Related: "Enter" then ~ then "C" will open a command prompt that allows to add/close port forwardings. There others. Try "Enter" then ~ then "?".

Also related: if you use ControlMaster, then the master session takes over any port forwardings defined in new shared sessions. So you can “ssh host” once to establish the master, then “ssh host -L… -R…” to make port forwardings in new shared connections; the shared sessions can be closed and the forwardings will stay active so long as the master doesn’t close.

Is that documented as intentional? Seems weird to me that the process shutdown wouldn't tear down the forwarding

This is a great tip that I use all the time.

To be more precise ~ is the default ssh escape character. It is only treated as the ssh escape character if it is at the beginning of a new line. From the ssh(1):

> The escape character followed by a dot (`.') closes the connection; followed by control-Z suspends the connection; and followed by itself sends the escape character once.

And if you're deeper in nested SSH sessions you can use a number of ~s to indicate which one to kill.

There's more commands than the dot too but I admit I forgot the others

Ahhh that would explain why it didn't feel consistent for me, since I use ProxyCommand to hop through another box most of the time. I usually need to do that key sequence twice. But I guess now I know I just need the tilde twice.

I think the ProxyJump config option will help you.

ProxyJump (or the -J option as a shortcut) plus TCP port forwarding (-L/-R) is ridiculously powerful. You can chain jump hosts with commas, threading a port forward deep into (or out of) multiple server hops with a single command.

Also,

~?

will print a list of the available escape sequences.

That needs an enter first? That might explain why I've always found ~. to be so unreliable

It is so that you don't quit every time you paste "foobar~.baz" through the terminal.

it's because the escape character is only recognized at the beginning of a line

For those of us in the dead key land (using AltGr to type ~), remember to hit space after typing out the ~, otherwise it won't register properly.

I did not need to type the space. Just AltGr ~ (nothing is output) and then .

It can also be used for nested connections. E.g. if you SSH to server A, and then from server A to server B, ~. will kill the session on B. Alternatively, ~~. will kill the session on A.

EDIT: I started distrusting my memory here and went hunting, it appears my memory has the escape nesting backwards https://lgfang.github.io/computer/2009/05/08/quit-nested-ssh...

Documented in ssh(1), section "ESCAPE CHARACTERS".

somebody should find a way to map +++ATH0 to that same sequence for fun

And then some random garbage and NO CARRIER to confirm the disconnection :)

It was [wait]+++[wait] and then ATH or ATH0 by the way, on a modem that implemented the Hayes command set correctly. To avoid at least some inadvertent triggering of this in-band signalling.

The "wait" was patented by Hayes. https://en.wikipedia.org/wiki/Time_Independent_Escape_Sequen...

Thank you! I will be doing a lot less "<return><return><return>...wait for connection to timeout"!

Whoa... I was today days old when I learnt this.

Thank you. I remember hearing about this but couldn’t remember the sequence! I tried spamming ~ but gave up when it didn’t work

You could have looked it up. It's under ESCAPE CHARACTERS in the man-page :)

Woah. I recently saw this shortcut when I discovered tmate. Didn't realise it was a general ssh thing. Good to know!

is this the same as hitting CTRL-D?

>> "Enter" then ~ then . will kill a hung SSH connection

> is this the same as hitting CTRL-D?

No. ^d is a character that is sent to the remote shell (bash, zsh, etc) to tell it to exit. ~. is something for the SSH client to tell it to cut the connect if (e.g.) the shell has hung.

Thing of it like working at different OSI layers: ^d is HTTP, while ~. is like TCP or IP.

amazing tip, needed this today!