SSH port forwarding

Published by Yu on

SSH port forwarding is a mechanism in SSH for tunneling application ports from the client machine to the server machine, or vice versa.

Suppose we wish to visit a port in remote but behind the firewall, we can use SSH port forwarding to bind that port into local.

Assume the host in remote is "remote.example.com". Please visit the server in remote, and check the file "/etc/ssh/sshd_config", and make sure the option "AllowTcpForwarding" is not "no".

Since the default option for "AllowTcpForwarding" is "yes", you can simply ignore this option if you can not find this option.

And then, you can type the command in local as follow:

ssh -L 9090:localhost:9091 \
    -L 9190:localhost:9191  \
    username@remote.example.com

In this case, it will forward the stream from remote.example.com:9091 to localhost:9090, and from remote.example.com:9191 to localhost:9190.

Please refer to this page for more examples.

Categories: Code
Tags:

Yu

Ideals are like the stars: we never reach them, but like the mariners of the sea, we chart our course by them.

1 Comment

Alex · November 30, 2020 at 17:28

Firefox 83.0 Firefox 83.0 Mac OS X 10.14 Mac OS X 10.14

yes, tunneling is cool:
1. create local tunnel

# ssh -f -L 8888:localhost:80 root@10.199.69.2 -N
root@10.19.69.2's password: xxxxx

2. check listening post

# netstat -a -n -p | grep 8888
tcp   0   0 127.0.0.1:8888   0.0.0.0:*   LISTEN 15981/ssh
tcp   0   0 ::1:8888         :::*        LISTEN 15981/ssh

3. verify ssh process by its PID

# ps -ef | grep 15981
root 15981 1 0 08:38 ? 00:00:00 ssh -f -L 8888:localhost:80 root@10.199.69.2 -N

4 . send HTTP request to 10.199.69.2 server via tunneling

# curl -I http://127.0.0.1:8888
HTTP/1.1 200 OK
Date: Tue, 28 Jan 2020 14:57:26 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Mon, 27 Jan 2020 16:49:16 GMT
ETag: "160096-2c-59d21e3517f9e"
Accept-Ranges: bytes
Content-Length: 44
Connection: close
Content-Type: text/html; charset=UTF-8
Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts
Code

Nginx: worker_connections are not enough, reusing connections

We meet an error log on nginx: worker_connections are not enough, reusing connections. To resolve this issue, here is my working solution according to the references:
Code

fstab 文件格式检查

我们通常编辑 /etc/fstab 来确定启动时候挂载的硬盘, swap 等. 若文件内容有误, 重启后的效果就是直接挂了, 然后必须通过安全模式或者单用户模式进去修改, 这很麻烦. 可否不重启就检查下 fstab 呢? 答案是可以的.
Code

Gracefully shutdown a http server in golang

To gracefully shutdown a http server requires a few steps. The http library's serving function will block over there when getting started, until we call http.Server.Close(). As for us, we can invoke the starting function Read more…