SSH port forwarding

SSH Port Forwarding is a mechanism in SSH for tunneling application ports from the client machine to the server machine, or vice versa.

Suppose we wish to visit a port on a remote machine that is behind a firewall; we can use SSH port forwarding to bind that port to our local machine.

Assume the remote host is "remote.example.com". To visit the server remotely, check the file "/etc/ssh/sshd_config" and ensure the option "AllowTcpForwarding" is not set to "no".

Since the default setting for "AllowTcpForwarding" is "yes", you can simply ignore this option if it's not present.

Then, you can type the command on your local machine as follows:

ssh -L 9090:localhost:9091 \
    -L 9190:localhost:9191  \
    username@remote.example.com

In this case, it will forward the stream from remote.example.com:9091 to localhost:9090, and from remote.example.com:9191 to localhost:9190.

For remote port forwarding, which is the opposite of local port forwarding, you can use the ssh -R command. This is useful when you want to access a service on your local machine from a remote server, but the local service is not exposed to the internet.

To set up remote port forwarding, you would use the following command:

ssh -R 3333:localhost:22 \
    username@remote.example.com

This command forwards your local machine's port 22 (commonly used for SSH) to port 3333 on the remote server. After establishing the connection, you can access your local SSH service by connecting to remote.example.com on port 3333.

When you need to securely copy files to or from a remote server that is running SSH on a non-standard port, you can use the scp command with the -P flag to specify the port number.

Here's how you can use scp with a custom port:

scp -P 3333 user@remote.example.com:/path/to/remote/file \
    /path/to/local/destination

This command copies a file from the remote server's /path/to/remote/file to the local destination path, connecting to the remote server on port 3333.

In conclusion, SSH port forwarding is a versatile tool for creating secure tunnels to access services that are behind firewalls or not directly exposed to the internet. By combining ssh -L, ssh -R, and scp -P, you can tailor your SSH connections to fit a variety of networking scenarios, ensuring secure and efficient data transfer.

For more detailed examples and information on SSH tunneling, please refer to this page. It provides additional context and examples that can help you understand and implement SSH port forwarding in various situations.

# ssh -f -L 8888:localhost:80 root@10.199.69.2 -N
root@10.19.69.2's password: xxxxx 

# netstat -a -n -p | grep 8888
tcp   0   0 127.0.0.1:8888   0.0.0.0:*   LISTEN 15981/ssh
tcp   0   0 ::1:8888         :::*        LISTEN 15981/ssh 

# ps -ef | grep 15981
root 15981 1 0 08:38 ? 00:00:00 ssh -f -L 8888:localhost:80 root@10.199.69.2 -N 

# curl -I http://127.0.0.1:8888
HTTP/1.1 200 OK
Date: Tue, 28 Jan 2020 14:57:26 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Mon, 27 Jan 2020 16:49:16 GMT
ETag: "160096-2c-59d21e3517f9e"
Accept-Ranges: bytes
Content-Length: 44
Connection: close
Content-Type: text/html; charset=UTF-8