Ssh Setup a SSH Tunnel

From NovaOrdis Knowledge Base
Revision as of 03:10, 27 December 2018 by Ovidiu (talk | contribs)
Jump to navigation Jump to search

Internal

Overview

OpenSSH can be used to tunnel traffic from the local host to a remote host you have an account on.

Setting a Tunnel from a Local Port to a Port on a Remote Host

ssh -f -N [-p <remote-host-ssh-port>] [-i <identity-file>] \
  [remote-host-ssh-user]@<remote-host-address> \
  -L <local-port>:<remote-host-interface-to-forward-to>:<port-on-remote-host> 

The "-f" option tells ssh to go to background.

The "-N" option tells ssh to NOT execute any command on the remote system. If "-N" is omitted, the ssh tunnel will establish AND login.

The "-L" option specifies the tunnel details (local port, remote host interface, remote port, as described below).

The meaning of other arguments is the following:

  • -p <remote-host-ssh-port> may be used to specify a non-standard SSH port, if the SSH daemon on the remote host was configured to listen on a port other than 22.
  • -i <identity-file> may be used to specify a non-standard identity file, or the identity file for the remote user the connection is made for, if different from the local UNIX user that executes the command.
  • remote-host-ssh-user the user on the remote system the SSH connection is made on behalf of. IF missing, the UNIX user executing the command is implied.
  • remote-host-address the address of the remote system that runs the sshd daemon.
  • local-port the local port for which incoming traffic will be forwarded over the tunnel
  • remote-host-interface-to-forward-to the interface on the remote host traffic arriving over the tunnel will be forwarded to. A good choice is 127.0.0.1, if the service we want to forward to listen on that interface. If we forward to 127.0.0.1, iptables will usually allow the forwarded traffic, as iptables is commonly configured to allow local traffic.
  • port-on-remote-host the port on the remote-host-interface-to-forward-to to forward traffic arriving on the tunnel to.

Example:

ssh -f -N -p 2022 -i /home/bob/.ssh/id_rsa bob@bobshost.com -L 873:127.0.0.1:873