Port Forwarding with SSH

You can use ssh to create a secure tunnel from the internet to a host on your home network using the poor man's VPN, the ssh command.

By using the following command,

==== ssh -l root -L localhost:2525:192.168.1.100:80 24.129.138.118 ====

the root user would connect 24.129.138.118 with a ssh tunnel. If you wanted to then access 192.168.1.100 via port 80 to visit a website on the 192.168.1.100 host, you would put http://localhost:2525 in your local web browser.

The packets that travel over the public network will be encrypted, but once the packets reach the destination network, the packets will flow to the host in clear text if 192.168.1.100 is not a private address on the ssh server.

ssh [-L [bind_address:]port:host:hostport]

Specifies that the given port on the local (client) host is to be forwarded to the given host and port on the remote side. This works by allocating a socket to listen to port on the local side, optionally bound to the specified bind_address. Whenever a con- nection is made to this port, the connection is forwarded over the secure channel, and a connection is made to host port hostport from the remote machine. Port forwardings can also be specified in the configuration file. By default, the local port is bound in accordance with the GatewayPorts setting. However, an explicit bind_address may be used to bind the connection to a specific address. The bind_address of localhost indicates that the listening port be bound for local use only, while an empty address or `*' indicates that the port should be available from all interfaces.

ssh [-l login_name]

Specifies the user to log in as on the remote machine. This also may be specified on a per-host basis in the configuration file.

HowTo/Port Forwarding With SSH (last edited 2008-05-05 08:48:42 by John Scott)