Menu
Although I use some alias to do ssh tunnel or reverse tunnel, I never understand how it works. Does somebody know how to explain it in very simple way?
I think the 3 primary uses are:
First of all, I can use my home computer to ssh to foo.mycompany.com, without using any password (foo is a server at work)
How to make foo.mycompany.com:8080 go to my home computer's localhost:3000 ?
If at home, I cannot access http://bar.mycompany.com, but foo can access bar, how to make the home computer able to access http://bar.mycompany.com?
If at home, I cannot access MySQL db at db.mycompany.com, but foo can, how to make it possible to access db.mycompany.com also using ssh tunnel.
Can it be explain in very simple terms? Are there actually some other popular use besides these 3? thanks.
438
SSH tunneling, or SSH port forwarding, is a method of transporting arbitrary data over an encrypted SSH connection. SSH tunnels allow connections made to a local port (that is, to a port on your own desktop) to be forwarded to a remote machine via a secure channel.
SSH tunneling is a method to transport additional data streams within an existing SSH session. SSH tunneling helps achieve security use cases such as remote web service access without exposing port on the internet, accessing server behind NAT, exposing local port to the internet.
With Two-Way SSH tunnel you can connect to any destination under a single condition, which is, the ability to ssh login from the destination to the source. If you can do that, you can as well reverse login from source to destination even if it is behind firewall or NAT.
1) Assuming you connect from home to foo, you need a reverse tunnel (-R)
ssh -R 8080:localhost:3000 foo.mycompany.com This will enable processes running at foo to connect to localhost:8080 and actually speak to your home computer at port 3000. If you want other computers at your work to be able to connect to foo:8080 and access your home computer at port 3000, then you need
ssh -R 0.0.0.0:8080:localhost:3000 foo.mycompany.com but for this to work you also need this option to foo's sshd_config
GatewayPorts yes 2) The best way to create an http proxy with ssh is with socks. First connect with
ssh -D 8888 foo.company.com then go to your browser connection settings and enable proxy connection, choose socks4/5 and host: localhost, port 8888. Then just type http://bar.mycompany.com in your browser's address bar.
3) Now you need a local port forward (-L).
ssh -L 3333:db.mycompany.com:3306 foo.mycompany.com This means that you will be able to connect at localhost:3333 from your home computer and everything will be forwarded to db.mycompany.com:3306 as if the connection was made by foo.mycompany.com. Host db will see foo as the client connecting, so you need to login with the same username and password you use when working from foo.
Adding -g flag will enable other computers from your home network to connect to your computer port 3333 and actually access db:3306.
126
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
