Difference between revisions of "SSH"

SSH port forwarding is a magical technique that allows you to tunnel a port over ssh to a remote machine. It is useful in traversing firewalls and suchlike.

Tunneling ports to the local machine

To tunnel a remote port to a port on the local machine use ssh -L.

 ssh -L [bind_address:]port:host:hostport remote_host

bind_address is optional and can be used to bind to a specific IP on the local machine (defaults to loopback).

For example, if I wanted to do X11 forwarding over a firewall:

 ssh -L 6000:myworkstation.work:6000 firewall.work

This would create a ssh connection to the firewall firewall.work, open a tunnel through to myworkstation.work on port 6000 and open a port on the local machine (the one you ran the ssh command from) on port 6000(which might be a bad idea for X11).

Tunneling ports to a remote machine

SSH -R allows you to create a tunnel to a remote machine, and expose a service there.

 ssh -R [bind_address:]port:host:hostport remote_host

Again, bind_address is the address to bind to and again it defaults to the loopback.

For example, if you wanted to expose your work machine to home (and you had a box that had internet facing ssh access).

 ssh -R 6000:myworkstation.work:6000 gateway.home

Then, port 6000 on your gateway at home is tunneled to port 6000 on your machine at work.

Additional Notes

The machine you're forwarding to doesn't have to be the local machine. Any machine you can ssh to from the machine you're running the ssh command on can be the destination or target of the forwarding.