SSH Tunnel Gateway
Use This Skill When
- •The task is about
ssh-tunnel-gateway. - •The user needs to run or debug
ssh-tunnel-serverorssh-tunnel-agent. - •The user needs deployment guidance for SSH transport, control plane, or systemd.
Workflow
- •Confirm mode:
- •Standard mode (HTTP control endpoint + SSH data plane).
- •
--over-sshmode (SSH alias driven path).
- •Collect required runtime values:
- •Control endpoint, SSH host/users, key path, and state path.
- •Provide foreground commands first for validation, then systemd units.
- •Validate with logs:
- •Register and heartbeat events, stable
agent_id, expectedport_b.
- •Register and heartbeat events, stable
- •If release work is requested, follow
references/operations.md.
Default Runtime Paths
- •State directory:
~/.ssh-tunnel - •Session file:
~/.ssh-tunnel/session.json - •Key file:
~/.ssh-tunnel/agent.pem - •Agent id file:
~/.ssh-tunnel/agent_id - •Lease cleanup TTL:
7days (LEASE_TTL_DAYS)
Critical Rules
- •Keep SSH native (
ProxyJump, standard ssh config, standard sshd behavior). - •
--over-ssh <alias>must match an alias in SSH config. - •In
--over-sshmode:- •Use alias directly as destination (do not force
user@alias). - •Use only the port from
API_URL; host comes from SSH alias.
- •Use alias directly as destination (do not force
References
- •Operational details and release checklist:
references/operations.md