BytesAgain is a curated directory of 60,000+ AI agent skills from ClawHub, GitHub, LobeHub, and Dify. Search skills by keyword in 7 languages, browse by role (developer, creator, trader, marketer) or by use case.

How do I find AI skills on BytesAgain?

Use the search bar on BytesAgain.com to search by keyword in 7 languages. You can also browse by role (developer, creator, trader, marketer) or by use case. Each skill shows install instructions for Claude, Cursor, OpenClaw, Continue, and more.

Yes, BytesAgain is completely free. No registration required for searching skills. The MCP API is also free with rate limits.

Does BytesAgain have an API for AI agents?

Yes! BytesAgain provides a free MCP SSE endpoint at /api/mcp/sse for AI agents, plus a REST API at /api/mcp?action=search&q= . No authentication needed.

Can I request a new AI skill on BytesAgain?

Yes! Visit the Requests page on BytesAgain.com to submit a skill request. Your request will be visible to the community and notified to the site admin.

🦀 ClawHub

SSH Tunnel

by @gitgoodordietrying

SSH tunneling, port forwarding, and remote access patterns. Use when setting up local/remote/dynamic port forwards, configuring jump hosts, managing SSH keys, multiplexing connections, transferring files with scp/rsync, or debugging SSH connection issues.

Versionv1.0.0

Downloads4,696

Installs22

Stars⭐ 7

#coding #legal

View on ClawHub →

TERMINAL

clawhub install ssh-tunnel

📖 About This Skill

name: ssh-tunnel description: SSH tunneling, port forwarding, and remote access patterns. Use when setting up local/remote/dynamic port forwards, configuring jump hosts, managing SSH keys, multiplexing connections, transferring files with scp/rsync, or debugging SSH connection issues. metadata: {"clawdbot":{"emoji":"🔑","requires":{"bins":["ssh"]},"os":["linux","darwin","win32"]}}

SSH Tunnel

SSH tunneling, port forwarding, and secure remote access. Covers local/remote/dynamic forwards, jump hosts, ProxyCommand, multiplexing, key management, and connection debugging.

When to Use

Accessing a remote database through a firewall (local port forward)

Exposing a local dev server to a remote machine (remote port forward)

Using a remote server as a SOCKS proxy (dynamic forward)

Connecting through bastion/jump hosts

Managing SSH keys and agent forwarding

Transferring files securely (scp, rsync)

Debugging SSH connection failures

Port Forwarding

Local forward (access remote service locally)

# Forward local port 5432 to remote's localhost:5432
Use case: access a remote PostgreSQL database as if it were local
ssh -L 5432:localhost:5432 user@remote-server
Then connect locally:
psql -h localhost -p 5432 -U dbuser mydb
Forward to a different host accessible from the remote
Remote server can reach db.internal:5432, but you can't
ssh -L 5432:db.internal:5432 user@remote-server
Forward multiple ports
ssh -L 5432:db.internal:5432 -L 6379:redis.internal:6379 user@remote-server
Run in background (no shell)
ssh -fNL 5432:db.internal:5432 user@remote-server
-f = background after auth
-N = no remote command
-L = local forward

Remote forward (expose local service remotely)

# Make your local port 3000 accessible on the remote server's port 8080
ssh -R 8080:localhost:3000 user@remote-server
On the remote: curl http://localhost:8080 → hits your local :3000
Expose to all interfaces on the remote (not just localhost)
Requires GatewayPorts yes in remote sshd_config
ssh -R 0.0.0.0:8080:localhost:3000 user@remote-server
Background mode
ssh -fNR 8080:localhost:3000 user@remote-server

Dynamic forward (SOCKS proxy)

# Create a SOCKS5 proxy on local port 1080
ssh -D 1080 user@remote-server
Route browser traffic through the tunnel
Configure browser proxy: SOCKS5, localhost:1080
Use with curl
curl --socks5-hostname localhost:1080 https://example.com
Background mode
ssh -fND 1080 user@remote-server

Jump Hosts / Bastion

ProxyJump (simplest, OpenSSH 7.3+)

