59
31
I used ssh -L 10002:192.168.0.30:10002 192.168.1.135
to establish port forwarding but now I need to remove it.
How do I do this?
59
31
I used ssh -L 10002:192.168.0.30:10002 192.168.1.135
to establish port forwarding but now I need to remove it.
How do I do this?
60
If you are using Linux you can kill the process by:
ps aux | grep ssh
and then use
kill <id>
To kill the process.
If the kill command is not successfull you can try
kill -9 <id>
2I usually do a one liner pgrep ssh | xargs kill
. Don't use -9
for nothing indeed – GabLeRoux – 2016-01-08T22:35:09.663
2@GabLeRoux That assumes you only have a single ssh
command, or that all the ssh
commands you are running are fine to kill. This is hardly a good general assumption. – tripleee – 2016-04-14T09:11:44.173
I agree, knowing exactly what you're doing is way better :) When you use port forwarding at the same time, a good way to find out which pid it is is to run netstat -peanut
, last column will be PID/Program name
, grep
the port you are looking for and you'll be way closer to the solution – GabLeRoux – 2016-04-14T12:44:16.327
@tripleee, but in what case a regular user that made a port tunnel, will have more ssh processes that might not be safe to kill? – Avamander – 2016-10-23T09:08:02.483
2@Avamander I connect to multiple ssh
instances on multiple remote servers all the time, some of them without my direct active involvement. For example, Emacs Tramp mode opens an ssh
connection behind the scenes when I visit a remote buffer. Some people use userspace filesystems which do something similar. It's not at all uncommon. In fact, I would assume single user, single ssh
instance to be a minority fringe use case. If it works for you, good for you, but it's not good general advice. – tripleee – 2016-10-23T09:16:12.770
31No. No. No. Please, please, please do not use kill -9
until after you've tried just kill
. Many processes will have signal handlers which will clean up their use of resources, cleanly close connections and other pre-shutdown tasks. If you kill with -9, the process dies immediately without doing the cleanup. Killing without -9 will work most of the time. – Doug Harris – 2009-12-23T18:44:59.293
18kill -9
without reason is like using a shotgun to kill a mosquito. :) – Darren Hall – 2009-12-23T21:24:22.763
24
When using ssh multiplexing, killing the ssh process is often undesirable (it kills all open connections with that host), and you cannot easily access the escape because "escape not available to multiplexed sessions". The right way is then to run the analogue of the forwarding command that you want to cancel, but adding -O cancel
. For instance:
ssh -O cancel -L 10002:192.168.0.30:10002 192.168.1.135
This will disable this port forwarding without terminating the session. Again, this will only work if ssh multiplexing is in use for the connection to 192.168.1.135.
I'm so glad this exists and I found it, many thanks! – galva – 2017-09-15T11:39:20.710
2This is a best solution. To kill master just run ssh -O exit 192.168.1.135
. – Tomilov Anatoliy – 2017-09-28T09:27:34.103
If you are not multiplexing sessions, see exhuma's excellent answer! (Thanks a3nm for catching my typo.) – Alan De Smet – 2018-07-17T20:25:16.050
awesome! this should be the picked answer! – Truong Nguyen – 2018-07-30T18:15:01.470
14
How to cancel a forwarded port in an already running SSH session:
-KL port
You should see this:
ssh> -KL 10002
Canceled forwarding.
12
You could use the "escape-key" (usually ~) followed by C to get a cli to your connection. You can from there remove tunnels without taking down your connection.
1I'd like to know the specifics of this. I know you can add tunnels after you've SSH'd in, but have yet to find out how to take one down. – carestad – 2014-11-24T22:40:59.343
9When you are in CLI mode you could do help. -KL is the oppsite of -L, -KR is the oppsite of -R and -KD is the oppsite of -D. Doing "escape-key" (~) followed by # shows your tunnels. – Jimmy Hedman – 2014-11-28T11:02:43.373
1@JimmyHedman you might want to edit your answer additionally to adding a comment. It makes everything more readable. And sometimes comments are hidden (in case there are too many). – exhuma – 2016-02-19T15:51:05.483
7
You can enter an interactive console by typing ~C (capital "C"). This lets you dynamically add and remove port forwardings (among a few other things).
This sequence has to come right after a carriage return/newline. So in doubt, just type Enter~C (in sequence).
If you don't see the characters appear on the console, you're doing it right :)
You should now see an ssh>
prompt.
To remove the port, simply enter -KL 10002
followed by Enter (where 10002
is your forwarded port).
The inverse - adding a new forward - can be done like this (from start to finish):
Enter~C
ssh> -L 10002:192.168.0.30:10002
Enter
This is the right answer if you're not multiplexing connections. If you are, you'll be bounced with ~C escape not available to multiplexed sessions
. If that's the case, see a3nm's excellent answer. – Alan De Smet – 2018-07-16T21:20:48.500
We often realize port is still being forwarded when we fire a new ssh session running same command again and getting
Warning: remote port forwarding failed for listen port
message. – GabLeRoux – 2016-01-08T22:38:12.570