{ "schemaVersion": "1.0", "item": { "slug": "ssh-tunnel", "name": "SSH Tunnel", "source": "tencent", "type": "skill", "category": "开发工具", "sourceUrl": "https://clawhub.ai/gitgoodordietrying/ssh-tunnel", "canonicalUrl": "https://clawhub.ai/gitgoodordietrying/ssh-tunnel", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/ssh-tunnel", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=ssh-tunnel", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "SKILL.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-05-07T17:22:31.273Z", "expiresAt": "2026-05-14T17:22:31.273Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=afrexai-annual-report", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=afrexai-annual-report", "contentDisposition": "attachment; filename=\"afrexai-annual-report-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/ssh-tunnel" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/ssh-tunnel", "agentPageUrl": "https://openagent3.xyz/skills/ssh-tunnel/agent", "manifestUrl": "https://openagent3.xyz/skills/ssh-tunnel/agent.json", "briefUrl": "https://openagent3.xyz/skills/ssh-tunnel/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "SSH Tunnel", "body": "SSH tunneling, port forwarding, and secure remote access. Covers local/remote/dynamic forwards, jump hosts, ProxyCommand, multiplexing, key management, and connection debugging." }, { "title": "When to Use", "body": "Accessing a remote database through a firewall (local port forward)\nExposing a local dev server to a remote machine (remote port forward)\nUsing a remote server as a SOCKS proxy (dynamic forward)\nConnecting through bastion/jump hosts\nManaging SSH keys and agent forwarding\nTransferring files securely (scp, rsync)\nDebugging SSH connection failures" }, { "title": "Local forward (access remote service locally)", "body": "# Forward local port 5432 to remote's localhost:5432\n# Use case: access a remote PostgreSQL database as if it were local\nssh -L 5432:localhost:5432 user@remote-server\n\n# Then connect locally:\npsql -h localhost -p 5432 -U dbuser mydb\n\n# Forward to a different host accessible from the remote\n# Remote server can reach db.internal:5432, but you can't\nssh -L 5432:db.internal:5432 user@remote-server\n\n# Forward multiple ports\nssh -L 5432:db.internal:5432 -L 6379:redis.internal:6379 user@remote-server\n\n# Run in background (no shell)\nssh -fNL 5432:db.internal:5432 user@remote-server\n# -f = background after auth\n# -N = no remote command\n# -L = local forward" }, { "title": "Remote forward (expose local service remotely)", "body": "# Make your local port 3000 accessible on the remote server's port 8080\nssh -R 8080:localhost:3000 user@remote-server\n# On the remote: curl http://localhost:8080 → hits your local :3000\n\n# Expose to all interfaces on the remote (not just localhost)\n# Requires GatewayPorts yes in remote sshd_config\nssh -R 0.0.0.0:8080:localhost:3000 user@remote-server\n\n# Background mode\nssh -fNR 8080:localhost:3000 user@remote-server" }, { "title": "Dynamic forward (SOCKS proxy)", "body": "# Create a SOCKS5 proxy on local port 1080\nssh -D 1080 user@remote-server\n\n# Route browser traffic through the tunnel\n# Configure browser proxy: SOCKS5, localhost:1080\n\n# Use with curl\ncurl --socks5-hostname localhost:1080 https://example.com\n\n# Background mode\nssh -fND 1080 user@remote-server" }, { "title": "ProxyJump (simplest, OpenSSH 7.3+)", "body": "# Connect through a bastion host\nssh -J bastion-user@bastion.example.com