Linux Secure Shell (SSH) IV : SSH Tunnel (Local Port Forwarding)
There are two kinds of port forwarding: local and remote forwarding. They are also called outgoing and incoming tunnels, respectively.
Picture credit: SSH Tunneling Explained
To simulate the picture, we'll use EC2 as a remote and my home computer as a local:
$ ssh -L 9001:google.com:80 ec2b ubuntu@ip-172-31-1-211:~$
The L switch indicates that a local port forward is need to be created. The switch syntax is as follows:
-L <local-port-to-listen>:<remote-host>:<remote-port>
Now the SSH client at "local" will connect to SSH server running at "remote" (usually running at ssh port 22) binding port 9001 of "local" to listen for local requests thus creating a SSH tunnel between "local" and "remote". At the "remote" end it will create a connection to "google.com" at port 80. So "local" doesn't need to know how to connect to "google.com". Only "remote" needs to worry about that. The channel between "remote" and "local" will be encrypted while the connection between "remote" and "google.com" will be unencrypted.
So, the syntax of the full command would be as follows:
ssh -L <local-port-to-listen>:<remote-host>:<remote-port> <gateway>
To make it easier to ssh to remote, we set up an alias as "ec2b" in ~/.ssh/config like this:
Host ec2b Hostname ec2-54-174-115-47.compute-1.amazonaws.com User ubuntu IdentityFile ~/.ssh/SSH-EC2.pem
In that way, we can ssh login simply by:
$ ssh ec2b
Instead of doing this:
$ ssh -i ~/.ssh/SSH-EC2.pem ubuntu@ec2-54-174-115-47.compute-1.amazonaws.com
Now that local port forwarding is done, we can type in http://localhost:9001 into the browser at local. The "remote" computer will act as a gateway which would accept requests from "local" machine and fetch data and tunnelling it back.
Note here the "remote" to "google.com" connection is only made when browser makes the request not when the tunnel is setup.
As another example, we want to see DB on remote (45.79.90.218:80) from our local machine via 9001 port.
k@laptop:~$ ssh -L 9001:localhost:80 -l sfvue 45.79.90.218 sfvue@45.79.90.218's password: [sfvue@sf ~]$
Open a browser on our local machine, and type in localhost:9001/phpmyadmin. Then we can go in our database on remote server.
Linux - system, cmds & shell
- Linux Tips - links, vmstats, rsync
- Linux Tips 2 - ctrl a, curl r, tail -f, umask
- Linux - bash I
- Linux - bash II
- Linux - Uncompressing 7z file
- Linux - sed I (substitution: sed 's///', sed -i)
- Linux - sed II (file spacing, numbering, text conversion and substitution)
- Linux - sed III (selective printing of certain lines, selective definition of certain lines)
- Linux - 7 File types : Regular, Directory, Block file, Character device file, Pipe file, Symbolic link file, and Socket file
- Linux shell programming - introduction
- Linux shell programming - variables and functions (readonly, unset, and functions)
- Linux shell programming - special shell variables
- Linux shell programming : arrays - three different ways of declaring arrays & looping with $*/$@
- Linux shell programming : operations on array
- Linux shell programming : variables & commands substitution
- Linux shell programming : metacharacters & quotes
- Linux shell programming : input/output redirection & here document
- Linux shell programming : loop control - for, while, break, and break n
- Linux shell programming : string
- Linux shell programming : for-loop
- Linux shell programming : if/elif/else/fi
- Linux shell programming : Test
- Managing User Account - useradd, usermod, and userdel
- Linux Secure Shell (SSH) I : key generation, private key and public key
- Linux Secure Shell (SSH) II : ssh-agent & scp
- Linux Secure Shell (SSH) III : SSH Tunnel as Proxy - Dynamic Port Forwarding (SOCKS Proxy)
- Linux Secure Shell (SSH) IV : Local port forwarding (outgoing ssh tunnel)
- Linux Secure Shell (SSH) V : Reverse SSH Tunnel (remote port forwarding / incoming ssh tunnel) /)
- Linux Processes and Signals
- Linux Drivers 1
- tcpdump
- Linux Debugging using gdb
- Embedded Systems Programming I - Introduction
- Embedded Systems Programming II - gcc ARM Toolchain and Simple Code on Ubuntu/Fedora
- LXC (Linux Container) Install and Run
- Linux IPTables
- Hadoop - 1. Setting up on Ubuntu for Single-Node Cluster
- Hadoop - 2. Runing on Ubuntu for Single-Node Cluster
- ownCloud 7 install
- Ubuntu 14.04 guest on Mac OSX host using VirtualBox I
- Ubuntu 14.04 guest on Mac OSX host using VirtualBox II
- Windows 8 guest on Mac OSX host using VirtualBox I
- Ubuntu Package Management System (apt-get vs dpkg)
- RPM Packaging
- How to Make a Self-Signed SSL Certificate
- Linux Q & A
- DevOps / Sys Admin questions
Ph.D. / Golden Gate Ave, San Francisco / Seoul National Univ / Carnegie Mellon / UC Berkeley / DevOps / Deep Learning / Visualization
My YouTube channel