SSH: tunnel without shell on ssh server

I have to set up a tunnel between two hosts.

For this I use ssh in this way:

ssh -L MY_LOCAL_PORT:FOREIGN_ADDRESS:FOREIGN_PORT MYUSER@SSH_SERVER

after that, I log in to my SSH_SERVER.

How can I avoid this feature?!
I have only to set up a tunnel. I don’t have to login into my SSH_SERVER…

I’ve tried the -N option, but it kept my shell busy.

Asked By: Bau Miao

||

As said in other posts, if you don’t want a prompt on the remote host, you must use the -N option of SSH. But this just keeps SSH running without having a prompt, and the shell busy.

You just need to put the SSH’ing as a background task with the & sign :

ssh -N -L 8080:ww.xx.yy.zz:80 user@server &

This will launch the ssh tunnelling in the background.
But some messages may appear, especially when you try to connect to a non-listening port (if you server apache is not launched). To avoid these messages to spawn in your shell while doing other stuff, you may redirect STDOUT/STDERR to the big void :

ssh -N -L 8080:ww.xx.yy.zz:80 user@server >/dev/null 2>&1 & 

Have fun with SSH.

Answered By: Adrien M.

-f -N is what you are looking for:

ssh -f -N -L MY_LOCAL_PORT:FOREIGN_ADDRESS:FOREIGN_PORT MYUSER@SSH_SERVER

From the ssh man page:

-f Requests ssh to go to background just before command execution. This is useful if ssh is going to ask for passwords or
passphrases, but the user wants it in the background. This implies -n.

-N Do not execute a remote command. This is useful for just forwarding ports (protocol version 2 only).

-n Redirects stdin from /dev/null (actually, prevents reading from stdin). This must be used when ssh is run in the background.

Answered By: neu242

This is my experience of using ssh for connecting a computer without static ip address from a remote computer.This is required to manage projects in server (serving in LAN) with no static ip to use

Requirement for setup and demo:

  • Linux in with an ssh server with static IP ( call it boss.com )
  • Linux in with an ssh/web server with no static IP. (call it target)
  • Linux / Android phone with JuiceSSH

Ensure the following is in /etc/ssh/sshd_config:
GatewayPorts yes

Run following in target computer to use boss.com:1008 as web address for target

ssh -R 1008:127.0.0.1:80 root@boss.com

Now you can excess target web server as boot.com:1008 from any device (try with browser from your mobile device)

Run following in target computer to connect target computer via ssh(at 2048 port)

ssh -R 1008:127.0.0.1:2048 root@boss.com

Now you can excess target computer with following command

ssh root@boss.com:1008

Or use JuiceSSH from android phone to test

Accessing server with root password is not good idea.

Create user mytunnel in boss.com
replace root with mytunnel in above examples

Lastly do following to ensure that mytunnel user can do only tunneling work via boss.com

  • in /etc/passwd in boss.com, replace shell of mytunnel from /bin/bash to /bin/false

  • add -f -N in above commands
    ssh -f -N -R 1008:127.0.0.1:80 root@boss.com
    ssh -f -N -R 1008:127.0.0.1:2048 root@boss.com

  • Now, user mytunnel can use only ssh-tunnel functionality from server

Answered By: ShaileshKumarMPatel
Categories: Answers Tags: ,
Answers are sorted by their score. The answer accepted by the question owner as the best is marked with
at the top-right corner.