target-user@internal-server\n\n# Chain multiple jumps\nssh -J bastion1,bastion2 target-user@internal-server\n\n# With port forward through bastion\nssh -J bastion-user@bastion -L 5432:db.internal:5432 target-user@app-server" }, { "title": "ProxyCommand (older systems, more flexible)", "body": "# Equivalent to ProxyJump but works on older OpenSSH\nssh -o ProxyCommand=\"ssh -W %h:%p bastion-user@bastion\" target-user@internal-server" }, { "title": "SSH Config for jump hosts", "body": "# ~/.ssh/config\n\n# Bastion host\nHost bastion\n HostName bastion.example.com\n User bastion-user\n IdentityFile ~/.ssh/bastion_key\n\n# Internal servers (automatically use bastion)\nHost app-server\n HostName 10.0.1.50\n User deploy\n ProxyJump bastion\n\nHost db-server\n HostName 10.0.2.30\n User admin\n ProxyJump bastion\n LocalForward 5432 localhost:5432\n\n# Now just: ssh app-server\n# Or: ssh db-server (auto-forwards port 5432)" }, { "title": "Essential config", "body": "# ~/.ssh/config\n\n# Global defaults\nHost *\n ServerAliveInterval 60\n ServerAliveCountMax 3\n AddKeysToAgent yes\n IdentitiesOnly yes\n\n# Named hosts\nHost prod\n HostName 203.0.113.50\n User deploy\n IdentityFile ~/.ssh/prod_ed25519\n Port 2222\n\nHost staging\n HostName staging.example.com\n User deploy\n IdentityFile ~/.ssh/staging_ed25519\n\n# Wildcard patterns\nHost *.dev.example.com\n User developer\n IdentityFile ~/.ssh/dev_key\n StrictHostKeyChecking no\n UserKnownHostsFile /dev/null" }, { "title": "Connection multiplexing (reuse connections)", "body": "# ~/.ssh/config\nHost *\n ControlMaster auto\n ControlPath ~/.ssh/sockets/%r@%h-%p\n ControlPersist 600\n\n# First connection opens socket, subsequent connections reuse it\n# Much faster for repeated ssh/scp/rsync to same host\n\n# Create socket directory\nmkdir -p ~/.ssh/sockets\n\n# Manually manage control socket\nssh -O check prod # Check if connection is alive\nssh -O stop prod # Close the master connection\nssh -O exit prod # Close immediately" }, { "title": "Generate keys", "body": "# Ed25519 (recommended — fast, secure, short keys)\nssh-keygen -t ed25519 -C \"user@machine\" -f ~/.ssh/mykey_ed25519\n\n# RSA 4096 (wider compatibility)\nssh-keygen -t rsa -b 4096 -C \"user@machine\" -f ~/.ssh/mykey_rsa\n\n# Generate without passphrase (for automation only)\nssh-keygen -t ed25519 -N \"\" -f ~/.ssh/deploy_key" }, { "title": "Deploy keys", "body": "# Copy public key to remote server\nssh-copy-id -i ~/.ssh/mykey_ed25519.pub user@remote-server\n\n# Manual (if ssh-copy-id unavailable)\ncat ~/.ssh/mykey_ed25519.pub | ssh user@remote-server \"mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys\"" }, { "title": "SSH Agent", "body": "# Start agent (usually auto-started)\neval \"$(ssh-agent -s)\"\n\n# Add key to agent\nssh-add ~/.ssh/mykey_ed25519\n\n# Add with expiry (key removed after timeout)\nssh-add -t 3600 ~/.ssh/mykey_ed25519\n\n# List loaded keys\nssh-add -l\n\n# Remove all keys\nssh-add -D\n\n# Agent forwarding (use your local keys on remote hosts)\nssh -A user@remote-server\n# On remote: ssh git@github.com → uses your local key\n# SECURITY: only forward to trusted hosts" }, { "title": "File permissions", "body": "# SSH is strict about permissions. Fix common issues:\nchmod 700 ~/.ssh\nchmod 600 ~/.ssh/id_ed25519 # Private key\nchmod 644 ~/.ssh/id_ed25519.pub # Public key\nchmod 600 ~/.ssh/config\nchmod 600 ~/.ssh/authorized_keys" }, { "title": "scp", "body": "# Copy file to remote\nscp file.txt