How to create ssh tunnels / ssh tunneling on Linux and FreeBSD with openssh

Saturday, 26th November 2011

ssh-tunnels-port-forwarding-windows-linux-bypassing-firewall-diagram
SSH tunneling
allows to send and receive traffic using a dedicated port. Using an ssh traffic can have many reasons one most common usage reason is to protect the traffic from a host to a remote server or to access port numbers which are by other means blocked by firewall, e.g.: (get around firewall filtering)
SSH tunneling works only with TCP traffic. The way to make ssh tunnel is with cmds:

host:/root# ssh -L localhost:deshost:destport username@remote-server.net
host:/root# ssh -R restport:desthost:localport username@remote-server.net
host:/root# ssh -X username@remote-server.net

This command will make ssh to bind a port on localhost of the host host:/root# machine to the host desthost:destport (destination host : destinationport). Important to say deshost is the host destination visible from the remote-server.net therefore if the connection is originating from remote-server.net this means desthost will be localhost.
Mutiple ssh tunnels to multiple ports using the above example commands is possible. Here is one example of ssh tunneling
Let’s say its necessery to access an FTP port (21) and an http port (80), listening on remote-server.net In that case desthost will be localhost , we can use locally the port (8080) insetad of 80, so it will be no necessery to make the ssh tunnel with root (admin privileges). After the ssh session gets opened both services will be accessible on the local ports.

host:/home/user$ ssh -L 21:localhost:21 -L 8080:localhost:80 user@remote-server.net

That’s all enjoy 😉

Share this on:

Download PDFDownload PDF

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

3 Responses to “How to create ssh tunnels / ssh tunneling on Linux and FreeBSD with openssh”

  1. admin says:
    Firefox 30.0 Firefox 30.0 Windows 7 x64 Edition Windows 7 x64 Edition
    Mozilla/5.0 (Windows NT 6.1; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0

    A useful tunneling is to create SSH tunnel to MySQL server on localhost so you can access it via mysql cli using some port lets say (3308):
     

    ssh -T -N -L 3308:localhost:3306 myserver.example.com

    Then access with mysql cli (assuming mysql cli is installed on localhost):
     

    $ mysql -P 3308 -u USERNAME -pPASSWORD DATABASE

     

     

    View CommentView Comment
  2. admin says:
    Firefox 30.0 Firefox 30.0 Windows 7 x64 Edition Windows 7 x64 Edition
    Mozilla/5.0 (Windows NT 6.1; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0

    In corporate world it is also very useful to create and use SSH tunnel to Oracle Database. The same logic is in place:

    ssh -T -N -L 1521:localhost:1521 mysoracleerver.example.com
    
    C:\Users\georgi>sqlplus mdinh/mdinh@127.0.0.1:1521/lax_db01
    SQL*Plus: Release 11.2.0.1.0 Production on Mon Mar 11 00:00:14 2013
    Copyright (c) 1982, 2010, Oracle.  All rights reserved.
    Connected to:
    Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production
    With the Partitioning, OLAP, Data Mining and Real Application Testing options
    SQL> select instance_name from v$instance;
    INSTANCE_NAME
    ----------------
    db01
    SQL> select db_unique_name from v$database;
    DB_UNIQUE_NAME
    ------------------------------
    lax_db01
    SQL> exit
    View CommentView Comment
  3. admin says:
    Firefox 30.0 Firefox 30.0 Windows 7 x64 Edition Windows 7 x64 Edition
    Mozilla/5.0 (Windows NT 6.1; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0

    Another useful scenario is whether it is necessery to make ssh tunnel via multiple (server) hops:

    There are 3 scenarios to tunnel ssh traffic via multiple servers:

    1. Tunnel from localhost to host1 :

      ssh -L 9999:host2:1234 -N host1
      

      As noted above, the connection from host1 to host2 will not be secured.

    2. Tunnel from localhost to host1 and from host1 to host2 :

      ssh -L 9999:localhost:9999 host1 ssh -L 9999:localhost:1234 -N host2
      

      This will open a tunnel from localhost to host1 and another tunnel from host1 to host2 . However the port 9999 to host2:1234 can be used by anyone on host1 . This may or may not be a problem.

    3. Tunnel from localhost to host1 and from localhost to host2 :

      ssh -L 9998:host2:22 -N host1
      ssh -L 9999:localhost:1234 -N -p 9998 localhost
      

      This will open a tunnel from localhost to host1 through which the SSH service on host2 can be used. Then a second tunnel is opened from localhost to host2 through the first tunnel.

    Normally, I'd go with option 1.
    If the connection from host1 to host2 needs to be secured, go with option 2.

    Option 3 is mainly useful to access a service on host2 that is only reachable from host2 itself.

    View CommentView Comment

Leave a Reply

CommentLuv badge