SSH tunnel on OS X

Many companies nowadays provide a SSH tunnel to connect remotely into servers. This is a great feature as you will have your internet connectivity wherever you are and still enjoy the benefit of select tunnels.

On OS X and Linux this is really straight forward. The example below establishes a SSH tunnel via tunnel.company.co.za into an Oracle server hosted on the network at 10.0.0.10:

ssh -C -p 22 -l myuserid -N -o ConnectTimeout=5 -o TCPKeepAlive=yes -o NumberOfPasswordPrompts=1 -o ControlMaster=no -o PreferredAuthentications=publickey -i /Users/Me/.ssh/id_rsa -L 15211:10.0.0.10:1521 tunnel.company.co.za

Explanation of the above:

  • -C: Uses compression over SSH
  • -l myuserid: Connects via userid “myuserid”
  • -o ControlMaster=no: disables the reuse of connections. Setting it to “auto” increases performance as it allows multiplexing, but might introduce problems. I play safe here.
  • -o PreferredAuthentications=publickey -i /Users/Me/.ssh/id_rsa: connect to SSH via certificate
  • -L 15211:10.0.0.10:1521: tunnels from local-port 15211 into remote port 1521 at 10.0.0.10

There are different opinions on ControlMaster (read some experience here). Some users say, that setting it to “auto” is reliable and will improve speed significantly. If you want to use it, do the following:

  1. Create a directory: mkdir ~/.ssh/cm_socket
  2. Add -o ControlPath ~/.ssh/cm_socket/%r@%h:%p to the arguments