Gentoo Wiki



SSH Basics

Tips & Tricks

Other Gentoo-wiki SSH


Assuming you have autossh installed.

The following will create a port forwarding ssh tunnel between localhost and

When connecting to, the request will be sent to localhost:80. This is good for making a webpage behind a corporate firewall viewable to the outside world.

 autossh -M29001 -f -R 8081:localhost:80
            |     |  |   |      |      |          `---The box we are connecting to.  Must be running sshd.
            |     |  |   |      |      |
            |     |  |   |      |      `--------------The port on localhost we want to access from
            |     |  |   |      |
            |     |  |   |      `---------------------The host where the forward will go, relative 
            |     |  |   |                            to the box initiating the tunnel; i.e., localhost
            |     |  |   |                            means the box where this command is run.
            |     |  |   |
            |     |  |   `----------------------------This is the port listens 
            |     |  |                                on to forward through the tunnel
            |     |  | 
            |     |  `--------------------------------Tells ssh to forward from the remote
            |     |                                   host to the local host
            |     |
            |     `-----------------------------------Causes autossh to drop into the background before execution
            `-----------------------------------------Use this monitoring port (must be above 1024 and not currently in use)

I have found that you need to add a -N to the ssh options also a -q wont hurt.

autossh -M 29001 -q -f -N -R 8081:localhost:80

other wise the -f option complains that it needs a command to fork and will just quit. -N says no command and -q says be quite. Also if you would like to have a special key with no passphrase you can generate one and then use it via the -i option for ssh.

In order for this to work without user interaction, you should have sshkeys controlling your authentication.

Alternative to autossh's own port monitoring

The newer versions of OpenSSH have their own method of checking if the connection is still alive. You can enable this by setting the ServerAliveInterval and ServerAliveCountMax options (either in your ssh_config file or on the command line). For example

autossh -M 0 -q -f -N -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" -R 8081:localhost:80

The above command will make ssh send a keepalive request if no other data has been sent for 60 seconds, if it doesn't receive a reply after 3 attempts it will close the connection. autossh will then detect its been closed and attempt re-establish it.

The "-M 0" option disables autossh's own monitoring which uses separate ports and is less reliable.

Note: this only works with SSH protocol version 2, which is usually enabled by default anyway (because version 1 has security flaws).

HowTo run autossh for port forwarding at boot:


user account on local and remote machine.
the remote machine we ssh to.

Learn how to do a 'ssh public key exchange' for dreadpirateroberts between the localhost and the target_ship. This is so no password needs to be entered interactivly during ssh.

REMEMBER - test your key exchange before you do anything else.


/etc/conf.d/local.start is a file used at startup time to run anything you want. there you put the following line:

# port forwarding with ssh 
echo adding tunnel to target_ship
su dreadpirateroberts -c 'autossh -N -f -M 29001 -R 8081:localhost:80 target_ship' &

Make sure that you put an '&' at the end of the line in local.start. I stress this because if you don't, your computer will hang on this line. (You will get really stressed out when this happens. yes yes - happened to me.)


in dreadpirateroberts' ~/.bash_profile i also added:


be brave and look it up in 'man autossh'

See also

Retrieved from ""

Last modified: Sat, 06 Sep 2008 13:37:00 +0000 Hits: 23,130