user@remote:/path/to/destination/\n\n# Copy from remote\nscp user@remote:/path/to/file.txt ./local/\n\n# Copy directory recursively\nscp -r ./local-dir user@remote:/path/to/\n\n# Through jump host\nscp -o ProxyJump=bastion file.txt user@internal:/path/\n\n# With specific key and port\nscp -i ~/.ssh/mykey -P 2222 file.txt user@remote:/path/" }, { "title": "rsync over SSH", "body": "# Sync directory (only changed files)\nrsync -avz ./local-dir/ user@remote:/path/to/remote-dir/\n\n# Dry run (preview changes)\nrsync -avzn ./local-dir/ user@remote:/path/to/remote-dir/\n\n# Delete files on remote that don't exist locally\nrsync -avz --delete ./local-dir/ user@remote:/path/to/remote-dir/\n\n# Exclude patterns\nrsync -avz --exclude='node_modules' --exclude='.git' ./project/ user@remote:/deploy/\n\n# With specific SSH options\nrsync -avz -e \"ssh -i ~/.ssh/deploy_key -p 2222\" ./dist/ user@remote:/var/www/\n\n# Resume interrupted transfer\nrsync -avz --partial --progress large-file.tar.gz user@remote:/path/\n\n# Through jump host\nrsync -avz -e \"ssh -J bastion\" ./files/ user@internal:/path/" }, { "title": "Verbose output", "body": "# Increasing verbosity levels\nssh -v user@remote # Basic debug\nssh -vv user@remote # More detail\nssh -vvv user@remote # Maximum detail\n\n# Common issues visible in verbose output:\n# \"Connection refused\" → SSH server not running or wrong port\n# \"Connection timed out\" → Firewall blocking, wrong IP\n# \"Permission denied (publickey)\" → Key not accepted\n# \"Host key verification failed\" → Server fingerprint changed" }, { "title": "Test connectivity", "body": "# Check if SSH port is open\nnc -zv remote-host 22\n# or\nssh -o ConnectTimeout=5 -o BatchMode=yes user@remote echo ok\n\n# Check which key the server accepts\nssh -o PreferredAuthentications=publickey -v user@remote 2>&1 | grep \"Offering\\|Accepted\"\n\n# Test config without connecting\nssh -G remote-host # Print effective config for this host" }, { "title": "Common fixes", "body": "# \"WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED\"\n# Server was reinstalled / IP reassigned\nssh-keygen -R remote-host # Remove old fingerprint\nssh user@remote-host # Accept new fingerprint\n\n# \"Too many authentication failures\"\n# SSH agent is offering too many keys\nssh -o IdentitiesOnly=yes -i ~/.ssh/specific_key user@remote\n\n# \"Connection closed by remote host\"\n# Often: MaxSessions or MaxStartups limit on server\n# Or: fail2ban banned your IP\n\n# Tunnel keeps dying\n# Add keepalive in config or command line:\nssh -o ServerAliveInterval=30 -o ServerAliveCountMax=5 user@remote\n\n# Permission denied despite correct key\n# Check remote: /var/log/auth.log or /var/log/secure\n# Common: wrong permissions on ~/.ssh or authorized_keys" }, { "title": "Kill stuck SSH sessions", "body": "# If SSH session hangs (frozen terminal):\n# Type these characters in sequence:\n~. # Disconnect\n~? # Show escape commands\n~# # List forwarded connections\n~& # Background SSH (when waiting for tunnel to close)\n# The ~ must be the first character on a new line (press Enter first)" }, { "title": "Tips", "body": "Use ~/.ssh/config for everything. Named hosts with stored settings are faster and less error-prone than typing long commands.\nEd25519 keys are preferred over RSA. They're shorter, faster, and equally secure.\nConnection multiplexing (ControlMaster) makes repeated connections instant. Enable it globally.\nrsync is almost always better than scp for anything beyond a single file. It handles interruptions, only transfers changes, and supports compression.