== Tunneling ==
	To tunnel, use `ssh -L :: user@remote`
	When an application is listening only on localhost on the remote machine
	we have to specify localhost for the  field:
	`ssh -L :127.0.0.1: user@remote`
	this allows acessing even localhost restricted ports on the remote system
    via localhost on our local machine

== Reverse tunneling ==
	To allow the remote computer to connect to our local computer
	on a specific port, we use `-R` instead of `-L`
	`ssh -R :localhost: user@remote`
	This allows the remote computer to connect back to us on a specific
	port.
	
	For example, to allow a remote computer to connect back to our
	local computer which is running postgresql on port 5432,
	we can issue the following command to achive this
	`ssh -R 5432:localhost:5342 user@remote`
	now when the remote machine connects to its own 'localhost' then
	it will tunnel the connection back to us.
	
== Usefull params ==
	`-f` - go to background, usefull for setting up tunnels
	`-N` - do not execute a remote command. usefull for just forwarding ports
	`-L` - tunneling, see above
	
== Agent forwarding ==
	(from stackoverflow)
	
    Create ~/.ssh/config

    Fill it with (host address is the address of the host you want to allow creds to be forwarded to):

    Host [host address]
         ForwardAgent yes

    If you haven't already run ssh-agent, run it:

    ssh-agent

    Take the output from that command and paste it into the terminal. This will set the environment variables that need to be set for agent forwarding to work. Optionally, you can replace this and step 3 with:

    eval "$(ssh-agent)"

    Add the key you want forwarded to the ssh agent:

    ssh-add [path to key if there is one]/[key_name].pem

    Log into the remote host:

    ssh -A [user]@[hostname]

    From here, if you log into another host that accepts that key, it will just work:

    ssh [user]@[hostname]

== Interesting vulns ==

Library loading on local machine with ssh -A
and ssh-add -s ../evil_lib.so
https://www.exploit-db.com/exploits/40963