Monday, April 9, 2012

SSH remote port forwarding

Second kind of forwarding with ssh is so called remote port forwarding. This time the service available on ssh client can be forwarded to be available on ssh server. Suppose that we have machine with httpd (or any other TCP service) somewhere behind NAT and we want to make it available on our public standing ssh machine:

ssh-client$ ssh -R 8080:localhost:80 root@ssh-server-ip-addr

What it does is forwarding ssh-client's httpd server (port 80) to port 8080 on ssh-server.

From now on, connecting to ssh-server-ip-addr:8080 will effectively connect us with ssh-client:80

Use cases for this functionality:
- remote system administering of machine behind NAT (see my serverfault's answer)
- encrypted forwarding service to another machine