theCAT
  
Report a Problem:
Email: support@cat.pdx.edu
Phone: 503-725-5420
Location: FAB 82-01
  USERS PLATFORMS SYSTEM RESOURCES    
Home Students Fac/Staff CS Tutors Guidelines Windows Linux Mac Mail Network Software Web TheCAT Sitemap Contact
arrowHome arrow Linux arrow SSH Port Forwarding Wednesday, 29 March 2017  
Linux
SSH Port Forwarding Print
Thursday, 17 November 2011

On Linux systems it is common to use SSH to forward ports between two hosts. This short tutorial will introduce the -L, -R, and -D flags to ssh. Wherever "eve.ece.pdx.edu" is listed, one can also use walle.ece.pdx.edu

NOTE: You must connect to the VPN before you can access the Redhat machines (eve.ece.pdx.edu and walle.ece.pdx.edu)

All remote access to those hosts requires the VPN. This includes SSH and VNC connections.
Read our Tier 3 linux VPN guide for how to connect to the VPN.


SSH -L stands for local forwarding. Its syntax is ssh -L port:host:hostport remotehost. This allows you to connect a local port to a remote port over an encrypted ssh tunnel.

To see it in action:

ssh -L 5901:localhost:5901 joeuser@eve.ece.pdx.edu 

This command forwards vnc over ssh so that the user can use vnc securely. The user can then connect to it using e.g. vncviewer localhost:1.

SSH -R stands for remote forwarding. Its syntax is ssh -R port:host:hostport remotehost. This allows you to connect a remote port to a local port over an encrypted ssh tunnel.

To see it in action:

ssh -R 5800:localhost:22 joeuser@eve.ece.pdx.edu


This command forwards port 22 from the host machine into port 5800 on eve.ece.pdx.edu (or walle.ece.pdx.edu). This means you can ssh eve.ece.pdx.edu -p 5800 and it will be the same as sshing into the original box.

SSH -D is for dynamic application-level port forwarding. Its syntax is ssh -D port remotehost. It allows you to put up a SOCKS proxy over an encrypted ssh tunnel.
To see it in action:

ssh -D 2100 joeuser@eve.ece.pdx.edu

This command forwards all trafic requested of localhost:2100 through eve.ece.pdx.edu. You can configure Chromium or Firefox to use localhost:2100 as a SOCKS5 proxy and be sure that all your http traffic is being tunneled over ssh.

When to use which one:

SSH -L is good for exposing a remote port locally. SSH -R is good for accessing a box hidden behind a NAT. SSH -D is good for tunneling your web traffic in an environment you don't completely trust.

Last Updated ( Saturday, 31 December 2016 )

©1999 - 2017 TheCAT