You often hear the phrase “the swiss knife of …”. Well, for networking, OpenSSH clearly deserves that title in my opinion. Besides the obvious feature of providing secure logins with different options for mutual authentication, it can also be used to transfer files. It is also a core component of software like git, which depend on ssh to securely push changes instead of reinventing their own server and dealing with the whole authentication/authorization stuff once again.
I’ve blogged about using SSH to access hosts behind a firewall/router more conveniently, and I really suggest you sit down and read the manpage front-to-back, it will probably be rewarding for your current workflow.
Reusing a connection
Anyway, today I wanted to present another advanced feature, one I only stumbled upon while learning for an upcoming exam. The slides mentioned the possibility to share connections on one SSH-channel (to the same destination, obviously). Now, why do you need more than one connection in the first place? Well, sometimes you just need the space, and using screen just doesn’t cut it. Or you use git or scp to the same host you’re logged in already interactively. In that case, you just have to establish one connection and any further connection will use the first one. The benefit? Login is way faster, almost instantly, because the whole handshake and authentication doesn’t have to take place again. The caveat: You’ll have to close your master-connection last, otherwise the other connections will drop too. For me that’s no problem, since the host I use most of the time is also the host I’ve got a session open with 24/7 (IRC).
I’m just gonna show the fully automated version here, though you can use it manually as well, just when you need it. A better description can be found here. To automate it, put this in your ~/.ssh/config (you don’t have a config yet? shocking!):
ControlMaster auto<br />
ControlPath /tmp/%r@%h:%pAs usual, you can put it at the very top to apply for all hosts or you can activate it for specific hosts by putting below a Host declaration. Now all you have to do is use ssh host as usual. You’ll see it’s working when you terminate the connection:
Shared connection to host.de closed.
Yes, you can tunnel with OpenSSH. You can even have it act as a SOCKS proxy, which is really neat when combined with Firefox-plugins like FoxyProxy. But you can also reverse-tunnel your way out of a closed network (or NATed network for that matter) when you don’t have access to any intermediate host (like the router/firewall). It’s easy:
ssh -NR 12345:localhost:22 home.deThis assumes you’re issuing the command from the machine that you want to access (from home) later on. It will bind the port 12345 on home.de so that it is forwarded to port 22 (SSH) on the local host. Yeah, it requires some reverse thinking too to get it right ;) The -N-switch prevents a login, by the way. Obviously it is of little use if your home.de has a flaky dialup connection, so you might want to reverse-tunnel to a stable endpoint (or use something like autossh).