# Secure Shell (SSH) Topics: [[Remote access]], [[Linux shell]] - [[SSH directly into tmux]] - [[Using the SSH agent in WSL2]] ## Authentication Instead of public keys, using [CA certificates](https://smallstep.com/blog/use-ssh-certificates/) is a good alternative. ## Yubikey Another way to authenticate is a security token like the popular [[Yubikey]]. ## SSH tunnels In [OpenSSH](https://www.ssh.com/ssh/openssh/), local port forwarding is configured using the `-L` option: ```shell ssh -L 80:intra.example.com:80 gw.example.com ``` This example opens a connection to the `gw.example.com` jump server, and forwards any connection to port 80 on the local machine to port 80 on `intra.example.com`. By default, anyone (even on different machines) can connect to the specified port on the SSH client machine. However, this can be restricted to programs on the same host by supplying a _bind address_: ```shell ssh -L 127.0.0.1:80:intra.example.com:80 gw.example.com ``` ## Related -