FANDOM


ssh tunnel Edit

  • There are 2 ways create ssh tunnel, local and remote port forwarding.

local port forward Edit

1. Imagine you’re on a private network which doesn’t allow connections to a specific server imgur.com. To get around this we can create a tunnel through a server (example.com) which can access Imgur.com

## local forward your local 9000 port to imgur.com through example.com
$ ssh -L 9000:imgur.com:80 user@example.com

2.you need to connect to a database on a server (example.com) which only allows local connection listens on the port 5432. Forward your local port 9000 to server's 5432.

$ ssh -L 9000:localhost:5432 user@example.com
 ## connect db on local
 $ psql -h localhost -p 9000

remote port forward Edit

1. web application on your local listen 3000, and you’d like to show it on internet. But your didn’t public IP. Forward your local:3000 to example.com:9000, example.com have public ip

$ ssh -R 9000:localhost:3000 user@example.com
  • SSH doesn’t by default allow remote hosts to forwarded ports, To enable this open /etc/ssh/sshd_config and add
 GatewayPorts yes
 $ sudo service ssh restart
 

some tips Edit

  • every time we create a tunnel you also SSH into the server and get a shell. This isn’t usually necessary, as you’re just trying to create a tunnel.To avoid this we can run SSH with the -nNT flags
 $ ssh -nNT -L 9000:imgur.com:80 user@example.com