Linux Horizon

SSH Port Forwarding (SSH Tunneling)

Hacker Emblem
ssh -L localport:host:hostport user@ssh_server -N 
-L - port forwarding parameters (see below) 
localport - local port (chose a port that is not in use by other service) 
host - server that has the port (hostport) that you want to forward 
hostport - remote port 
-N - do not execute a remote command, (you will not have the shell, see below) 
user - user that have ssh access to the ssh server (computer) 
ssh_server - the ssh server that will be used for forwarding/tunneling 

Without the -N option you will have not only the forwardig port but also the remote
 shell. Try with and without it to see the difference. 

1. Privileged ports (localport lower then 1024) can only be forwarded by root. 
2. In the ssh line you can use multiple -L like in the example... 
3. Of course, you must have ssh user access on secure_computer and moreover 
   the secure computer must have access to host:hostport 
4. Some ssh servers do not allow port forwarding (tunneling). See the sshd man 
   pages for more about port forwarding (the AllowTcpForwarding keyword is set to 
   NO in sshd_config file, by default is set to YES)... 

ssh -L user@computer -N 
ssh -L -L \ user@computer -N 
The second example (see above) show you how to setup your ssh tunnel for web, pop3
and smtp. It is useful to recive/send your e-mails when you don't have direct access
to the mail server. 
For the ASCII art and lynx browser fans here is illustrated the first example: 

   +----------+<--port 22-->+----------+<--port 80-->o-----------+ 
   |SSH Client|-------------|ssh_server|-------------|   host    | 
   +----------+             +----------+             o-----------+ 
  localhost:8888              computer 

...And finally: 
Open your browser and go to http://localhost:8888 to see if your tunnel is working. 
That's all folks! 

The SSH man pages say: 

-L port:host:hostport 
 Specifies that the given port on the local (client) host is to be 
 forwarded to the given host and port on the remote side.  This 
 works by allocating a socket to listen to port on the local side, 
 and whenever a connection is made to this port, the connection is 
 forwarded over the secure channel, and a connection is made to 
 host port hostport from the remote machine.  Port forwardings can 
 also be specified in the configuration file.  Only root can for- 
 ward privileged ports.  IPv6 addresses can be specified with an 
 alternative syntax: port/host/hostport 

-N Do not execute a remote command.  This is useful for just for- 
 warding ports (protocol version 2 only). 

If you need additional infos or Q&A please go to Contact Page for our e-mail addresses...

LiNUX Horizon it is a NetXpert Partner Site Meter

LiNUX Horizon Main Page | LiNUX Horizon Online Shop | LiNUX Horizon Forum

Advertising links: Laptop Notebook | Calculatoare | PDA GPS

No Banana Union - No Software Patents Say NO to software patents!

Valid XHTML 1.0! Valid CSS! Viewable With Any Browser