\nAgent forwarding (-A) is convenient but a security risk on untrusted servers. The remote host can use your agent to authenticate as you. Prefer ProxyJump instead.\nServerAliveInterval 60 in config prevents most \"broken pipe\" disconnections.\nKeep your ~/.ssh/config organized with comments. Future-you will appreciate it.\nThe ~. escape sequence is the only way to kill a stuck SSH session without closing the terminal." } ], "body": "SSH Tunnel\n\nSSH tunneling, port forwarding, and secure remote access. Covers local/remote/dynamic forwards, jump hosts, ProxyCommand, multiplexing, key management, and connection debugging.\n\nWhen to Use\nAccessing a remote database through a firewall (local port forward)\nExposing a local dev server to a remote machine (remote port forward)\nUsing a remote server as a SOCKS proxy (dynamic forward)\nConnecting through bastion/jump hosts\nManaging SSH keys and agent forwarding\nTransferring files securely (scp, rsync)\nDebugging SSH connection failures\nPort Forwarding\nLocal forward (access remote service locally)\n# Forward local port 5432 to remote's localhost:5432\n# Use case: access a remote PostgreSQL database as if it were local\nssh -L 5432:localhost:5432 user@remote-server\n\n# Then connect locally:\npsql -h localhost -p 5432 -U dbuser mydb\n\n# Forward to a different host accessible from the remote\n# Remote server can reach db.internal:5432, but you can't\nssh -L 5432:db.internal:5432 user@remote-server\n\n# Forward multiple ports\nssh -L 5432:db.internal:5432 -L 6379:redis.internal:6379 user@remote-server\n\n# Run in background (no shell)\nssh -fNL 5432:db.internal:5432 user@remote-server\n# -f = background after auth\n# -N = no remote command\n# -L = local forward\n\nRemote forward (expose local service remotely)\n# Make your local port 3000 accessible on the remote server's port 8080\nssh -R 8080:localhost:3000 user@remote-server\n# On the remote: curl http://localhost:8080 → hits your local :3000\n\n# Expose to all interfaces on the remote (not just localhost)\n# Requires GatewayPorts yes in remote sshd_config\nssh -R 0.0.0.0:8080:localhost:3000 user@remote-server\n\n# Background mode\nssh -fNR 8080:localhost:3000 user@remote-server\n\nDynamic forward (SOCKS proxy)\n# Create a SOCKS5 proxy on local port 1080\nssh -D 1080 user@remote-server\n\n# Route browser traffic through the tunnel\n# Configure browser proxy: SOCKS5, localhost:1080\n\n# Use with curl\ncurl --socks5-hostname localhost:1080 https://example.com\n\n# Background mode\nssh -fND 1080 user@remote-server\n\nJump Hosts / Bastion\nProxyJump (simplest, OpenSSH 7.3+)\n# Connect through a bastion host\nssh -J bastion-user@bastion.example.com target-user@internal-server\n\n# Chain multiple jumps\nssh -J bastion1,bastion2 target-user@internal-server\n\n# With port forward through bastion\nssh -J bastion-user@bastion -L 5432:db.internal:5432 target-user@app-server\n\nProxyCommand (older systems, more flexible)\n# Equivalent to ProxyJump but works on older OpenSSH\nssh -o ProxyCommand=\"ssh -W %h:%p bastion-user@bastion\" target-user@internal-server\n\nSSH Config for jump hosts\n# ~/.ssh/config\n\n# Bastion host\nHost bastion\n HostName bastion.example.com\n User bastion-user\n IdentityFile ~/.ssh/bastion_key\n\n# Internal servers (automatically use bastion)\nHost app-server\n HostName 10.0.1.50\n User deploy\n ProxyJump bastion\n\nHost db-server\n HostName 10.0.2.30\n User