Cheatsheet

sish usage reference

More info about forwarding types

Remote forward SSH tunnels #

Full example:

 1ssh -R subdomain:80:localhost:3000 tuns.sh
 2#  |__|
 3# remote forward
 4
 5ssh -R subdomain:80:localhost:3000 tuns.sh
 6#     |_________|
 7#   subdomain.tuns.sh
 8
 9ssh -R subdomain:80:localhost:3000 tuns.sh
10#                  |______________|
11#                  local web server

Dropping the subdomain:

1ssh -R 80:localhost:3000 tuns.sh
2#     |__|
3# autogenerated.tuns.sh
4# access local server over http (443 for https)
5
6ssh -R 80:localhost:3000 tuns.sh
7#        |______________|
8# local web server over http

Local forward SSH tunnels #

Given remote forward to subdomain.tuns.sh:80

 1ssh -L 3000:subdomain:80 tuns.sh
 2#  |__|
 3# local forward
 4
 5ssh -L 3000:subdomain:80 tuns.sh
 6#     |____|
 7# access tunnel at localhost:3000 
 8
 9ssh -L 3000:subdomain:80 tuns.sh
10#          |____________|
11#       subdomain.tuns.sh:80

HTTPS public access #

More info

  • Eric has a web server running on localhost:3000
  • Eric wants to share with anyone
  • Tony wants to access it

Eric sets up remote forward:

1ssh -R 80:localhost:3000 tuns.sh

HTTPS private access #

  • Eric has a web server running on localhost:3000
  • Eric only wants to share with Tony
  • Tony wants to access it

Tony provides Eric with pubkey fingerprint:

1ssh-keygen -lf ~/.ssh/id_ed25519
2256 SHA256:4vNGm4xvuVxYbaIE5JX1KgTgncaF3x3w2lk+JMLOfd8 your_email@example.com (ED25519)

Eric sets up remote forward using Tony's fingerprint:

1ssh -R private:3000:localhost:3000 tuns.sh tcp-aliases-allowed-users=SHA256:4vNGm4xvuVxYbaIE5JX1KgTgncaF3x3w2lk+JMLOfd8

Tony sets up local forward:

1ssh -L 3000:private:3000 tuns.sh

Tony can access site at http://localhost:3000

Websocket #

Same method as HTTPS public access.

TCP public access #

Expose SSH to the world

1ssh -R 2222:localhost:22 tuns.sh

I can use the forwarded connection to then access my laptop from anywhere:

1ssh -p 2222 tuns.sh

TCP private access #

For example if you want to use netcat to send files between computers.

Setup a TCP alias

Setting a deadline for a tunnel #

You can set a deadline for a tunnel after which the connection will automatically close.

The deadline can be relative:

1ssh -R 80:localhost:3000 tuns.sh deadline=15m

Or it can be provided as an absolute ISO-8601 time string:

1ssh -R 80:localhost:3000 tuns.sh deadline=2025-03-10T15:19:22
2ssh -R 80:localhost:3000 tuns.sh deadline=2025-03-10T15:19:22Z
3ssh -R 80:localhost:3000 tuns.sh deadline=2025-03-10T15:19:22-07:00

Or as an absolute Unix epoch value:

1ssh -R 80:localhost:3000 tuns.sh deadline=1741614000
<< PREV
Forwarding Types
NEXT >>
CLI

Built by Antonio Mika