Jacques Delsemme

SSH Tunneling

This how-to works on Linux, and possibly on Macs (not tested). You can do the same on MS-Windows, but you'll need to figure out in what little boxes to put this information depending on the ssh client that you are using for tunneling. The tunnel can be used with various programs, such as ssh to get a terminal session on a remote server, or http to view a page in a web browser.

ssh session

If you want to ssh to a server (e.g. TARGET) which is not accessible from outside a local domain (e.g. DOMAIN), but you have access to a workstation (e.g. TUNNEL) which can do both, set up a session with:

ssh -f USER@TUNNEL.DOMAIN -L 8000:TARGET.DOMAIN:22 -N

It will prompt you for the USER password on TUNNEL.DOMAIN. Then once you have the prompt back, connect with:

ssh localhost -p 8000

It will now prompt you for the USER password on TARGET.DOMAIN, and you can work on the TARGET.DOMAIN server.

http browser

If you want to http to a server (e.g. TARGET) which is not accessible from outside a local domain (e.g. DOMAIN), but you have access to a workstation (e.g. TUNNEL) which can access it, set up a session with:

ssh -f USER@TUNNEL.DOMAIN -L 8001:TARGET.DOMAIN:80 -N

It will prompt you for the USER password on TUNNEL.DOMAIN. Then once you have the prompt back, use Firefox or Chromium to browse to the URL:

http://localhost:8001/

And you will get the site http://TARGET.DOMAIN:80/.

Notes

The tunneling ssh command uses 2 ports: the first is the one on your local machine, and the second is the one on the remote machine.

  1. On your local machine, I'm using ports 8000 and 8001 as examples, but you can use any port above 1024 that doesn't conflict with some other existing service (ports below 1024 are reserved by root). To login to connect to additional places, use different local ports for each connection.
  2. The port on the remote machine will depend on the appliction you want to run. For ssh, use port 22; for http, use port 80.

All traffic is encrypted, so it's safe to use from pretty much anywhere (even your local coffee house).

You'll need to kill your ssh instance if you want to get rid of it.

W3C validators: check nu css links https://www.delsemme.org/jacques/howtos/tunnel.php
Last modified Sunday, January 1, 2017 @ 09:45pm
Contact