Sunday, January 29, 2012

How to: create an ssh tunnel

To create an ssh tunnel, this is the basic syntax:

ssh -L 5555:localhost:5900


    '5555' is the local port on your machine to bind the tunnel to (this number is arbitrary and can be changed)
    '5900' is the remote port you are tunneling over the ssh connection (this number depends on the service or protocol you are using)
    '' is the user and server you are authenticating to

VNC is a prime example of a protocol that should be tunneled over ssh when used over the internet, or even on a corporate lan to keep prying eyes at bay.


Another use case could be protecting your credentials when using a basic auth login to an http-only server (assuming you have shell access of course).

You may have to make adjustments in your destination ssh servers' /etc/ssh/sshd_config file to enable forwarding if it's disabled by default:

#AllowAgentForwarding yes
#AllowTcpForwarding yes

No comments: