tunn: Declarative SSH Tunnel Management for Modern Developers

For developers juggling remote databases, Kubernetes clusters, and internal APIs, SSH tunneling is a daily necessity. Yet managing multiple tunnels with complex ssh -L commands quickly becomes unwieldy. Enter tunn, a new open-source tool that transforms tunnel management from a fragmented chore into a declarative workflow.

The SSH Tunnel Pain Point

Manually configuring SSH tunnels requires remembering remote hosts, port mappings, and authentication details—a recipe for errors. When workflows involve several tunnels (e.g., connecting to PostgreSQL, Redis, and a backend API simultaneously), developers often resort to brittle shell scripts or split terminals. Neither solution scales elegantly, especially when tunnels need to run persistently in the background.

How tunn Revolutionizes Tunnel Management

tunn replaces command-line chaos with a clean YAML configuration:

# ~/.tunnrc
tunnels:
  api:
    host: myserver
    ports:
      - 3000:3000
      - 4000:4001

  db:
    host: database
    ports:
      - 3306:3306  # MySQL
      - 5432:5432  # PostgreSQL

Key features that set tunn apart:

Parallel Execution: All tunnels launch concurrently, eliminating sequential startup delays
Daemon Mode: Run tunnels in the background with tunn --detach and monitor status via tunn status
Native SSH Integration: Leverages your existing ~/.ssh/config and keys—no reinvention of authentication
Per-Port Process Isolation: Each port mapping runs as a separate process (enabling future granular controls)
Selective Activation: Start specific tunnels by name (e.g., tunn api db)

Practical Workflow Integration

After installing via a one-line script or Go build, developers define tunnels once in ~/.tunnrc. Daily usage becomes strikingly simple:

# Start all tunnels in the background
tunn --detach

# Check active tunnels and ports
tunn status
# Output: 
# [api]
#   3000 ➜ 3000 [active]
#   4000 ➜ 4001 [active]

# Stop daemon cleanly
tunn stop

Since tunn spawns native ssh processes, it respects SSH Agent forwarding, jump hosts, and other advanced configurations. The daemon’s runtime state (PID, logs, socket) is managed in $XDG_RUNTIME_DIR/tunn with automatic cleanup.

Why This Matters for Development Velocity

By abstracting tunnel management, tunn eliminates cognitive load during development. Teams can:
1. Standardize environments: Share .tunnrc configurations via version control
2. Reduce errors: Avoid mistyped port mappings that break local testing
3. Simplify onboarding: New developers connect to all services with one command

Current limitations include Linux/macOS-only support (Windows is planned) and a dependency on OpenSSH—but these are conscious tradeoffs for compatibility with existing security workflows.

The Bigger Picture

Tools like tunn represent a growing trend: specialized utilities that solve specific developer pain points without reinventing underlying protocols. Instead of wrapping SSH in heavyweight containers or custom networking layers, tunn embraces the Unix philosophy by composing with existing tools. For teams drowning in port-forwarding complexity, this minimalist approach might just be the lifeline they need.

Source: tunn GitHub Repository

#SSHManagement #DeveloperTools #GoLang