Skip to content

Instantly share code, notes, and snippets.

@eeowaa

eeowaa/ssh-tunnels.md

Last active April 7, 2022 19:25
Show Gist options
  • Save eeowaa/fbd33777653d98fdb28831035b10760a to your computer and use it in GitHub Desktop.
Save eeowaa/fbd33777653d98fdb28831035b10760a to your computer and use it in GitHub Desktop.
Download ZIP
SSH Tunnels
Raw
ssh-tunnels.md

SSH Tunnels

  • ASCII diagrams inspired by this Stack Exchange answer.
  • In all of the examples shown, port 123 must be free on your client host before opening the SSH tunnel.

Useful options

  • -T: Disables pseudo-tty allocation, which is appropriate because you're not trying to create an interactive shell.
  • -N: Says that you want an SSH connection, but you don't actually want to run any remote commands. If all you're creating is a tunnel, then including this option saves resources.
  • -f: Tells ssh to background itself after it authenticates, so you don't have to sit around running something on the remote server for the tunnel to remain alive.

Local port forwarding to remote host

$ ssh -L[TNf] 123:localhost:456 remotehost[:22]
+=============+     +=================================+
|             |     |                   +~~~~~~~~~~~+ |
|  ,-------123:<<<  |                   | localhost | |
|  |          |     |                   |           | |
|  `--(ssh)--A:-----:22--(sshd)--B:-->>>:456        | |
|             |     |                   |           | |
| [your host] |     | remotehost        +~~~~~~~~~~~+ |
+=============+     +=================================+

Local port forwarding to faraway host

$ ssh -L[TNf] 123:farawayhost:456 remotehost[:22]
+=============+     +=============+     +=============+
|             |     |             |     |             |
|  ,-------123:<<<  |             |     |             |
|  |          |     |             |     |             |
|  `--(ssh)--A:-----:22--(sshd)--B:-->>>:456          |
|             |     |             |     |             |
| [your host] |     | remotehost  |     | farawayhost |
+=============+     +=============+     +=============+

Reverse port forwarding to local host

$ ssh -R[TNf] 123:localhost:456 remotehost[:22]
+===============================+     +===============+
| +~~~~~~~~~~~+                 |     |               |
| | localhost |                 |  >>>:123---------.  |
| |           |                 |     |            |  |
| |        456:<<<--:B--(ssh)--A:-----:22--(sshd)--'  |
| |           |                 |     |               |
| +~~~~~~~~~~~+ [your host]     |     | remotehost    |
+===============================+     +===============+

Reverse port forwarding to nearby host

$ ssh -R[TNf] 123:nearbyhost:456 remotehost[:22]
+=============+     +=============+     +===============+
|             |     |             |     |               |
|             |     |             |  >>>:123---------.  |
|             |     |             |     |            |  |
|          456:<<<--:B---(ssh)---A:-----:22--(sshd)--'  |
|             |     |             |     |               |
| nearbyhost  |     | [your host] |     | remotehost    |
+=============+     +=============+     +===============+
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment