Security

How to escape SSH sessions without ending them

A simple task on the local machine in the middle of using SSH to work on a remote machine does not have to mean ending the SSH session.

A simple task on the local machine in the middle of using SSH to work on a remote machine does not have to mean ending the SSH session.


The OpenSSH tool is ubiquitous in open source Unix-like environments. It started out as a project of the OpenBSD team, but eventually became almost everybody's favorite SSH client and server suite.

Among other things, it can provide a simple VPN, a secure proxy, and simply a remote administration tool. When working through an SSH connection, however, it can also get in the way if you need to do something on the local system. Occasionally, it may not be convenient to switch from one terminal session to another. For instance, if you are using someone else's computer to connect via SSH to a remote system, and you need to get the other person to log in every time you want to access another virtual terminal console, it can feel like more effort than it is worth to go to that effort. Another example might be if you are connected to an Internet-facing server, and from there are connected by another SSH session to a computer that does not face the Internet, and just need to do something on the Internet-facing server in the middle of working with the other remote system.

It turns out there is an escape character that tells OpenSSH you want to do something special. If your cursor is at the beginning of the line at a shell prompt, so that the immediately preceding character it has received from you is a newline, the tilde character (the ~ character) serves as an escape character that gives you the ability to perform some special tasks outside of the remote connection. Before executing any of these escape sequences, you might want to hit the Enter key just to make sure that the newline character is the last character sent to the shell before the tilde.

To temporarily suspend your SSH session, follow the escape character with the Control-Z sequence, just as you would suspend any other process running in a given shell session. No matter how many SSH "hops" you are using to reach a particular remote machine, this will suspend the SSH session from the local machine to the first remotely connected machine.

If you want to suspend only the second connection in a chain of more than one SSH session, follow your first ~ with another. Thus, to suspend your SSH connections at the local machine, enter ~^Z, where ^Z means "hold down the Control key and press the Z key". If, instead, you want to suspend the SSH connection on the first remote system to which you have connected, enter ~~^Z instead.

There are other escape sequences for OpenSSH as well. The ~? sequence will tell you what they are:

Supported escape sequences:

~. - terminate connection (and any multiplexed sessions)

~B - send a BREAK to the remote system

~C - open a command line

~R - Request rekey (SSH protocol 2 only)

~^Z - suspend ssh

~# - list forwarded connections

~& - background ssh (when waiting for connections to terminate)

~? - this message

~~ - send the escape character by typing it twice

(Note that escapes are only recognized immediately after newline.)

For those who are not fully familiar with command line job control, the way to bring a back-grounded job to the foreground -- that is, to once again access the SSH session you have suspended with ^Z, unsuspending it -- is to type fg at the shell prompt and hit the Enter key. Much more is possible with job control than this, as explained on a helpful page on the UC San Diego site: Job Control on UNIX systems.

About

Chad Perrin is an IT consultant, developer, and freelance professional writer. He holds both Microsoft and CompTIA certifications and is a graduate of two IT industry trade schools.

3 comments
JohnBoyNC
JohnBoyNC

Chad, the link to UCSD is broken....

mla_ca520
mla_ca520

Thanks! Good to know! Sure I'll use it this week in fact!

apotheon
apotheon

> Chad, the link to UCSD is broken.... So it was. It has been fixed. Thank you.