ssh tunnel Edit

  • There are 2 ways create ssh tunnel, local and remote port forwarding.

local port forward Edit

1. Imagine you’re on a private network which doesn’t allow connections to a specific server To get around this we can create a tunnel through a server ( which can access

## local forward your local 9000 port to through
$ ssh -L need to connect to a database on a server ( which only allows local connection listens on the port 5432. Forward your local port 9000 to server's 5432.

$ ssh -L 9000:localhost:5432
 ## connect db on local
 $ psql -h localhost -p 9000

remote port forward Edit

1. web application on your local listen 3000, and you’d like to show it on internet. But your didn’t public IP. Forward your local:3000 to, have public ip

$ ssh -R 9000:localhost:3000
  • SSH doesn’t by default allow remote hosts to forwarded ports, To enable this open /etc/ssh/sshd_config and add
 GatewayPorts yes
 $ sudo service ssh restart

some tips Edit

  • every time we create a tunnel you also SSH into the server and get a shell. This isn’t usually necessary, as you’re just trying to create a tunnel.To avoid this we can run SSH with the -nNT flags
 $ ssh -nNT -L