How do i use remote ssh tunnelling?



  • Link to ssh man page: https://www.lightnetics.com/post/4350
    Link to sshd_config man page: https://www.lightnetics.com/post/4353

    Note: These settings should be in line with your company's security policy

    -R [bind_address:]port:host:hostport
    	     Specifies that the given port on the remote (server) host is to
    	     be forwarded to the given host and port on the local side.	 This
    	     works by allocating a socket to listen to port on the remote
    	     side, and whenever a connection is made to this port, the connec‐
    	     tion is forwarded over the secure channel, and a connection is
    	     made to host port hostport from the local machine.
    
    	     Port forwardings can also be specified in the configuration file.
    	     Privileged ports can be forwarded only when logging in as root on
    	     the remote machine.  IPv6 addresses can be specified by enclosing
    	     the address in square brackets.
    
    	     By default, the listening socket on the server will be bound to
    	     the loopback interface only.  This may be overridden by specify‐
    	     ing a bind_address.  An empty bind_address, or the address ‘*’,
    	     indicates that the remote socket should listen on all interfaces.
    	     Specifying a remote bind_address will only succeed if the
    	     server's GatewayPorts option is enabled (see sshd_config(5)).
    
    	     If the port argument is ‘0’, the listen port will be dynamically
    	     allocated on the server and reported to the client at run time.
    	     When used together with -O forward the allocated port will be
    	     printed to the standard output.
    
    GatewayPorts
                 Specifies whether remote hosts are allowed to connect to ports
                 forwarded for the client.  By default, sshd(8) binds remote port
                 forwardings to the loopback address.  This prevents other remote
                 hosts from connecting to forwarded ports.  GatewayPorts can be
                 used to specify that sshd should allow remote port forwardings to
                 bind to non-loopback addresses, thus allowing other hosts to con‐
                 nect.  The argument may be “no” to force remote port forwardings
                 to be available to the local host only, “yes” to force remote
                 port forwardings to bind to the wildcard address, or
                 “clientspecified” to allow the client to select the address to
                 which the forwarding is bound.  The default is “no”.
    

    Example:

    $ ssh -R 3131:localhost:3131 myuser@myremotehost.com
    

    This command depends on the GatewayPorts option on the remote host sshd configuration. Edit the sshd_config file and add the option.

    $ sudo vim /etc/ssh/sshd_config


 

© Lightnetics 2018