Port Forwarding

The ssh client and server are able to forward local or remote ports through the tunnel and resume delivery on the other side. Port forwardings are either local or remote and are configured on the command line of the client or inside the SSH client configuration:

Background SSH

SSH usually operates in the foreground where it provides an interactive login or displays the output of a remote command (see remote commands). Although using the forwarding services (see port forwarding and agent forwarding) requires successful authentication, it does not have to result in a shell.

Multi-Hop Connections

Many networks are protected by a firewall that does not allow host on the outside to connect to those on the inside. Are you annoyed by connecting to the firewall first and then logging in to your favourite host from there?

Masked vs ~arch

In Gentoo there are two ways to protect the user from packages that remain untested.


Messages that are produced by the kernel are placed in a ring buffer which has a default size of 16392 bytes. This buffer is available from userspace via /proc/kmsg. Messages are categorized into levels which are also used to decide which are printed to the console.


The nohup command allows executing programs which are safe from hangup signals:

Desktop via XSession

Instead of choosing your favourite dektop environment when logging in via a display manager, use XSession to gain more control over the login process. This will invoke ~/.xsession (permissions: 0755):

ViM: Modelines

When working on a project with several developers, some coding style has to be agreed on. This will not necessarily correspond with individual point of view. A very common disagreement upon developers is the indentation of source code: How many spaces does a single level of indentation correspond to? Is it represented by a series of spaces of by a single tab stop?

Traversal of the Netfilter Code

The following ascii image describes the way a packet takes when traversing the netfilter firewalling code inside the linux kernels 2.4 and 2.6. It is followed by a description of the visualized paths.

Stateful Filtering with Netfilter

When implementing security policies with a packet filter you will usually have to specify rules for each and every packet that you wish to handle. This will result in a myriad of rules that are hard to maintain. Still, you might be able to prolong choas by distributing rule definitions among several files and cascading chains of similar rules. Though, there is an easier way.