LogoLogo
  • NoPorts Documentation
  • Getting Started
  • Installation
    • Quick Start from macOS or Windows
    • Connecting from macOS
      • macOS to macOS
      • macOS to Linux
      • macOS to Windows
    • Connecting from Linux
      • Linux to macOS
      • Linux to Linux
      • Linux to Windows
    • Connecting from Windows
      • Windows to macOS
      • Windows to Linux
      • Windows to Windows
    • Cloud Installation Guides
      • Automated Installation on Amazon Web Services (AWS)
      • Automated Installation on Google Cloud Platform (GCP)
      • Automated Installation on Microsoft Azure
      • Automated Installation on Oracle Cloud Infrastructure (OCI)
    • OpenWrt Installation Guide
    • Manual Installation Guides
      • Device Installation
        • Tmux session
        • Standalone Binaries
        • Systemd Unit
        • Headless
      • Client Installation
    • Custom OS/Device Installs
      • IPFire
    • Installs at Scale
    • Upgrading NoPorts Software
      • NoPorts Client Upgrade
      • NoPorts Daemon Upgrade
    • Available Releases
  • Use Cases
    • SSH
    • SFTP
    • RDP
    • Web Server
    • SMB
    • Be your own VPN
  • Usage
    • npt Usage
    • sshnp Usage
      • Client Additional Configuration
    • sshnpd configuration
      • Daemon Additional Configuration
  • Integrations
    • OpenSSH Config
    • PuTTY config
  • Resources
    • How to activate an atSign
    • Reuse your client atSign on another machine
      • Generate a new set of cryptographic keys
    • How to name a device
    • How to generate SSH keys
    • Why activate the device atSign on the client?
  • Product Information
    • The NoPorts Philosophy
    • NoPorts Desktop Application
    • NoPorts Policy Service
    • Frequently Asked Questions
    • How It Works
    • Under The Hood
    • Sequence Diagram
  • Related Pages
    • Main Site
    • GitHub
Powered by GitBook
On this page
  • Overview
  • Usage
  • The Template
  • Additional Usage Tips
  • Template Explained
Edit on GitHub
Export as PDF
  1. Integrations

OpenSSH Config

How to integrate NoPorts into your native Linux and macOS ssh configuration

Overview

This guide will help you setup NoPorts in your SSH configuration. Once set up, you will be able to ssh to machines using NoPorts the same way you would for a normal ssh host. As this is integrated with the SSH configuration, it will also work with other applications that support SSH proxying.

Usage

Once you've set up your configuration, you will be able to SSH over NoPorts just like any other host, using your own custom hostnames for devices.

For example, with a device called my_lab:

ssh my_lab

The Template

The following is a template for adding an sshnp connection to your ssh config for ease of use:

~/.ssh/config
Host <host>
  Hostname localhost
  AddKeysToAgent yes
  UserKnownHostsFile /dev/null
  StrictHostKeyChecking no
  IdentityFile ~/.ssh/id_ed25519
  ProxyCommand=$(sshnp -f <client> -t <device> -r <srvd> -d <device_name> -u <username> -x 2>/dev/null) -W "%h:%p" -o "StrictHostKeyChecking=no"
  ControlMaster auto
  ControlPath ~/.ssh/control-%r@%n:%p

You need to replace the values surrounded with <> on lines 1 & 7 with your own values.

host is any valid hostname you would like, this is what you will use to invoke your ssh command, so make sure it's easy to remember and type.

username is the username on the remote machine you wish to login as.

Example

Host alice_device
  Hostname localhost
  AddKeysToAgent yes
  UserKnownHostsFile /dev/null
  StrictHostKeyChecking no
  IdentityFile ~/.ssh/id_ed25519
  ProxyCommand=$(sshnp -f @alice_client -t @alice_device -r @rv_am -d my_device -u <username> -x 2>/dev/null) -W "%h:%p" -o "StrictHostKeyChecking=no"
  ControlMaster auto
  ControlPath ~/.ssh/control-%r@%n:%p

This example shows the configuration for the following equivalent sshnp command:

sshnp -f @alice_client -t @alice_device -d my_server -r @rv_am

When you want to connect to this device, this is what you would type:

ssh alice_device

alice_device maps the the Host alice_device line.

Additional Usage Tips

1. Extending ssh config

You can add any additional ssh config to the file as you normally would, for example a TCP forwarding:

~/.ssh/config
Host my_webdev_server
  Hostname localhost
  AddKeysToAgent yes
  UserKnownHostsFile /dev/null
  StrictHostKeyChecking no
  IdentityFile ~/.ssh/id_ed25519
  LocalForward 8080:0:8080
  ProxyCommand=...

2. Extending ssh command

You can also add any additional flags to the ssh command, for example a TCP forwarding:

ssh my_webdev_server -L "8080:0:8080"

Template Explained

If you want to understand each line of the template, and what it does, read on.

Line 1

<host> is the "nickname" you would use to connect to, e.g. ssh <host>.

You can pick anything you want, but you should make sure that this won't clash with other hostnames you might want to connect to.

Line 2

Line 2 is mandatory due to the nature of how sshnp works, sshnp must connect over the loopback interface where the NoPorts tunnel was created.

Line 3

Tell ssh to automatically add the ssh keys to the agent when we load them (we will load them on line 6)

Line 4

Don't cache the connection to known hosts, since sshnp uses ephemeral ports, it is pointless to do so.

Line 5

Because we are using ephemeral ports, it is useful to suppress strict host key checking.

Line 6

The ssh key you would like to load and authenticate with (this is equivalent to ssh -i).

Line 7

A proxy command, which first executes sshnp to determine the ssh proxy command which will be executed, fill in the arguments on this line as you would normally.

See sshnp Usage to learn more about filling in this line.

Lines 8 & 9

ControlMaster and ControlPath tell ssh to try to reuse existing ssh connections if you start up multiple. This means only the first connection will setup sshnp, the rest of the connections will use the tunnel that is already there!

PreviousIntegrationsNextPuTTY config

Last updated 12 days ago

The rest of the values are the normal arguments you would invoke with sshnp, see for more info.

here