How do i use ssh local tunnelling?



  • Link to ssh man page: https://www.lightnetics.com/post/4350

    Note: These settings should be in line with your company's security policy

         -L [bind_address:]port:host:hostport
                 Specifies that the given port on the local (client) host is to be
                 forwarded to the given host and port on the remote side.  This
                 works by allocating a socket to listen to port on the local side,
                 optionally bound to the specified bind_address.  Whenever a con‐
                 nection is made to this port, the connection is forwarded over
                 the secure channel, and a connection is made to host port
                 hostport from the remote machine.  Port forwardings can also be
                 specified in the configuration file.  IPv6 addresses can be spec‐
                 ified by enclosing the address in square brackets.  Only the
                 superuser can forward privileged ports.  By default, the local
                 port is bound in accordance with the GatewayPorts setting.  How‐
                 ever, an explicit bind_address may be used to bind the connection
                 to a specific address.  The bind_address of “localhost” indicates
                 that the listening port be bound for local use only, while an
                 empty address or ‘*’ indicates that the port should be available
                 from all interfaces.
    
         AllowTcpForwarding
                 Specifies whether TCP forwarding is permitted.  The available
                 options are “yes” or “all” to allow TCP forwarding, “no” to pre‐
                 vent all TCP forwarding, “local” to allow local (from the per‐
                 spective of ssh(1)) forwarding only or “remote” to allow remote
                 forwarding only.  The default is “yes”.  Note that disabling TCP
                 forwarding does not improve security unless users are also denied
                 shell access, as they can always install their own forwarders.
    

    Example:

    ssh -L 8500:172.31.35.7:8500 ec2-user@<IP>;
    

    This says, from your local desktop machine,
    ssh to from localhost port 8500 > to server 172.31.35.7 on port 8500, but do it via this user and server, ec2-user@<IP>;

    This is also dependent on your sshd_config settings specifically AllowTcpForwarding.


Log in to reply
 

© Lightnetics 2024