are on a firewalled host X. Assuming you can create a reverse tunnel (aka. Remote Port Forwarding or Incoming tunnel) to your target homeServerY using this:
ssh -N -R:2222:localhost:22 Y
You can use that tunnel to access back to X from Y by typing the following on your homeServerY:
ssh -p 2222
Read more below for further information...

Corkscrew is a simple tool to tunnel tcp connections via http proxy and is also very easy to configure. You just enter your http proxy like this into your .ssh/config file:
ProxyCommand corkscrew your.http.proxyserver 8080 %h %p
Let's say SSH Daemon is running on port 443 on the target host. Instead of typing
ssh -p 443 or scp -P 443 everytime, just place it into config file ~/.ssh/config so that your config file would look like:
host targetServer
User username
Port 443
ProxyCommand corkscrew your.http.proxyserver 8080 %h %p
Now, assume a scenario where you have two servers, X, Y. X is able to ssh into Y using let's say port 443. However, X is behind a firewall and can not be accessed from outside. In this case, you may use ReverseTunneling,
ssh -N -p 443 -R:2222:localhost:22 Y
-N means do not execute a command. Useful for port forwarding. Also checkout -n.
-p is telling X how to connect to Y
-R and the port after it means use that port on the remote machine. Then, localhost:22 means forward anything that comes to 2222 to 22 on the local box, X. We chose a port >1024 as anything less would mean privileged port. ie. root access required.

Now, you can configure ~/.ssh/config file on Y
host X
HostName localhost
User username
Port 2222
So now you can use ssh X, to connect to it from Y. Essentially, you are connecting to your Y's port 2222 which gets redirected to X's port 22

Remember, once you close the connection, reverse tunnel will disappear. If you do not want this, you can create a simple shell script:
while [ true ];
do ssh -C -N -L 2222:localhost:22 Y
In this scenario, let's assume that you have a home NAT where
your windows ip:
your linux ip:
your router's ip:

Let's also assume that your Router is forwarding port 22 traffic to your Linux box and you can access it from internet using ssh (you are on machine X).

If you want to rdesktop to your windows box from your linux box using rdesktop, you can first create a tunnel on machine X:
ssh -N -L 3389:

(add -p port# if you are not using standard SSH port of 22)
Then on X, simply run:
rdesktop localhost
Your windows box at should answer with logon screen...
Of course it does not hurt if you add a few useful params to, for example, make it 1024x768 with 16 bit:
rdesktop -a 16 -g 1024x768 localhost
Som what's happening here? Our target ip is which, because of the port forwarding, will take us to our linux box ( and establish an SSH session.
Then, we are essentially telling our linux box to forward all requests we sent to our local rdp port 3389 to the rdp port 3389 of windows box.

No comments: