
Show HN: Mole – an open source tool to easily create ssh tunnels - davrodpin
https://davrodpin.github.io/mole/
======
kstenerud
I'm not sure if I missed something? Normally I use -L syntax for tunneling (-L
local_port:remote_addr:remote_port). Does this tool do more?

~~~
8fingerlouie
I don't think i've missed anything, it does the same thing as ssh -L with
slightly different syntax.

It's the same with mosh. Normally i use tmux on the destination host, and i
simply cannot see any reason to use mosh over ssh/tmux.

~~~
therein
> i simply cannot see any reason to use mosh over ssh/tmux.

How about automatic session resumption and predictive character insertion to
improve typing when under latency?

~~~
8fingerlouie
session resumption:

    
    
        tmux a
    

As for predictive character insertion, when i'm working in a shell, especially
with high latency, i prefer my commands to be as i type them, not something
some algorithm "guessed" i was going to type.

~~~
satiani
That's not what mosh is, it doesn't predict what you're going to type. It
however proactively renders the characters you type before it receives
confirmation from the tty on the other end.

In other words, imagine typing ssh somebox.typo.com and waiting 1 second
before the text renders and discovering the typo, then pressing backspace,
waiting a while for the backspaces to render, then going through all of this
again. With mosh you'll be able to instantly see what you typed and fix it. On
high latency connections it makes a huge difference in quality of life.

~~~
dspillett
_> It however proactively renders the characters you type before it receives
confirmation from the tty on the other end._

Basically for those with experience of text terminals genrally: local echo.

~~~
8fingerlouie
I worked as a sysadm at at "large" (local scale) UNIX SysV installation back
in the early 90s.

Everything there connected via serial ports, remote offices got multiplexed
over a 9600 baud connection. Back then we had local echo for the sometimes
slow link, i.e. printing a spreadsheet converted to 3Mb PostScript, and still
only 9600 baud in total.

So i know what local echo is. It has nothing to do with prediction :)

I'm still not convinced about mosh, but it sounds like it really does help a
lot of people, so who am i to judge. I guess i'm privileged since i don't
usually experience latency. We have about 95% 4G coverage in this country,
coupled with fiber connections.

The last time i experienced any noticeable latency was when editing files on a
clients SCO OpenServer across The Atlantic Ocean over a 1200 baud connection.

~~~
jpitz
For me, the advantage of mosh is that it handles network changes seamlessly.

~~~
dspillett
I've taken to using OpenVPN to home when mobile, except for the absolute
basics (I don't have it running on my phone 24/7), which deals with that fine
too.

As well as that and protecting unencrypted traffic on public WiFi, I get my ad
blocker & other protection and credit card payments are smoother as the
payment processors think I am at home not coming from some random address so
doesn't ask for extra security details as often as they otherwise would.

------
jmngomes
This is cool, but it's not very clear to me what is the benefit of using this
over autossh.

autossh detects and restarts broken tunnels and uses aliases and tidy config
files: [https://www.everythingcli.org/ssh-tunnelling-for-fun-and-
pro...](https://www.everythingcli.org/ssh-tunnelling-for-fun-and-profit-
autossh/)

~~~
loeg
Just syntax, I think. autossh was kind of a pain for me to set up and debug.

------
Symbiote
Here are the example commands, with the SSH equivalent. There's a small syntax
difference, but otherwise I don't think this tool adds much.

    
    
      $ mole -local 127.0.0.1:3306 -remote 127.0.0.1:3306 -server example@172.12.0.100
      $ ssh -L3306:127.0.0.1:3306 example@172.12.0.100
    
      $ mole -v -local 127.0.0.1:8080 -remote 172.17.0.100:80 -server user@example.com:22 -key ~/.ssh/id_rsa
      $ ssh -v -L8080:172.17.0.100:80 -p 22 -I ~/.ssh/id_rsa user@example.com
    
      $ mole -v -local 127.0.0.1:8080 -remote 172.17.0.100:80 -server example1
      $ ssh -v -L8080:172.17.0.100:80 example1
    
      $ mole -remote 172.17.0.100:80 -server example1
      $ ssh -L2937:172.17.0.100:80 example1
      NB Random port is predefined to be 2937, see https://xkcd.com/221/. Or use $RANDOM.
    
      $ mole -v -local :8080 -remote 172.17.0.100:80 -server example1
      $ ssh -L8080:172.17.0.100:80 example1
      NB difference with SSH, -L:8080... would bind the local port to 0.0.0.0:8080.
    
      $ mole -v -local 127.0.0.1:8080 -remote :80 -server example1
      $ ssh -L8080:127.0.0.1:80 example1
    
      $ mole -alias example1 -v -local :8443 -remote :443 -server user@example.com
      Add to SSH config: "LocalForward 8443 localhost:443"
    

I don't know if Mole supports it, but SSH also has the option to forward a
remote port through the local machine.

    
    
      home $ ssh -R8888:example.net:80 work.example.com
      ...
      work $ curl -H "Host: example.net" localhost:8888
    

But the most useful of all is perhaps:

    
    
      work $ ssh -D3128 personal-vm-or-raspberry-pi-whatever.example.net
    

Then configure Firefox to use a SOCKS proxy on localhost:3128. You now bypass
any corporate HTTP proxy.

~~~
darrenf
mole also doesn't seem to support DynamicForward for creating SOCKS proxies.
Mind you, I'm not sure how it could improve on native ssh for concision:

    
    
        ssh -D *:1080 work
    

Combined with a .pac file that proxies my work domain(s) through the tunnel,
it's all the forwarding I ever need.

ETA: largely redundant comment now the parent now also mentions this option.
:)

~~~
Symbiote
I think it's worth drawing attention to it. It's a very useful feature; just
don't tell the network administrators.

NB including

    
    
      *:
    

does mean _anyone_ on your local network (assuming a firewall at the gateway)
can use your computer to proxy to work. That's great if you're on a private
LAN and want to look at a work site on your phone, but not great at a coffee
shop.

------
fiatjaf
If you like this, but think that SSH tunnels are too complicated, I must
suggest that you try [https://www.zerotier.com/](https://www.zerotier.com/).

ZeroTier solves all your networking needs and much more, the thing is pure
power.

------
peterburkimsher
For web services, an alternative that doesn't require your own server is
localtunnel:

[https://localtunnel.github.io/www/](https://localtunnel.github.io/www/)

------
justaaron
because it is very difficult to type this instead?

ssh -L 21234:localhost:1234 bob@server.com

I will confess that I googled it numerous times until one day I realized how
silly and obvious it was and now it's burned into my brain...

------
mitchtbaum
What do you guys think of that cross-distro, Linux installation method?

curl -L [https://..](https://..). | tar xz -C /usr/local/bin

~~~
peterwwillis
This command actually fails if /usr/local/bin doesn't exist. He could simplify
it by releasing the binary alone and running `curl -L --create-dirs -o
/usr/local/bin/mole [https://...`](https://...`), but my guess is uncompressed
it's huge. (edit: _possible_ that the GitHub server would support `curl
--compressed ...`, allowing the HTTP connection to compress it in transit)

~~~
davrodpin
That is already supported:

curl -L
[https://github.com/davrodpin/mole/releases/download/v0.2.0/m...](https://github.com/davrodpin/mole/releases/download/v0.2.0/mole0.2.0.linux-
amd64.tar.gz) | tar xz -C /usr/local/bin

And there are plans to implement a script to improve this process:
[https://github.com/davrodpin/mole/issues/19](https://github.com/davrodpin/mole/issues/19)

------
donatj
I have a number of connections I need to maintain - e.g. have reopened
automatically - and I've been using Secure Pipes on Mac for a couple months
now, very happy with it.

[https://www.opoet.com/pyro/](https://www.opoet.com/pyro/)

------
cperciva
For many purposes, users may want to consider spiped as a simpler and more
reliable alternative.

------
loeg
This is maybe a nicer syntax around autossh, which just uses the ssh. And the
functionality is ssh's '-R' flag.

------
leowoo91
I guess we won't need IPv6 that much.

------
dschep
What about reverse & dynamic ssh tunnels? (ssh -R or ssh -D instead of ssh -L)

------
mbrumlow
So is ~C !!

~~~
deathanatos
Sadly, the tilde commands don't work at all if you're using ControlMaster.

------
dest
Very nice. I'd consider pinging the guys of OpenBSD to suggest upstreaming
this interesting, user friendly, syntax into SSH itself.

~~~
8fingerlouie
is the ssh syntax for doing the same thing really that bad ?

I find it easy to remember, it's just one flag (-L) with
local_port:remote_ip:remote_port

to forward local port 3306 to mysqlhost:3306:

    
    
        ssh -L 3306:mysqlhost:3306
    

The strength of using ssh is that you can forward multiple ports with the same
connection. i.e.

    
    
        ssh -L 3306:mysqlhost:3306 -L 8080:webhost:80

~~~
dest
If it's easy for you to remember ssh syntax, then for you ssh is the better
tool. As far as I'm concerned, I never remember the different syntax between
-L, -R, -D, etc. Always have to read a doc somewhere.

In the same topic, do you remember the syntax of tar? I don't.
[https://www.xkcd.com/1168/](https://www.xkcd.com/1168/)

~~~
8fingerlouie
I use tar daily, so yes, i remember the syntax :)

copy files from a to b:

    
    
        (cd /src && tar cf - .) | (cd /dest && tar xf -)
    
    

operations are easy :(c)reate, e(x)tract, (t)est options the same: (f)ile,
(v)erbose, g(z)ip compression. the only illogical ones is bzip2 compression
and xz compression with -j and -J

I think i can remember cpio syntax as well, though i haven't used that i a
decade, but did use it quite often in my old sysadm job.

copy files from a to b by piping :

    
    
        find /somewhere -print | cpio -o | (cd /destination && cpio -i)
    

or simply for all you kids:

    
    
        find /somewhere -print | cpio -p /destination

~~~
dest
Well, it turns out we have different expectations regarding those tools.

My brain chooses to store other things in life.

~~~
melq
This seems to imply that he is not 'storing other things in life' because he's
able to remember that L=local forwarding R=remote forwarding and D=socks proxy

~~~
colemickens
The irony being that remembering that is almost guaranteedly easier than
acquiring and installing mole on every machine where you may need to Port
forward.

------
Samin100
This is a fantastic tool! I've always had to reference a markdown file with
SSH tunnel syntax whenever I wanted to create one. I can see myself using this
quite a bit in the future.

~~~
viraptor
Is the syntax difference really that interesting? It's

    
    
        mole -local 127.0.0.1:3306 -remote 127.0.0.1:3306 -server example@172.12.0.100
    

vs

    
    
        ssh -L 3306:127.0.0.1:3306 example@172.12.0.100
    

With the extra installation of mole on top.

~~~
goliatone
This whole thread makes me think of Alan Cooper, and how he bashes developers
in The Inmates Are Running the Asylum basically as people out of touch with
the rest of humanity in that we got used to rudimentary tools and our love for
them and maybe the time and pain spent learning them makes us victim blame
users, not that your comment is doing that, but maybe we do that
unconsciously. I was going to comment on the whole persona thing he started
but it’s to early in the morning for such things

