Sometimes I need to open one or more SSH tunnels to remote hosts. I used to do this with aliases in my zsh profile, so I could call something like sshhostname and it would automatically run the ssh tunneling command. I’ve since adopted an SSH config as it made it a lot easier to maintain and had a nice benefit of making the tunnels easier to find for closing later.

Below is an example multi-host SSH config. It shows how to set up SSH tunneling for two hosts (hostname1 and hostname2). Since hostname3 does not have other directives set for it, it will set up an interactive session.

# ~/.ssh/config

Host hostname1 hostname2 hostname3

# Create a tunnel (ports below) without opening a session the current shell
Host hostname1 hostname2
  ForkAfterAuthentication yes
  SessionType none

Host hostname1
  LocalForward 4555

Host hostname2
  LocalForward 5432

Host *
  AddKeysToAgent yes
  UseKeychain yes
  ForwardAgent no # do not need to send local keys to remote machine
  ServerAliveInterval 300
  TCPKeepAlive no
  IdentityFtle ~/.ssh/id_ed25519

This config is used by referencing the hostname on the command line, e.g. ssh hostname1

I found that one of my favorite things about using the SSH config with hostnames is that active tunnels show up in the process list with their names such as “ssh hostname1”. This makes it a little easier to kill those sessions on command, such as to re-use a port.

# ~/.zshrc

alias killssh="pgrep -f \"ssh [hostname1|hostname2|hostname3]\" | xargs kill"

With this alias, calling killssh will only the active SSH sessions for your hosts, not all active SSH processes. This is especially useful to prevent accidentally killing the SSH session opened by Rancher Desktop for Docker. If you run ps aux | grep ssh with Rancher Desktop running, you’ll see it has an active SSH session running to a socket:

ps aux | grep ssh
<username>          21571   0.0  0.0 33896736    828   ??  S     8:42PM   0:00.00 ssh -F /dev/null -o <truncated> 56843 -- sshfs ":/Applications/Rancher" "/Applications/Rancher" -o slave -o allow_other

So, if you run in an environment where you use Rancher Desktop for Docker containers and have to support a few SSH tunnels locally, hopefully this will help you as well.