ssh port forwardin in ssh_config

ernst · 02-03-2010, 09:31 AM

I would like to have a permanent ssh forwarding of the form

ssh -f -N -L9112:localhost:9102 example.org

'man ssh' says that this can be specified in the /etc/ssh/ssh_config
file. I tried this:

Code:

Host example.org
#LocalForward [bind_address:]port host:hostport
LocalForward 9112 example.org:9102

I did expect that with 'service sshd restart' the forwarding will be set up. But it does not. 'man ssh_config' doesn't give examples, so I am not sure what is wrong.

Thanks
Ernst

acid_kewpie · 02-03-2010, 12:47 PM

well restarting SSHD will make no difference in the slightest, as that's the server, and you're trying to modify the client, which is totally unconnected.

The config looks OK to me, add a few -v's to the command line and read the debugging for what it thinks of the config.

evo2 · 02-03-2010, 01:02 PM

I think you just need to actually create the tunnel:

Code:

ssh example.org

And then the tunnel will be created as you specified in the ssh_config (you could also put it in your ~/.ssh/config).
Evo2.

acid_kewpie · 02-03-2010, 01:06 PM

Erm... yeah... you are actually sshing to the remote server right???

ernst · 02-04-2010, 01:31 AM

Good I can see now that restarting the sshd was just wishful thinking.

But won't

Quote:

ssh example.org

just open an ordinary ssh connection
without setting up a port forwarding?
In other words how do I tell the client to set up forwarding using the information from the ssh_config

acid_kewpie · 02-04-2010, 01:34 AM

Erm... that's the point of putting the config in the ssh_config file...

evo2 · 02-04-2010, 02:09 AM

When you "ssh example.org", the line "Host example.org" in your ssh_config will match it and the port forwarding rules you specified will be applied, so that you don't have to explicitly type out "ssh -L 9112:localhost:9102 example.org" to create the tunnel.

Normally I would use a "made up" host name for the "Host" line, otherwise, each time you just want to ssh to example.org ssh will try to create another tunnel.
eg

Code:

Host exampleTunnel
   LocalForward 9112 example.org:9102

Then you can create the tunnel with "ssh exampleTunnel", and if you just want to ssh there as normal you can still do "ssh example.org."

HTH,

Evo2.

AwesomeMachine · 02-04-2010, 03:57 AM

The file:

/home/username/.ssh/config settings will take precedence over /etc/ssh/ssh_config.

routers · 02-04-2010, 10:14 PM

Quote:

I would like to have a permanent ssh forwarding of the form

ssh -f -N -L9112:localhost:9102 example.org

instead of doing in sshd_config here is the easy way which is
you need to define sleep mode

Code:

ssh -f user@remote.org  -N  -L9112:localhost:9102  sleep 365d

this will keep your connection for 1 years

ernst · 02-07-2010, 04:53 AM

Thank you everyone,
My confusion is easing a little.
I did like the tip

Quote:

Normally I would use a "made up" host name

will remember that one.
I will also try the

Quote:

sleep 365d

Actually I use this to use bacula.org for backups. It uses port 9101, 9102 and 9103.
Rather than opening the firewall I try to tunnel through ssh. Although I can now establish those forwardings it seems to be rather fragile. Like after about 1GB I get:

Quote:

JobId 232: Fatal error: append.c:243 Network error on data channel. ERR=No data available