OpenSSH Config

Overview

This guide will help you setup NoPorts in your SSH configuration. Once set up, you will be able to ssh to machines using NoPorts the same way you would for a normal ssh host. As this is integrated with the SSH configuration, it will also work with other applications that support SSH proxying.

Usage

Once you've set up your configuration, you will be able to SSH over NoPorts just like any other host, using your own custom hostnames for devices.

For example, with a device called my_lab:

ssh my_lab

The Template

The following is a template for adding an sshnp connection to your ssh config for ease of use:

Host <host>
  Hostname localhost
  AddKeysToAgent yes
  UserKnownHostsFile /dev/null
  StrictHostKeyChecking no
  IdentityFile ~/.ssh/id_ed25519
  ProxyCommand=$(sshnp -f <client> -t <device> -r <srvd> -d <device_name> -u <username> -x 2>/dev/null) -W "%h:%p" -o "StrictHostKeyChecking=no"
  ControlMaster auto
  ControlPath ~/.ssh/control-%r@%n:%p

You need to replace the values surrounded with <> on lines 1 & 7 with your own values.

host is any valid hostname you would like, this is what you will use to invoke your ssh command, so make sure it's easy to remember and type.

username is the username on the remote machine you wish to login as.

Example

Host alice_device
  Hostname localhost
  AddKeysToAgent yes
  UserKnownHostsFile /dev/null
  StrictHostKeyChecking no
  IdentityFile ~/.ssh/id_ed25519
  ProxyCommand=$(sshnp -f @alice_client -t @alice_device -r @rv_am -d my_device -u <username> -x 2>/dev/null) -W "%h:%p" -o "StrictHostKeyChecking=no"
  ControlMaster auto
  ControlPath ~/.ssh/control-%r@%n:%p

This example shows the configuration for the following equivalent sshnp command:

sshnp -f @alice_client -t @alice_device -d my_server -r @rv_am

When you want to connect to this device, this is what you would type:

ssh alice_device

alice_device maps the the Host alice_device line.

Additional Usage Tips

1. Extending ssh config

You can add any additional ssh config to the file as you normally would, for example a TCP forwarding:

Host my_webdev_server
  Hostname localhost
  AddKeysToAgent yes
  UserKnownHostsFile /dev/null
  StrictHostKeyChecking no
  IdentityFile ~/.ssh/id_ed25519
  LocalForward 8080:0:8080
  ProxyCommand=...

2. Extending ssh command

You can also add any additional flags to the ssh command, for example a TCP forwarding:

ssh my_webdev_server -L "8080:0:8080"

Template Explained

If you want to understand each line of the template, and what it does, read on.

Line 1

<host> is the "nickname" you would use to connect to, e.g. ssh <host>.

Line 2

Line 2 is mandatory due to the nature of how sshnp works, sshnp must connect over the loopback interface where the NoPorts tunnel was created.

Line 3

Tell ssh to automatically add the ssh keys to the agent when we load them (we will load them on line 6)

Line 4

Don't cache the connection to known hosts, since sshnp uses ephemeral ports, it is pointless to do so.

Line 5

Because we are using ephemeral ports, it is useful to suppress strict host key checking.

Line 6

The ssh key you would like to load and authenticate with (this is equivalent to ssh -i).

Line 7

A proxy command, which first executes sshnp to determine the ssh proxy command which will be executed, fill in the arguments on this line as you would normally.

See sshnp Usage to learn more about filling in this line.

Lines 8 & 9

ControlMaster and ControlPath tell ssh to try to reuse existing ssh connections if you start up multiple. This means only the first connection will setup sshnp, the rest of the connections will use the tunnel that is already there!