Skip to content

SSH Tricks

Here are some useful SSH tricks for accessing your VM.

The commands below assume that the SSH public key on your personal machine has already been copied to two places:

  1. the ~/.ssh/authorized_keys file in your CSC home directory
  2. the ~/.ssh/authorized_keys file of the default user in your VM

Note

If you are having trouble with any of the commands below, please don't hesitate to ask the Systems Committee for assistance.

Most of the "tricks" below require ProxyJump to have been setup, so we suggest reading that first.

ProxyJump

To avoid having to manually SSH to a CSC machine before SSH'ing to your VM, you can use the ProxyJump directive. For example, let's say your VM's IP address is 172.19.134.121, and you want to use corn-syrup as a jump host.

Add a snippet similar to the following in your ~/.ssh/config (on your personal machine): 

Host corn-syrup
    HostName corn-syrup.csclub.uwaterloo.ca
    # Replace this with your username
    User ctdalek
Host ctdalek-vm1
    # Replace this with the IP address of your VM
    HostName 172.19.134.121
    ProxyJump corn-syrup
    # Replace this with the default user in your VM
    User debian

Now you can connect to your VM by running 

ssh ctdalek-vm1

Note

If the name of your SSH key is not one of the default names (e.g. id_rsa, id_ed25519), you may also need to specify the IdentityFile option.

Port forwarding

Let's say you have a process bound to localhost:8000 in your VM, and you'd like to access it from your personal machine. Then you just need to run the following: 

ssh -L 8000:localhost:8000 ctdalek-vm1
This will forward requests to localhost:8000 on your personal machine to localhost:8000 on your VM.

If you want to fork the process to the background, here's one way to do it: 

ssh -L 8000:localhost:8000 -CNfq ctdalek-vm1
Explanation:

  • -C: compress (saves bandwidth)
  • -N: don't execute a command on the server
  • -f: fork the SSH process to the background
  • -q: quiet (silences output)

Reverse port forwarding

Let's say you have a process bound to localhost:8000 on your personal machine, and you'd like to access it from your VM. Instead of using -L, you want to use -R instead: 

ssh -R 8000:localhost:8000 -CNfq ctdalek-vm1
This will forward requests to localhost:8000 in the VM to localhost:8000 on your personal machine.

SOCKS proxy

You probably won't need this one, but it's good to know. This basically allows you to use a CSC machine as a proxy for all of your Internet traffic for a particular application. It's useful when you need to access a website which is only available from the campus network.

First, let's run a SOCKS proxy on e.g. localhost:8132: 

ssh -D 8132 -CNfq corn-syrup
You now need to configure your application to use the proxy. For example, in Firefox, you can do the following:

  • Visit about:preferences in the URL bar
  • Scroll to the bottom, and click the Settings button under 'Network Settings'
  • Select 'Manual proxy configuration'
  • Enter 'localhost' as the SOCKS Host, and 8132 for the port. Also make sure 'SOCKS v5' is selected.

After pressing 'OK', you should now be able to visit websites using a campus IP address.