SSH Hacks

1 minute read

This article provides information on issues related to the secure shell (ssh) including:

  1. using ssh with a jumpserver,
  2. speeding up ssh-connection using multiplexing.

Network Topology

The hosts in the inner network (web01, postgres01) are only accessible through a firewalled gateway. Any direct access to these hosts is blocked.

 yourpc   ---   gate01   ---  web01  
                         \--  postgres01

SSH Forwarding

SSH forwarding allows you to connect a port on your computer to any port accessible from the gateway. Example: You want to connect the postgres port (5432) on postgres01 to port 2000 on your computer

ssh user@gate01 -L 2000:postgres01:5432

Any request to localhost:2000 on localhost will now be forwarded to postgres01 port 5432.

File Transfer

To transfer a file from yourpc to web01 you’ve to open a tunnel between yourpc and the ssh-server of web01

ssh user@gate01 -L 2000:web01:22

Afterwards you can copy your file to web01 using scp (by connecting to port 2000 on your machine):

scp -P 2000 myfile user@localhost

Agent forwarding

If you use ssh-key based authentication (recommended) you can forward your ssh-key through gate01 using ssh -A

 ssh -A user@gate01
 ssh -A user@web01

SSH Multiplexing

SSH multiplexing speeds up multiple connections to remote hosts by re-using the existing connection. To use SSH multiplexing put the following lines in your ~/.ssh/config file:

 Host *  
   ControlMaster auto   
   ControlPath /tmp/%r@%h:%p


Problem: X11 Forwarding does not work for localhost (xterm Xt error: Can’t open display; xterm: DISPLAY is not set) and the message error: Failed to allocate internet-domain X11 display socket. in /var/log/auth.log.


  1. disable IPv6 for ssh (start sshd with the -4 option) by adding SSHD_OPTS=-4 to /etc/default/ssh in Ubuntu.
  2. ensure that there is a valid entry for localhost in /etc/hosts       localhost