{"id":25668474,"url":"https://github.com/borud/tun","last_synced_at":"2026-05-17T02:03:16.357Z","repository":{"id":152621865,"uuid":"625941824","full_name":"borud/tun","owner":"borud","description":"multi-hop reverse proxy","archived":false,"fork":false,"pushed_at":"2023-08-02T12:24:13.000Z","size":13,"stargazers_count":4,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-02-24T10:43:48.075Z","etag":null,"topics":["golang","proxy","ssh","ssh-tunnel","tunneling","utility"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/borud.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-04-10T13:03:12.000Z","updated_at":"2024-02-11T10:24:23.000Z","dependencies_parsed_at":null,"dependency_job_id":"dd4dd1d7-a207-497e-a140-b26307c05409","html_url":"https://github.com/borud/tun","commit_stats":null,"previous_names":[],"tags_count":6,"template":false,"template_full_name":null,"purl":"pkg:github/borud/tun","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/borud%2Ftun","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/borud%2Ftun/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/borud%2Ftun/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/borud%2Ftun/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/borud","download_url":"https://codeload.github.com/borud/tun/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/borud%2Ftun/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33125182,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-16T18:38:32.183Z","status":"online","status_checked_at":"2026-05-17T02:00:05.366Z","response_time":107,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["golang","proxy","ssh","ssh-tunnel","tunneling","utility"],"created_at":"2025-02-24T10:34:10.757Z","updated_at":"2026-05-17T02:03:16.345Z","avatar_url":"https://github.com/borud.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# tun - multi-hop reverse proxy\n\n`tun` is a multi-hop reverse ssh proxy. When it starts it connects to a remote host via a chain of SSH servers.  It then creates a listen port on the last server in the chain.  Whenever a connection is made to this listen port, the connection is proxied back to the originating host and connected to a *target*.\n\n## Installing\n\nYou can install tun from using homebrew from the `borud/tools` tap.\n\n```shell\nbrew tap borud/tools\nbrew install tun\n```\n\nIf you have Go installed:\n\n```shell\ngo install github.com/borud/tun/cmd/tun@latest\n```\n\n## Example usage\n\n```shell\ntun --key ~/.ssh/tunkey                 \\\n    --via user@jump1.example.com:22     \\\n    --via user2@jump2.example.com:22    \\\n    --target localhost:22               \\\n    --remote-listen-addr localhost:2222\n```\n\n1. This first connects to `jump1.example.com`.\n2. Then `jump1.example.com` connects to `jump2.example.com`\n3. since `jump2.example.com` is last in the chain it opens a listen port on `localhost:2222`\n4. when connections are made to `localhost:2222` on `jump2.example.com` the connection\n   is proxied back to the starting host and connected to `localhost:22`\n\nThe `--via` command line options are applied in order and you can have as many of them as you like.  You must have at least one.\n\n## Tips\n\nWhen using this you may not want to run the tunneling through your login account on jump nodes. You should probably set up a dedicated user for tunneling. You can then limit what this account is allowed to do through the SSHD config.  \n\nLet's say we create a user `tun`.  You can then add some restrictions to what this user can do:\n\n```text\n# example of sshd config entry to neuter the tun user a bit.\nMatch User tun\n  PasswordAuthentication no\n  AllowTcpForwarding yes\n  GatewayPorts clientspecified\n  X11Forwarding no\n  AllowAgentForwarding no\n  ForceCommand /bin/false\n  Banner none\n  PrintLastLog no\n```\n\nYou may want to review if you want `GatewayPorts` to be `clientspecified`.  Also, be sure to add firewalling rules accordingly so that you do not expose your SSH endpoint unnecessarily.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fborud%2Ftun","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fborud%2Ftun","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fborud%2Ftun/lists"}