OpenSSH Config
How to integrate NoPorts into your native Linux and macOS ssh configuration
Overview
This guide will help you setup NoPorts in your SSH configuration. Once set up, you will be able to ssh to machines using NoPorts the same way you would for a normal ssh host. As this is integrated with the SSH configuration, it will also work with other applications that support SSH proxying.
Usage
Once you've set up your configuration, you will be able to SSH over NoPorts just like any other host, using your own custom hostnames for devices.
For example, with a device called my_lab:
ssh my_labThe Template
The following is a template for adding an sshnp connection to your ssh config for ease of use:
Host <host>
Hostname localhost
AddKeysToAgent yes
UserKnownHostsFile /dev/null
StrictHostKeyChecking no
IdentityFile ~/.ssh/id_ed25519
ProxyCommand=$(sshnp -f <client> -t <device> -r <srvd> -d <device_name> -u <username> -x 2>/dev/null) -W "%h:%p" -o "StrictHostKeyChecking=no"
ControlMaster auto
ControlPath ~/.ssh/control-%r@%n:%p
You need to replace the values surrounded with <> on lines 1 & 7 with your own values.
host is any valid hostname you would like, this is what you will use to invoke your ssh command, so make sure it's easy to remember and type.
username is the username on the remote machine you wish to login as.
The rest of the values are the normal arguments you would invoke with sshnp, see here for more info.
Example
Host alice_device
Hostname localhost
AddKeysToAgent yes
UserKnownHostsFile /dev/null
StrictHostKeyChecking no
IdentityFile ~/.ssh/id_ed25519
ProxyCommand=$(sshnp -f @alice_client -t @alice_device -r @rv_am -d my_device -u <username> -x 2>/dev/null) -W "%h:%p" -o "StrictHostKeyChecking=no"
ControlMaster auto
ControlPath ~/.ssh/control-%r@%n:%pThis example shows the configuration for the following equivalent sshnp command:
sshnp -f @alice_client -t @alice_device -d my_server -r @rv_amWhen you want to connect to this device, this is what you would type:
ssh alice_devicealice_device maps the the Host alice_device line.
Additional Usage Tips
1. Extending ssh config
You can add any additional ssh config to the file as you normally would, for example a TCP forwarding:
Host my_webdev_server
Hostname localhost
AddKeysToAgent yes
UserKnownHostsFile /dev/null
StrictHostKeyChecking no
IdentityFile ~/.ssh/id_ed25519
LocalForward 8080:0:8080
ProxyCommand=...2. Extending ssh command
You can also add any additional flags to the ssh command, for example a TCP forwarding:
ssh my_webdev_server -L "8080:0:8080"Template Explained
If you want to understand each line of the template, and what it does, read on.
Line 1
<host> is the "nickname" you would use to connect to, e.g. ssh <host>.
Line 2
Line 2 is mandatory due to the nature of how sshnp works, sshnp must connect over the loopback interface where the NoPorts tunnel was created.
Line 3
Tell ssh to automatically add the ssh keys to the agent when we load them (we will load them on line 6)
Line 4
Don't cache the connection to known hosts, since sshnp uses ephemeral ports, it is pointless to do so.
Line 5
Because we are using ephemeral ports, it is useful to suppress strict host key checking.
Line 6
The ssh key you would like to load and authenticate with (this is equivalent to ssh -i).
Line 7
A proxy command, which first executes sshnp to determine the ssh proxy command which will be executed, fill in the arguments on this line as you would normally.
See sshnp Usage to learn more about filling in this line.
Lines 8 & 9
ControlMaster and ControlPath tell ssh to try to reuse existing ssh connections if you start up multiple. This means only the first connection will setup sshnp, the rest of the connections will use the tunnel that is already there!
Last updated