Ssh Setup a SSH Tunnel
Jump to navigation
Jump to search
Internal
Overview
OpenSSH can be used to tunnel traffic from the local host to a remote host you have an account on. For ssh tunneling concepts, see:
Setting a Tunnel from a Local Port to a Port on a Remote Host
ssh -f -N [-p <remote-host-ssh-port>] [-i <identity-file>] \ [remote-host-ssh-user]@<remote-host-address> \ -L <local-port>:<remote-host-interface-to-forward-to>:<port-on-remote-host-to-forward-to>
Options:
-f
The "-f" option tells ssh to go to background.
-N
The "-N" option tells ssh to NOT execute any command on the remote system. If "-N" is omitted, the ssh tunnel will establish AND login.
-L
The "-L" option specifies the tunnel details (local port, remote host interface, remote port, as described below).
Other Arguments
The meaning of other arguments is the following:
- -p <remote-host-ssh-port> may be used to specify a non-standard SSH port, if the SSH daemon on the remote host was configured to listen on a port other than 22.
- -i <identity-file> may be used to specify a non-standard identity file, or the identity file for the remote user the connection is made for, if different from the local UNIX user that executes the command.
- remote-host-ssh-user the user on the remote system the SSH connection is made on behalf of. IF missing, the UNIX user executing the command is implied.
- remote-host-address the address of the remote system that runs the sshd daemon.
- local-port the local port for which incoming traffic will be forwarded over the tunnel
- remote-host-interface-to-forward-to the interface on the remote host traffic arriving over the tunnel will be forwarded to. A good choice is 127.0.0.1, if the service we want to forward to listen on that interface. If we forward to 127.0.0.1, iptables will usually allow the forwarded traffic, as iptables is commonly configured to allow local traffic.
- port-on-remote-host-to-forward-to the port on the remote-host-interface-to-forward-to to forward traffic arriving on the tunnel to.
Connection Keep-Alive
-o TCPKeepAlive=yes -o ServerAliveInterval=30
Example
ssh -f -N -p 2022 -i /home/bob/.ssh/id_rsa bob@bobshost.com -L 873:127.0.0.1:873