admin\n ProxyJump bastion\n LocalForward 5432 localhost:5432\n\n# Now just: ssh app-server\n# Or: ssh db-server (auto-forwards port 5432)\n\nSSH Config Patterns\nEssential config\n# ~/.ssh/config\n\n# Global defaults\nHost *\n ServerAliveInterval 60\n ServerAliveCountMax 3\n AddKeysToAgent yes\n IdentitiesOnly yes\n\n# Named hosts\nHost prod\n HostName 203.0.113.50\n User deploy\n IdentityFile ~/.ssh/prod_ed25519\n Port 2222\n\nHost staging\n HostName staging.example.com\n User deploy\n IdentityFile ~/.ssh/staging_ed25519\n\n# Wildcard patterns\nHost *.dev.example.com\n User developer\n IdentityFile ~/.ssh/dev_key\n StrictHostKeyChecking no\n UserKnownHostsFile /dev/null\n\nConnection multiplexing (reuse connections)\n# ~/.ssh/config\nHost *\n ControlMaster auto\n ControlPath ~/.ssh/sockets/%r@%h-%p\n ControlPersist 600\n\n# First connection opens socket, subsequent connections reuse it\n# Much faster for repeated ssh/scp/rsync to same host\n\n# Create socket directory\nmkdir -p ~/.ssh/sockets\n\n# Manually manage control socket\nssh -O check prod # Check if connection is alive\nssh -O stop prod # Close the master connection\nssh -O exit prod # Close immediately\n\nKey Management\nGenerate keys\n# Ed25519 (recommended — fast, secure, short keys)\nssh-keygen -t ed25519 -C \"user@machine\" -f ~/.ssh/mykey_ed25519\n\n# RSA 4096 (wider compatibility)\nssh-keygen -t rsa -b 4096 -C \"user@machine\" -f ~/.ssh/mykey_rsa\n\n# Generate without passphrase (for automation only)\nssh-keygen -t ed25519 -N \"\" -f ~/.ssh/deploy_key\n\nDeploy keys\n# Copy public key to remote server\nssh-copy-id -i ~/.ssh/mykey_ed25519.pub user@remote-server\n\n# Manual (if ssh-copy-id unavailable)\ncat ~/.ssh/mykey_ed25519.pub | ssh user@remote-server \"mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys\"\n\nSSH Agent\n# Start agent (usually auto-started)\neval \"$(ssh-agent -s)\"\n\n# Add key to agent\nssh-add ~/.ssh/mykey_ed25519\n\n# Add with expiry (key removed after timeout)\nssh-add -t 3600 ~/.ssh/mykey_ed25519\n\n# List loaded keys\nssh-add -l\n\n# Remove all keys\nssh-add -D\n\n# Agent forwarding (use your local keys on remote hosts)\nssh -A user@remote-server\n# On remote: ssh git@github.com → uses your local key\n# SECURITY: only forward to trusted hosts\n\nFile permissions\n# SSH is strict about permissions. Fix common issues:\nchmod 700 ~/.ssh\nchmod 600 ~/.ssh/id_ed25519 # Private key\nchmod 644 ~/.ssh/id_ed25519.pub # Public key\nchmod 600 ~/.ssh/config\nchmod 600 ~/.ssh/authorized_keys\n\nFile Transfer\nscp\n# Copy file to remote\nscp file.txt user@remote:/path/to/destination/\n\n# Copy from remote\nscp user@remote:/path/to/file.txt ./local/\n\n# Copy directory recursively\nscp -r ./local-dir user@remote:/path/to/\n\n# Through jump host\nscp -o ProxyJump=bastion file.txt user@internal:/path/\n\n# With specific key and port\nscp -i ~/.ssh/mykey -P 2222 file.txt user@remote:/path/\n\nrsync over SSH\n# Sync directory (only changed files)\nrsync -avz ./local-dir/ user@remote:/path/to/remote-dir/\n\n# Dry run (preview changes)\nrsync -avzn ./local-dir/ user@remote:/path/to/remote-dir/\n\n# Delete files on remote that don't exist locally\nrsync -avz --delete ./local-dir/ user@remote:/path/to/remote-dir/\n\n# Exclude patterns\nrsync -avz --exclude='node_modules' --exclude='.git' ./project/ user@remote:/deploy/\n\n# With specific SSH options\nrsync -avz -e \"ssh -i ~/.ssh/deploy_key -p 2222\" ./dist/ user@remote:/var/www/\n\n# Resume interrupted transfer\nrsync -avz --partial --progress large-file.tar.gz user@remote:/path/\n\n# Through jump host\nrsync -avz -e \"ssh -J bastion\" ./files/ user@internal:/path/\n\nConnection Debugging\nVerbose output\n# Increasing verbosity levels\nssh -v user@remote # Basic debug\nssh -vv user@remote # More detail\nssh -vvv user@remote # Maximum detail\n\n# Common issues visible in verbose output:\n# \"Connection refused\" → SSH server not running or wrong port\n# \"Connection timed out\" → Firewall blocking, wrong IP\n# \"Permission denied (publickey)\" → Key not accepted\n# \"Host key verification failed\" → Server fingerprint changed\n\nTest connectivity\n# Check if SSH port is open\nnc -zv remote-host 22\n# or\nssh -o ConnectTimeout=5 -o BatchMode=yes user@remote echo ok\n\n# Check which key the server accepts\nssh -o PreferredAuthentications=publickey -v user@remote 2>&1 | grep \"Offering\\|Accepted\"\n\n# Test config without connecting\nssh -G remote-host # Print effective config for this host\n\nCommon fixes\n# \"WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED\"\n# Server was reinstalled / IP reassigned\nssh-keygen -R remote-host # Remove old fingerprint\nssh user@remote-host # Accept new fingerprint\n\n# \"Too many authentication failures\"\n# SSH agent is offering too many keys\nssh -o IdentitiesOnly=yes -i ~/.ssh/specific_key user@remote\n\n# \"Connection closed by remote host\"\n# Often: MaxSessions or MaxStartups limit on server\n# Or: fail2ban banned your IP\n\n# Tunnel keeps dying\n# Add keepalive in config or command line:\nssh -o ServerAliveInterval=30 -o ServerAliveCountMax=5 user@remote\n\n# Permission denied despite correct key\n# Check remote: /var/log/auth.log or /var/log/secure\n# Common: wrong permissions on ~/.ssh or authorized_keys\n\nKill stuck SSH sessions\n# If SSH session hangs (frozen terminal):\n# Type these characters in sequence:\n~. # Disconnect\n~? # Show escape commands\n~# # List forwarded connections\n~& # Background SSH (when waiting for tunnel to close)\n# The ~ must be the first character on a new line (press Enter first)\n\nTips\nUse ~/.ssh/config for everything. Named hosts with stored settings are faster and less error-prone than typing long commands.\nEd25519 keys are preferred over RSA. They're shorter, faster, and equally secure.\nConnection multiplexing (ControlMaster) makes repeated connections instant. Enable it globally.\nrsync is almost always better than scp for anything beyond a single file. It handles interruptions, only transfers changes, and supports compression.\nAgent forwarding (-A) is convenient but a security risk on untrusted servers. The remote host can use your agent to authenticate as you. Prefer ProxyJump instead.\nServerAliveInterval 60 in config prevents most \"broken pipe\" disconnections.\nKeep your ~/.ssh/config organized with comments. Future-you will appreciate it.\nThe ~. escape sequence is the only way to kill a stuck SSH session without closing the terminal." }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/gitgoodordietrying/ssh-tunnel", "publisherUrl": "https://clawhub.ai/gitgoodordietrying/ssh-tunnel", "owner": "gitgoodordietrying", "version": "1.0.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/ssh-tunnel", "downloadUrl": "https://openagent3.xyz/downloads/ssh-tunnel", "agentUrl": "https://openagent3.xyz/skills/ssh-tunnel/agent", "manifestUrl": "https://openagent3.xyz/skills/ssh-tunnel/agent.json", "briefUrl": "https://openagent3.xyz/skills/ssh-tunnel/agent.md" } }