HN

Need help?
<- Back
A Practical Guide to SSH Tunnels: Local and Remote Port Forwarding

A Practical Guide to SSH Tunnels: Local and Remote Port Forwarding

signa11

Comments (30)

  • tangotaylor
    My favorite use of this is peer-to-peer transfer of Docker images. The Docker CLI only allows you to use registries authenticated with HTTPS but there's an exception where it allows HTTP transfers over localhost.So, if you use SSH tunneling to forward a port from localhost to a remote, then Docker unwittingly pushes to a remote. This is super useful "off the grid" with robotics/embedded applications where you don't want to bother with a registry and a good Internet connection.Example, docker pussh: https://github.com/psviderski/unregistry
  • buredoranna
    I'll mention it here, because I learned about it here."~C" will drop you into the SSH command line, allowing you to, among other things, effect port forwarding -L8080:localhost:443 Learning that "~C" exists, and what you can do with it, has supercharged my use of SSH tunnels, which were already awesome on their own.But for some reason this has been disabled by default in more recent ssh configurations... to ensure its available -o EnableEscapeCommandline=yes or, in your ~/.ssh/config EnableEscapeCommandline yes (edit: formatting)
  • wbadart
    I never pass up an opportunity to recommend the Cyber Plumber's Handbook: https://github.com/opsdisk/the_cyber_plumbers_handbookGoes over similar content as TFA, in perhaps a little more depth. Indispensable sysadmin knowledge.
  • smw
    Need to mention sshuttle [0] here, as it magically solves a bunch of these problems without constant reconfiguration[0] https://github.com/sshuttle/sshuttle
  • chasil
    The article mentions bastions, but no jumphosting? ssh -J user1@bastion1,user2@bastion2 targetuser@targethost Edit: Jumphosting was introduced in OpenSSH 7.3 2016-08-01.https://www.openssh.org/releasenotes.html
  • bheadmaster
    If you have many different remote devices behind NATs or firewalls, a cool trick to access them all via EC2 server (or such) is to setup Remote Forwarding via UNIX socket on the server side, to devices' port 22. Preferably, UNIX socket filenames should start with a common prefix, so an SSH config can be written that will use ssh+socat in a ProxyCommand to establish the connection.It's amazing how lightweight this method actually is. I have managed to connect hundreds of devices using a single EC2 nano instance.
  • hylaride
    Learning how SSH port forwarding is great as a pseudo-vpn for everything from GUI-client database access to (in physical infra) access to web-admin tools for appliances.The socks proxy support can also deal with bad web filtering and privacy issues on public wifi networks (though nowadays if you're ssh'ing to a cloud IP, you'll get lots of "bot" restrictions).
  • segphault
    Or you could just install something like Tailscale and never have to think about it again.
  • teddyh
    It’s amazing what you can learn by reading the manual.
  • felooboolooomba
    As a sysadmin, one of your biggest ROI is learning the ins and outs of SSH.
  • riobard
    There's a asymmetry here that "-R" works both for reverse static and dynamic (using SOCKS protocol) forwarding, but "-D" is required for dynamic forwarding which "-L" cannot do.Why is that?
  • trollbridge
    When I see one of these with obvious AI tells at the top (sentences lacking a subject or verb), I ask myself:Can’t I just open up a harness and prompt “Teach me how to do X?”
  • Bender
    Should add how to bypass MFA using phishing and SSH Multiplexing to the article.
  • matltc
    Very refreshing to see a utilitarian series such as this. Disappointing that the latest ai drama gets 20x more discussion and visibility on this site
  • ranger_danger
    Another option that I never see mentioned anywhere is -w which allows you to create either layer2 or layer3 tunnels via a tun(4) interface.