# Connect through a bastion host
ssh -J bastion-user@bastion.example.com target-user@internal-server
Chain multiple jumps
ssh -J bastion1,bastion2 target-user@internal-server
With port forward through bastion
ssh -J bastion-user@bastion -L 5432:db.internal:5432 target-user@app-server

ProxyCommand (older systems, more flexible)

# Equivalent to ProxyJump but works on older OpenSSH
ssh -o ProxyCommand="ssh -W %h:%p bastion-user@bastion" target-user@internal-server

SSH Config for jump hosts

# ~/.ssh/config
Bastion host
Host bastion
    HostName bastion.example.com
    User bastion-user
    IdentityFile ~/.ssh/bastion_key
Internal servers (automatically use bastion)
Host app-server
    HostName 10.0.1.50
    User deploy
    ProxyJump bastion
Host db-server
    HostName 10.0.2.30
    User admin
    ProxyJump bastion
    LocalForward 5432 localhost:5432
Now just: ssh app-server
Or: ssh db-server (auto-forwards port 5432)

SSH Config Patterns

Essential config

# ~/.ssh/config
Global defaults
Host *
    ServerAliveInterval 60
    ServerAliveCountMax 3
    AddKeysToAgent yes
    IdentitiesOnly yes
Named hosts
Host prod
    HostName 203.0.113.50
    User deploy
    IdentityFile ~/.ssh/prod_ed25519
    Port 2222
Host staging
    HostName staging.example.com
    User deploy
    IdentityFile ~/.ssh/staging_ed25519
Wildcard patterns
Host *.dev.example.com
    User developer
    IdentityFile ~/.ssh/dev_key
    StrictHostKeyChecking no
    UserKnownHostsFile /dev/null

Connection multiplexing (reuse connections)

# ~/.ssh/config
Host *
    ControlMaster auto
    ControlPath ~/.ssh/sockets/%r@%h-%p
    ControlPersist 600
First connection opens socket, subsequent connections reuse it
Much faster for repeated ssh/scp/rsync to same host

# Create socket directory
mkdir -p ~/.ssh/sockets
Manually manage control socket
ssh -O check prod       # Check if connection is alive
ssh -O stop prod        # Close the master connection
ssh -O exit prod        # Close immediately

Key Management

Generate keys

# Ed25519 (recommended — fast, secure, short keys)
ssh-keygen -t ed25519 -C "user@machine" -f ~/.ssh/mykey_ed25519
RSA 4096 (wider compatibility)
ssh-keygen -t rsa -b 4096 -C "user@machine" -f ~/.ssh/mykey_rsa
Generate without passphrase (for automation only)
ssh-keygen -t ed25519 -N "" -f ~/.ssh/deploy_key

Deploy keys

# Copy public key to remote server
ssh-copy-id -i ~/.ssh/mykey_ed25519.pub user@remote-server
Manual (if ssh-copy-id unavailable)
cat ~/.ssh/mykey_ed25519.pub | ssh user@remote-server "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"

SSH Agent

# Start agent (usually auto-started)
eval "$(ssh-agent -s)"
Add key to agent
ssh-add ~/.ssh/mykey_ed25519
Add with expiry (key removed after timeout)
ssh-add -t 3600 ~/.ssh/mykey_ed25519
List loaded keys
ssh-add -l
Remove all keys
ssh-add -D
Agent forwarding (use your local keys on remote hosts)
ssh -A user@remote-server
On remote: ssh git@github.com  → uses your local key
SECURITY: only forward to trusted hosts

File permissions

# SSH is strict about permissions. Fix common issues:
chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_ed25519          # Private key
chmod 644 ~/.ssh/id_ed25519.pub      # Public key
chmod 600 ~/.ssh/config
chmod 600 ~/.ssh/authorized_keys

