_                    _
  ___ | |__   __ _ _______ | |_
 / _ \| '_ \ / _` |_  / _ \| __|
| (_) | | | | (_| |/ / (_) | |_
 \___/|_| |_|\__,_/___\___/ \__|

sshusage, configuration and tips

ssh [options] <host> [command]

COMMAND LINE : - options
  - x forwarding
TUNNEL : - create
  - connect through vpn on ssh tunnel
  - commands
CONFIGURATION : - example
  - control master
SSH KEYS
TODO
SEE ALSO

(back to top)

-f : fork
-L : local forward
-D : dynamic forward
-X : Enable x forwarding. (Does not work on Slackware).
-Y : Enable trusted x forwarding. (Works on debian/Slackware).

(back to top)

Example: This can be used to create a socks proxy for a browser.

ssh -f -D $PORT $SERVER sleep 30000
-D bindaddress:port / port (assumes localhost)
-sleep 30000: keep the connection alive with sleep command

Example: If a SQL Server is only accesible in a different network, a tunnel can be created to access the SQL server through a computer that is accessible from outside that network.

ssh -f -L 127.0.0.1:$PORT:$TARGET_SERVER:$TARGET_PORT $SSH_SERVER_USR@$SSH_SERVER sleep 30000
ssh -f -L 127.0.0.1:1234:SQL_server:1433 user@ssh_server sleep 30000
NOTE: on Microsoft SQL Server Studio use 127.0.0.1,1234

(back to top)

To add configuration options for specific host:

$HOME/.ssh/config
Host hostname
	 [SSH OPTION]

This will always use port 8686 to connect to hostname:

Host hostname
	Port 8686

NOTE: The user needs to have write permissions in the directory where the socket will be created.

Create a persistent connection when connecting to a remote machine. Eg.:

ssh -f remote sleep 30
Host [HOST]
	ControlMaster auto
	ControlPersist yes
	ControlPath [PATH_TO_CONTROL_SOCKET]/%r@%h:%p

The socket can be controlled using -O: ssh -O [stop|exit|cancel|check|forward|proxy] HOST

stop | stop accepting requests.
exit | exit master.
cancel | cancel forwardings.
forward | request forwardings.
proxy | connect to master in proxy mode.

(back to top)

The ssh-key idenfies the machine when connecting to another host.

$ ssh-keygen
- Two files are created: ~/.ssh/id_TYPE and ~/.ssh/id_TYPE.pub.
- Copy the pub key to the host:
$ scp ~/.ssh/id_TYPE.pub USER@HOST:
Copy the contents of the pub key to the authorized keys in the host:
$ ssh USER@HOST
$ cat id_TYPE.pub >> ~/ssh/authorized_keys
$ rm id_TYPE.pub
$ exit
Copy the resulting pub contents to the corresponding Host.

(back to top)

- Review -L.
- Add better examples.
- Translate to Spanish.

(back to top)

OpenBSD manpages: ssh(1), ssh_config(8), sshd_config(8)

(back to top)

2025-10-03 : Created.

(back to top)

ohazot | about | ohazot.com <admin@ohazot.com>

This document applies to: OpenBSD 7.7 linux| 2026-03-25