I currently use bash/zsh aliases to simplify setting up tunnels to our database servers.

In an article in the Linux Magazin I read about boring.

The tool looked nice as it allows a well readable config file and opening the tunnels in the background.

As boring (or rather its ssh_config library) does not support Match in the ssh config, it is no real solution for me.

Luckily I read ssh itself can do the job quite well without 3rd party tool!

The following config works as follows:

  • Servernames
    • jumphost.example.com is the publicly available SSH server to access the datacenter network
    • tunnel.example.com is the SSH server within the datasenter who is allowed to connect to the database servers
    • server0.example.com & server1.example.com are the database servers
  • Aliases
    These aliases help to create the tunnels by only knowing the remote server name or local port number.
    Due to the multiple sessions over one connection using Control..., the aliases are idempotent and can even be executed without error if the tunnel is already open
    • ssh pg5440 and ssh pgserver0 creates a tunnel from the local port 5440 to server0:5432
    • ssh pg5441 and ssh pgserver1 creates a tunnel from the local port 5441 to server1:5432
  • ControlPersist 5m keeps a tunnel open for 5 minutes without usage, afterwards it will be closed automatically

Example .ssh/config:

Host pg*
    Hostname tunnel.example.com # This is the remote tunnel endpoint
    ControlPath ~/.ssh/S.%l.%r@%h:%p
    ControlMaster auto
    ControlPersist 5m # auto close when not used for 5 minutes
    ProxyJump jumhost.example.com # this server is used to reach tunnel.example.com
    ForkAfterAuthentication yes # go into background after connecting
    ExitOnForwardFailure yes # fail if local port is not available
    SessionType none # no remote command required
    RequestTTY no # no tty - no output from server
    RemoteCommand echo -n '' # as SessionType/RequestTTY do somehow not always prevent output and catch input

Host pg5440 pgserver0
    LocalForward 5440 server0.example.com:5432
Host pg5440 pgserver1
    LocalForward 5441 server1.example.com:5432