Episode: 3855
Title: HPR3855: SSH (or OpenSSH) Escape Sequences
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr3855/hpr3855.mp3
Transcribed: 2025-10-25 06:41:03

---

This is Hacker Public Radio Episode 3855 for Friday the 12th of May 2023.
Today's show is entitled SSH or Open SSH Escape Sequences.
It is hosted by Claudio Miranda and is about 10 minutes long.
It carries a clean flag.
The summary is Claudio talks about Open SSH Escape Sequence Features.
Hey Hacker Public Radio, this is Claudio Miranda, aka Claudio M.
And I wanted to talk to you today about Open SSH, specifically SSH Escape Sequences,
something that I learned about recently.
But it seems that I sort of already knew this after learning how to terminate an active SSH connection.
So the way you would terminate an SSH, an active, or quote unquote, active SSH connection, is you would hit enter during your session, followed by a tilde and a period, and that terminates the connection.
Now, when you'd want to use this, in the event that you have a disconnect between you and the remote SSH server, before what I would do is I would just close out the terminal and open it again since I was in a GUI, and then just reconnect.
And if you're not using a GUI and you're in a standard Linux or BSD installation at the console, you would just switch to another virtual console and then reconnect again.
I mean, that's kind of the roundabout way of doing. It's a long way of doing.
But there are times where you don't have access to other options or other virtual consoles.
For example, my Raspberry Pi, when I was running NetBSD on it, it only had one console.
So if I had a SSH session going, and I would lose the connection, I basically have to restart the Raspberry Pi, and I didn't want to do that.
So I came to learn some time ago about the enter tilde period escape sequence to terminate the connections, and it's helped me a lot.
But I always wondered if there were any other escape sequence commands that I could pass through.
Well, after listening to episode 504 of BSD now, which is the latest episode as of this recording,
they discussed an article that goes into some detail about these SSH escape sequences.
And if you hit enter during your active SSH session, you hit enter, followed by tilde, followed by a question mark, you get a list of commands or possible escape sequences that you can enter during your SSH session.
And this, for me, was just a gold mine because I wanted to find out if that was even possible.
Because I only thought that other command and the determining command was the only option.
But apparently there's a few more.
And I'm going to put a link to the BSD now episode along with the article that they discussed in the show notes,
as well as another article I found from Sands that goes into some other details and includes some other commands that aren't listed in the first article that I'll be posting.
It seems that the open SSH client, the escape sequences differ on the operating systems you're using.
So the ones listed on BSD are different from those on Linux and they're different from a few others.
Right now I'm looking at my open BSD session. I'm SSH to another machine from my Open BSD machine.
And I have a list of commands here when I do the enter till the question mark.
And it gives me the following possible escape sequence commands.
So the first one shown is till the period which I already spoke about and that's to remain the connection your SSH connection to the remote server.
Then there's till the uppercase B as in Bravo. It sends a break to the remote system.
After that is till the uppercase R and that requests a re-key with the remote server.
Then following that is till the uppercase V and lowercase V and that's V as in Victor on both.
And it decreases slash increases verbosity for the log level.
Then after that is till the carrot uppercase Z or Z.
And then the carrot symbol usually means control. So it would be till the control uppercase Z or Z to suspend the SSH session.
Then after that one is till the octathorp and if you don't know what an octathorp is it's the pound sign or the hash sign.
That lists all your forwarded connections. After that is till the ampersand or the end symbol.
That one backgrounds your SSH session when waiting for connections to terminate.
And then you have the till the question mark which brings up the help message that I'm reading out right now.
Now there is another command at the end that's till the till the which sends the escape character by typing it twice.
So if you think about an escape character on the command shell on a bash shell or on any type of shell it's usually the backslash.
For example if you want your text that are read to open up a file that has a space in it for the name like readspaceme.txt then you would have to put a backslash before that space between read and me in order to have the text editor interpret the space as part of the file name.
So it's similar to that that that till the escape sequence for SSH so you would do till the till that actually send the till the character as the command.
And it says note that escapes are only recognized immediately after new line and the new line is when you hit enter.
So it would be enter till the and then whatever letter command or command combination you want to enter to type.
Now that's on this open BSD machine. On my Linux machine I actually have another one another command that's listed another escape sequence which is till the capital C as in cat.
So that opens a command line and by opening a command line it actually opens an SSH prompt so you will get an SSH with a greater than symbol and then in that you can enter another command.
Like for example if you want to set up you want to do a port forwarding or do a proxy or something like that without having to terminate the SSH session and typing it in again to reconnect you can do it on the active session dynamically.
You would do a enter till the capital C and then it will drop you to the SSH prompt and then you would add whatever the switch is like let's say if you wanted to do you wanted to add a socks proxy on port 9001 retroactively.
You would drop once you're in that prompt you would type dash capital D 9001 so and that would that'll show that once you hit enter after that it'll start forwarding that port to the active session without having to disconnect it which is kind of neat that you can pass those commands that way to an active session.
There are a few other ones listed here on the Sands article. Let me see if there's any other different ones. No they're pretty much the same with the exception of the till the capital C.
So if you want to see what's running on your site or what escape sequence options you have on your system just start a SSH connection to something and then hit enter till the question mark to see what your supported escape sequences are.
So I hope this was helpful to you. I know this was very helpful for me in learning all the escape sequences play around with them. I just kind of read through the other ones and I tried them but I didn't really see exactly what they did.
For example the rekey one and the break I tried those and I didn't notice much of anything so maybe it's something I'm missing on my end but play around with those options and see what they do for you and hopefully they'll be of use to you as you you know while you're using your active sessions.
And also be sure to record an episode for Hacker Public Radio. We can always use some more shows and more people recording shows. So again I hope this was helpful and I will talk to you soon. Bye bye.
Thanks for watching and I'll see you in the next video.