Skip to content

Instantly share code, notes, and snippets.

@riturajborpujari

riturajborpujari/ssh_tunnelling.md

Last active December 14, 2022 16:50
Show Gist options
  • Save riturajborpujari/d63c3940786f68d992eb416c3951d2fd to your computer and use it in GitHub Desktop.
Save riturajborpujari/d63c3940786f68d992eb416c3951d2fd to your computer and use it in GitHub Desktop.
Download ZIP
SSH tunnelling
Raw
ssh_tunnelling.md

SSH Tunnelling

Connect local port to server port

Introduction

An SSH tunnel creates a connection between a port on your local machine and a address + port on the server, and tunnels the data to the server over SSH on port 22 to the server address + port.

This is done so that it doesn't get blocked by any firewalls or security groups (assuming only SSH connections are allowed to the server). After the data reaches the SSH server it gets forwarded to the address + port you specified when you created the SSH tunnel.

An important detail here is that the destination address + port are accessed from the context of the server, so localhost or 127.0.0.1 refer to the server machine on the destination side of the tunnel, not your local machine.

Command

To create a SSH tunnel from local port to address + port on a server we would have to run the following command

ssh -i <private_key_pem> -N -f -L <local_port>:<address>:<port> <user>@<server_address>

Here,

  1. <private_key_pem> is the path to the private key file

    This PEM file is used to connect to the server. It is the same private key file used to connect to the server using SSH

  2. <local_port> is the local port to use as tunnel front

    Connections made to this port on the local machine will be tunnelled to the server address + port

  3. <address> is the address to tunnel to on the server

  4. <port> is the port to tunnel to on the server

  5. <user> and <server_address> are used to connect to the server

    Here, <user> is the username like ubuntu | ec2-user, and <server_address> is the actual address of the server like 14.234.187.105

  6. -N instructs SSH not execute a remote command, so it won't open a remote shell on the server.

  7. -f instructs SSH to run in the background.

Example MongoDB tunnel

To tunnel local port 8000 to MongoDB server instance running on our server(14.234.187.105) at 127.0.0.1:27017 we would have to run the following command. (Assuming private key for SSHing to our server is present in ~/.ssh/aws-key.pem on local machine)

ssh -i ~/.ssh/aws-key.pem -N -f -L 8000:127.0.0.1:27017 ec2-user@14.234.187.105

Close SSH Tunnel to MongoDB

To close an SSH tunnel that is open in the background you can kill the background process with the following command kill -9 <process id>

Run this command to find out the id of the processes concerning SSH ps aux | grep ssh

Then look for the line similar to the following line. This line is concerning our just created SSH tunnel

rituraj 12807 ... ssh -i /home...key.pem -N -f -L 8000:1...17 ec2-user@14.234.187.105

Here, 12807 is the PID or the process id for our SSH tunnel. You can close the tunnel by running kill -9 12807

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment