Home Explore Blog CI



man-pages
12th chunk of `ssh.man`
1937591a84178b14fa2f4d3844d1215b2138e86f325e9e1b0000000100000fe2
 closed.

ESCAPE CHARACTERS
       When  a  pseudo‐terminal  has  been  requested, ssh supports a number of
       functions through the use of an escape character.

       A single tilde character can be sent as ~~ or by following the tilde  by
       a character other than those described below.  The escape character must
       always  follow a newline to be interpreted as special.  The escape char‐
       acter can be changed in configuration files using the EscapeChar config‐
       uration directive or on the command line by the -e option.

       The supported escapes (assuming the default ‘~’) are:

       ~.      Disconnect.

       ~^Z     Background ssh.

       ~#      List forwarded connections.

       ~&      Background ssh at logout when waiting for forwarded connection /
               X11 sessions to terminate.

       ~?      Display a list of escape characters.

       ~B      Send a BREAK to the remote system (only useful if the peer  sup‐
               ports it).

       ~C      Open  command  line.  Currently this allows the addition of port
               forwardings using the -L, -R and -D  options  (see  above).   It
               also  allows  the cancellation of existing port‐forwardings with
               -KL[bind_address:]port for local, -KR[bind_address:]port for re‐
               mote and -KD[bind_address:]port  for  dynamic  port‐forwardings.
               !command  allows  the  user  to  execute  a local command if the
               PermitLocalCommand option is enabled  in  ssh_config(5).   Basic
               help is available, using the -h option.

       ~R      Request rekeying of the connection (only useful if the peer sup‐
               ports it).

       ~V      Decrease  the verbosity (LogLevel) when errors are being written
               to stderr.

       ~v      Increase the verbosity (LogLevel) when errors are being  written
               to stderr.

TCP FORWARDING
       Forwarding  of  arbitrary  TCP  connections over a secure channel can be
       specified either on the command line or in a  configuration  file.   One
       possible  application of TCP forwarding is a secure connection to a mail
       server; another is going through firewalls.

       In the example below, we look at encrypting  communication  for  an  IRC
       client, even though the IRC server it connects to does not directly sup‐
       port  encrypted communication.  This works as follows: the user connects
       to the remote host using ssh, specifying the ports to be used to forward
       the connection.  After that it is possible to start the program locally,
       and ssh will encrypt and forward the connection to the remote server.

       The following example tunnels an IRC session from the client to  an  IRC
       server  at  “server.example.com”,  joining  channel  “#users”,  nickname
       “pinky”, using the standard IRC port, 6667:

           $ ssh ‐f ‐L 6667:localhost:6667 server.example.com sleep 10
           $ irc ‐c ’#users’ pinky IRC/127.0.0.1

       The -f option backgrounds ssh and the remote command “sleep 10” is spec‐
       ified to allow an amount of time (10 seconds, in the example)  to  start
       the  program  which  is  going to use the tunnel.  If no connections are
       made within the time specified, ssh will exit.

X11 FORWARDING
       If the ForwardX11 variable is set to “yes” (or see  the  description  of
       the -X, -x, and -Y options above) and the user is using X11 (the DISPLAY
       environment variable is set), the connection to the X11 display is auto‐
       matically  forwarded  to the remote side in such a way that any X11 pro‐
       grams started from the shell (or command) will go through the  encrypted
       channel,  and  the connection to the real X server will be made from the
       local machine.  The user should not manually set DISPLAY.  Forwarding of
       X11 connections can be configured on the command line or  in  configura‐
Title: SSH Escape Characters, TCP Forwarding, and X11 Forwarding
Summary
This section details advanced SSH features including escape characters for session control (like disconnecting, backgrounding, and managing port forwardings), TCP forwarding for secure tunneling of arbitrary TCP connections, and automatic X11 forwarding for secure remote execution of graphical applications. It provides examples of using TCP forwarding to encrypt an IRC session and highlights the importance of proper configuration for X11 forwarding.