How do i use ssh local tunnelling?
-
Link to ssh man page: https://www.lightnetics.com/post/4350
Note: These settings should be in line with your company's security policy
-L [bind_address:]port:host:hostport Specifies that the given port on the local (client) host is to be forwarded to the given host and port on the remote side. This works by allocating a socket to listen to port on the local side, optionally bound to the specified bind_address. Whenever a con‐ nection is made to this port, the connection is forwarded over the secure channel, and a connection is made to host port hostport from the remote machine. Port forwardings can also be specified in the configuration file. IPv6 addresses can be spec‐ ified by enclosing the address in square brackets. Only the superuser can forward privileged ports. By default, the local port is bound in accordance with the GatewayPorts setting. How‐ ever, an explicit bind_address may be used to bind the connection to a specific address. The bind_address of “localhost” indicates that the listening port be bound for local use only, while an empty address or ‘*’ indicates that the port should be available from all interfaces.
AllowTcpForwarding Specifies whether TCP forwarding is permitted. The available options are “yes” or “all” to allow TCP forwarding, “no” to pre‐ vent all TCP forwarding, “local” to allow local (from the per‐ spective of ssh(1)) forwarding only or “remote” to allow remote forwarding only. The default is “yes”. Note that disabling TCP forwarding does not improve security unless users are also denied shell access, as they can always install their own forwarders.
Example:
ssh -L 8500:172.31.35.7:8500 ec2-user@<IP>;
This says, from your local desktop machine,
ssh to from localhost port 8500 > to server 172.31.35.7 on port 8500, but do it via this user and server, ec2-user@<IP>;This is also dependent on your sshd_config settings specifically AllowTcpForwarding.
© Lightnetics 2024