File Transfer

scp

# Copy file to remote
scp file.txt user@remote:/path/to/destination/
Copy from remote
scp user@remote:/path/to/file.txt ./local/
Copy directory recursively
scp -r ./local-dir user@remote:/path/to/
Through jump host
scp -o ProxyJump=bastion file.txt user@internal:/path/
With specific key and port
scp -i ~/.ssh/mykey -P 2222 file.txt user@remote:/path/

rsync over SSH

# Sync directory (only changed files)
rsync -avz ./local-dir/ user@remote:/path/to/remote-dir/
Dry run (preview changes)
rsync -avzn ./local-dir/ user@remote:/path/to/remote-dir/
Delete files on remote that don't exist locally
rsync -avz --delete ./local-dir/ user@remote:/path/to/remote-dir/
Exclude patterns
rsync -avz --exclude='node_modules' --exclude='.git' ./project/ user@remote:/deploy/
With specific SSH options
rsync -avz -e "ssh -i ~/.ssh/deploy_key -p 2222" ./dist/ user@remote:/var/www/
Resume interrupted transfer
rsync -avz --partial --progress large-file.tar.gz user@remote:/path/
Through jump host
rsync -avz -e "ssh -J bastion" ./files/ user@internal:/path/

Connection Debugging

Verbose output

# Increasing verbosity levels
ssh -v user@remote       # Basic debug
ssh -vv user@remote      # More detail
ssh -vvv user@remote     # Maximum detail
Common issues visible in verbose output:
"Connection refused" → SSH server not running or wrong port
"Connection timed out" → Firewall blocking, wrong IP
"Permission denied (publickey)" → Key not accepted
"Host key verification failed" → Server fingerprint changed

Test connectivity

# Check if SSH port is open
nc -zv remote-host 22
or
ssh -o ConnectTimeout=5 -o BatchMode=yes user@remote echo ok
Check which key the server accepts
ssh -o PreferredAuthentications=publickey -v user@remote 2>&1 | grep "Offering\|Accepted"
Test config without connecting
ssh -G remote-host   # Print effective config for this host

Common fixes

# "WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED"
Server was reinstalled / IP reassigned
ssh-keygen -R remote-host   # Remove old fingerprint
ssh user@remote-host        # Accept new fingerprint
"Too many authentication failures"
SSH agent is offering too many keys
ssh -o IdentitiesOnly=yes -i ~/.ssh/specific_key user@remote
"Connection closed by remote host"
Often: MaxSessions or MaxStartups limit on server
Or: fail2ban banned your IP
Tunnel keeps dying
Add keepalive in config or command line:
ssh -o ServerAliveInterval=30 -o ServerAliveCountMax=5 user@remote
Permission denied despite correct key
Check remote: /var/log/auth.log or /var/log/secure
Common: wrong permissions on ~/.ssh or authorized_keys

Kill stuck SSH sessions

# If SSH session hangs (frozen terminal):
Type these characters in sequence:
~.          # Disconnect
~?          # Show escape commands
~#          # List forwarded connections
~&          # Background SSH (when waiting for tunnel to close)
The ~ must be the first character on a new line (press Enter first)

Tips

Use ~/.ssh/config for everything. Named hosts with stored settings are faster and less error-prone than typing long commands.

Ed25519 keys are preferred over RSA. They're shorter, faster, and equally secure.

Connection multiplexing (ControlMaster) makes repeated connections instant. Enable it globally.

rsync is almost always better than scp for anything beyond a single file. It handles interruptions, only transfers changes, and supports compression.

Agent forwarding (-A) is convenient but a security risk on untrusted servers. The remote host can use your agent to authenticate as you. Prefer ProxyJump instead.

ServerAliveInterval 60 in config prevents most "broken pipe" disconnections.

Keep your ~/.ssh/config organized with comments. Future-you will appreciate it.

The ~. escape sequence is the only way to kill a stuck SSH session without closing the terminal.

⚡ When to Use

Trigger	Action
- Exposing a local dev server to a remote machine (remote port forward)
- Using a remote server as a SOCKS proxy (dynamic forward)
- Connecting through bastion/jump hosts
- Managing SSH keys and agent forwarding
- Transferring files securely (scp, rsync)
- Debugging SSH connection failures

📋 Tips & Best Practices