Linux

If you forgot to put in your string of -L and -R and -D port forwards with ssh: ie: ssh -L 54321:localhost:443 root@mysshserver.com . Dont worry, you can launch them while your in your ssh session (doing it live!). But only If you use “ssh” as your client (not sure if it will work with putty) you can do this.

SUMMARY: only possible with ssh program (not putty – maybe its possible with putty just not with regular options). From Man Page we see ~C gets us to ssh command mode. First Type SHIFT-~ (to get ssh to listen to special escaped ssh commands) and then SHIFT-c (to get the capital C, I do it without letting go of shift until after I press the C). This gets it into a special ssh command prompt that looks like this ssh> . Now type ? or help to see the format of the different commands you can type. And start stringing your -L and -R and -D commands. i.e.-L 54321:localhost:443  but it will look like this in the prompt ssh> -L 54321:localhost:443 (because ssh>  is the prompt so of course it will look like that). Here is the command:

#
ssh> ?
Commands:
      -L[bind_address:]port:host:hostport    Request local forward
      -R[bind_address:]port:host:hostport    Request remote forward
      -D[bind_address:]port                  Request dynamic forward
      -KL[bind_address:]port                 Cancel local forward
      -KR[bind_address:]port                 Cancel remote forward
      -KD[bind_address:]port                 Cancel dynamic forward

To check out your list of port forwards. SHIFT-~ and then SHIFT-3 (to get the # key). This will list your port forwards like so (this one I used -L 30003:localhost:443 )

#
The following connections are open:
  #0 client-session (t4 r0 i0/0 o0/0 fd 4/5 cc -1)
  #5 direct-tcpip: listening port 30003 for localhost port 443, connect from ::1 port 58838 to ::1 port 30003 (t4 r3 i3/0 o0/0 fd 11/11 cc -1)

Now to cancel this port forward you would type SHIFT-~ and then SHIFT-c (to get the capital C) which gets you to the ssh prompt. Now type this to cancel -KL 30003 of course you will see this because its a prompt ssh> -KL 30003

NOTE: With default options I cant get putty to do this, after all putty client is not ssh client.

NOTE: with putty you can setup port forwards while your session is running, thru the GUI, but not with the keyboard.

NOTE: even though this doesnt work with putty, it will work with ssh program provided by cygwin (the regular openssh ssh client program)

NOTE: ~ is literally the tilde character. So to get ~C you press in SHIFT (dont let go) and hit ` (tick mark, which is the tilde when shift is held) and then c (which is the capital C with shift held. dur..)

A list of all of the ESCAPE CHARACTER options (From the FreeBSD ssh man page):

ESCAPE CHARACTERS
     When a pseudo-terminal has	been requested,	ssh supports a number of func-
     tions through the use of an escape	character.

     A single tilde character can be sent as ~~	or by following	the tilde by a
     character other than those	described below.  The escape character must
     always follow a newline to	be interpreted as special.  The	escape charac-
     ter can be	changed	in configuration files using the EscapeChar configura-
     tion directive or on the command line by the -e option.

     The supported escapes (assuming the default `~') are:

     ~.	     Disconnect.

     ~^Z     Background	ssh.

     ~#	     List forwarded connections.

     ~&	     Background	ssh at logout when waiting for forwarded connection /
	     X11 sessions to terminate.

     ~?	     Display a list of escape characters.

     ~B	     Send a BREAK to the remote	system (only useful for	SSH protocol
	     version 2 and if the peer supports	it).

     ~C	     Open command line.	 Currently this	allows the addition of port
	     forwardings using the -L, -R and -D options (see above).  It also
	     allows the	cancellation of	existing port-forwardings with
	     -KL[bind_address:]port for	local, -KR[bind_address:]port for
	     remote and	-KD[bind_address:]port for dynamic port-forwardings.
	     !command allows the user to execute a local command if the
	     PermitLocalCommand	option is enabled in ssh_config(5).  Basic
	     help is available,	using the -h option.

     ~R	     Request rekeying of the connection	(only useful for SSH protocol
	     version 2 and if the peer supports	it).

     ~V	     Decrease the verbosity (LogLevel) when errors are being written
	     to	stderr.

     ~v	     Increase the verbosity (LogLevel) when errors are being written
	     to	stderr.

So when your in an ssh session press

~C and then you will see an ssh prompt ssh>   and then type your forwarding command per these rules (to list these rules type ?  enter)

Commands:
      -L[bind_address:]port:host:hostport    Request local forward
      -R[bind_address:]port:host:hostport    Request remote forward
      -D[bind_address:]port                  Request dynamic forward
      -KL[bind_address:]port                 Cancel local forward
      -KR[bind_address:]port                 Cancel remote forward
      -KD[bind_address:]port                 Cancel dynamic forward

So for example I want to locally forward 54321 on this local windows PC (using ssh in cygwin) to port 443 on the SSH server:

Type:

-L 54321:localhost:443

So that you see:

ssh> -L 54321:localhost:443

Then hit Enter and now you should have that port forward setup. So go to your browser and type “localhost:54321” and you will access the 443 webserver on the ssh server.

To cancel your prompt get back to the ssh prompt and type ssh> -KL 54321

Sidenote: if you specified the bind_address with your portfowards like so ssh> -L localhost:54321:localhost:443 , then you will have to kill it like this ssh> -KL localhost:54321 . Note I think by default (if you dont specify that bind_address) the bind interface is all interfaces *:54321:localhost:443  (meaning all interfaces can connect to 54321).

Leave a Reply

Your email address will not be published. Required fields are marked *