Programming Languages, Martials Arts and Computers. The Weblog of Chris Double.
SSH provides the ability to tunnel network connections over the encrypted SSH session. This is useful for encrypting what would otherwise be plain text communications or working around restrictive firewalls by tunnelling over an allowed port.
The format of the SSH command to tunnel is:
ssh email@example.com -L <local-port>:<remote-host>:<remote-port> -N
local-port is the port you want to expose on the client machine. This is the port that client programs will connect too.
remote-port are the destination host and port that you are tunnelling too.
By connecting to
localhost:local-port the data is tunneled to
remote-host:remote-port via the server 'example.com'. 'example.com' will need to be able to access
remote-host is the same as the SSH server,
remote-host name or IP is resolved from the point of view of
example.com so using
remote-host will actually be 'example.com'.
As an example, if you have a webserver running on 'example.com' that is bound to the
localhost interface only then external applications can't connect to it. You can however via a tunnel:
ssh firstname.lastname@example.org -L 8080:127.0.0.1:80 -N
Connecting to port '8080' on the client will connect to the port 80 webserver on
127.0.0.1 as seen by
example.com - in this case