SSH Tunneling: Unix systems

From HiveWiki
Jump to: navigation, search

Introduction

Well, that would depend on whether you want to forward a remote port to your local machine, or forward a local port on your machine to a remote machine. I guess I'll touch on both here. This will be more or less specific to the OpenSSH implementation of the SSH protocol, but should be sufficient as an example. From there on, it should be simple enough to reference your favorite SSH client's manual page. And always remember kids, man is your friend ;)

Note: Seeing as this is actually quite straightforward, I am simply going to present an example command and the appropriate snippets from the man page on my machine. See above.

Local to remote port forwarding

kryptos@einstein:~$ ssh [-g] -L 10000:my.forwardtohost.com:25 luser@my.forwardhost.com

    -g      Allows remote hosts to connect to local forwarded ports.
    -L [bind_address:]port:host:hostport
            Specifies that the given port on the local (client) host is to be forwarded to the given
            host and port on the remote side.  This works by allocating a socket to listen to port on
            the local side, optionally bound to the specified bind_address.  Whenever a connection is
            made to this port, the connection is forwarded over the secure channel, and a connection
            is made to host port hostport from the remote machine.  Port forwardings can also be
            specified in the configuration file.  IPv6 addresses can be specified with an alternative
            syntax: [bind_address/]port/host/hostport or by enclosing the address in square brackets.
            Only the superuser can forward privileged ports.  By default, the local port is bound in
            accordance with the GatewayPorts setting.  However, an explicit bind_address may be used
            to bind the connection to a specific address.  The bind_address of ``localhost indi-
            cates that the listening port be bound for local use only, while an empty address or '*'
            indicates that the port should be available from all interfaces.

Remote to local port forwarding

kryptos@einstein:~$ ssh [-g] -R 10000:my.forwardtohost.com:25 luser@my.forwardhost.com

    -g      Allows remote hosts to connect to local forwarded ports.
    -R [bind_address:]port:host:hostport
            Specifies that the given port on the remote (server) host is to be forwarded to the given
            host and port on the local side.  This works by allocating a socket to listen to port on
            the remote side, and whenever a connection is made to this port, the connection is for-
            warded over the secure channel, and a connection is made to host port hostport from the
            local machine.
            Port forwardings can also be specified in the configuration file.  Privileged ports can
            be forwarded only when logging in as root on the remote machine.  IPv6 addresses can be
            specified by enclosing the address in square braces or using an alternative syntax:
            [bind_address/]host/port/hostport.
            By default, the listening socket on the server will be bound to the loopback interface
            only.  This may be overriden by specifying a bind_address.  An empty bind_address, or the
            address '*', indicates that the remote socket should listen on all interfaces.  Specify-
            ing a remote bind_address will only succeed if the server's GatewayPorts option is
            enabled (see sshd_config(5)).
Personal tools