# Setting up SSH tunnel

## SSH tunneling with config-file

Easiest way for ssh-tunneling is to store tunneling configuration permanently into ssh client software configuration. 

On linux or mac you can add frequently used tunneling configuration to $HOME/.ssh/config

    Host solu.uef.fi
       ProxyCommand ssh username@codon.uef.fi nc %h %p

    Host gitlab.uef.fi
       ProxyCommand ssh username@intron.uef.fi nc %h %p

Now it is easy to connect for example to solu.uef.fi server, eq **ssh username@intron.uef.fi**. Also scp and sftp works with this.

The most GUI clients have option to do the configuration through more user-friendly graphical user interface.

## Another way for forwarding any port

To setup SSH tunneling between a server visible outside of the university firewall, you can use the following SSH commands:
    ssh -f -N -p 22 -c 3des username@messi.uku.fi -L 7180/193.167.236.245/80

The options are as follows:
-f Send SSH to background (optional, if used, will free the terminal window for further usage)
-N Do not execute remote commands, i.e. just do port forwarding
-p 22 Port of the remote host (server visible outside of the university firewall)
-c 3des Select 3des encryption.

username@messi.uku.fi is your username and address of the server visible outside of the firewall
 
-L 7180/193.167.236.245/80 specifies the port forwards with the following format
-L local_port/remote_host/remote_port

This would allow you to connect to the remote host at 193.167.236.245, port 80 with connecting to localhost port 7180, i.e.:

    ssh user@localhost -p 7180

Note: The username is your username at the remote host.

To add more port-forwards, specify more forwards with the -L switch, e.g.:

    ssh -f -N -p 22 -c 3des username@messi.uku.fi -L 7180/193.167.236.245/80 -L 7122/193.167.236.245/22

You can add your port-forwarding commands to a shell script (e.g. tunnels.sh) and for example run it with:
    sh tunnels.sh

If your tunnels break for example because of lost net connection, and you have chosen the -f switch for sending SSH to background, you may have to kill the SSH process and re-start the tunneling. To find the process id you can use:

    pf -fu username

Find the process id from the list, and kill it:

    kill -9 process_id_you_found