Ssh Setup a SSH Tunnel: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
Line 26: Line 26:


The "-L" option specifies the tunnel details (local port, remote host interface, remote port, as described below).
The "-L" option specifies the tunnel details (local port, remote host interface, remote port, as described below).
====Other Arguments====


The meaning of other arguments is the following:
The meaning of other arguments is the following:

Revision as of 18:34, 4 January 2019

Internal

Overview

OpenSSH can be used to tunnel traffic from the local host to a remote host you have an account on.

Setting a Tunnel from a Local Port to a Port on a Remote Host

ssh -f -N [-p <remote-host-ssh-port>] [-i <identity-file>] \
  [remote-host-ssh-user]@<remote-host-address> \
  -L <local-port>:<remote-host-interface-to-forward-to>:<port-on-remote-host> 

Options:

-f

The "-f" option tells ssh to go to background.

-N

The "-N" option tells ssh to NOT execute any command on the remote system. If "-N" is omitted, the ssh tunnel will establish AND login.

-L

The "-L" option specifies the tunnel details (local port, remote host interface, remote port, as described below).

Other Arguments

The meaning of other arguments is the following:

  • -p <remote-host-ssh-port> may be used to specify a non-standard SSH port, if the SSH daemon on the remote host was configured to listen on a port other than 22.
  • -i <identity-file> may be used to specify a non-standard identity file, or the identity file for the remote user the connection is made for, if different from the local UNIX user that executes the command.
  • remote-host-ssh-user the user on the remote system the SSH connection is made on behalf of. IF missing, the UNIX user executing the command is implied.
  • remote-host-address the address of the remote system that runs the sshd daemon.
  • local-port the local port for which incoming traffic will be forwarded over the tunnel
  • remote-host-interface-to-forward-to the interface on the remote host traffic arriving over the tunnel will be forwarded to. A good choice is 127.0.0.1, if the service we want to forward to listen on that interface. If we forward to 127.0.0.1, iptables will usually allow the forwarded traffic, as iptables is commonly configured to allow local traffic.
  • port-on-remote-host the port on the remote-host-interface-to-forward-to to forward traffic arriving on the tunnel to.

Example

ssh -f -N -p 2022 -i /home/bob/.ssh/id_rsa bob@bobshost.com -L 873:127.0.0.1:873