How to List Active SSH Tunnels on Mac OS X Client Connected to FreeBSD Server


4 views

When working with SSH tunnels between a Mac OS X client and FreeBSD server, you often need to verify active tunnel connections. Here are several methods to accomplish this:

netstat -an | grep -E "tcp.*127.0.0.1" | grep ESTABLISHED

This command filters for established TCP connections on localhost. For more specific SSH tunnel detection:

netstat -an | grep -E "tcp.*127.0.0.1:[0-9]+.*ESTABLISHED.*ssh"

A more precise approach using lsof (list open files):

lsof -i -n | egrep '\<ssh\>'

To see tunnel details including ports:

lsof -i -n -P | grep ssh | grep -v ":22"

Examine active SSH processes for tunnel parameters:

ps aux | grep "ssh -[fNL]" | grep -v grep

For detailed connection info of a specific SSH process:

lsof -p $(pgrep -f "ssh -[fNL]") | grep TCP

On your FreeBSD server, check active SSH sessions:

sockstat -4 -l | grep sshd

Or using netstat:

netstat -p tcp | grep sshd

Create a shell function for quick tunnel inspection:

sshtunnels() {
    echo "=== Active SSH Tunnels ==="
    lsof -i -n -P | grep ssh | grep -v ":22"
    echo "\n=== SSH Processes ==="
    ps aux | grep "ssh -[fNL]" | grep -v grep
}

Key fields to examine in the output:

  • Local address/port (127.0.0.1:XXXX)
  • Remote address/port
  • Process ID (PID) of SSH session
  • Connection state (ESTABLISHED)

When working with SSH tunnels between macOS and FreeBSD systems, you might need to verify currently active tunnel connections. Here are several reliable methods:

The most straightforward approach is using the netstat command:

netstat -an | grep -E '^(tcp|udp)' | grep -E '127.0.0.1|localhost'

This will show all local TCP/UDP connections including SSH tunnels. Look for entries with localhost (127.0.0.1) and the tunnel port number.

For more detailed information about processes holding SSH tunnels:

lsof -i -n | grep ssh

Example output:

ssh      12345 user    3u  IPv4 0xabcdef1234      0t0  TCP 127.0.0.1:8080->127.0.0.1:54321 (ESTABLISHED)

If you have the process ID (PID) of your SSH session:

ps -p [PID] -o command

Or to find all SSH processes with tunnel parameters:

ps aux | grep ssh | grep -E '(-L|-R|-D)'

To check from the FreeBSD server what tunnels are active:

sockstat -4 -l | grep ssh

Or for more detailed information:

ss -tnlp | grep sshd

For regular monitoring, you could create a simple shell script:

#!/bin/bash
echo "Active SSH tunnels:"
lsof -i -n | grep ssh | grep -E '127.0.0.1|localhost' | awk '{print $1,$8,$9}'

echo "\nListening ports:"
netstat -an | grep LISTEN | grep -E '127.0.0.1|localhost'

Remember that SSH tunnels might appear differently depending on:

  • Whether they're local (-L) or remote (-R) port forwards
  • The SSH version and configuration
  • Network namespace if using virtualization

For persistent tunnels, consider adding logging to your SSH client configuration:

Host *
    LogLevel DEBUG3
    UserKnownHostsFile ~/.ssh/known_hosts_tunnels