Advanced OpenSSH - port forwarding

Posted by Markus Benning on November 16, 2019

SSH support forwarding of network connections thru your ssh session. It can be used for tunneling of connections, but sometimes its also used as a poor mans VPN.

Local port forwards

A local port forward will forward all connection of a local listening port to target on the server side.

To create a local forward use the -L switch on the command line or the LocalForward directive within the configuration file. For both directives the forward must specified in the following format:

<local-ip>:<local-port>:<target-host>:<target-port>

The local-ip part can be skipped and will default to localhost.

Hint: Most systems don’t allow regular users to create listening ports on ports < 1024. Use high ports on the local side instead of the original port. (eg. 10022 instead of 22)

Remote port forwards

A remote forward allows you to forward a remote port a local target. The listening port will be created on the remote host and the connection to the target will be created from your local ssh client.

Remote forward can be created from command line -R or in the configuration file by using RemoteForward.

Both directives require a target specification as argument:

<remote-ip>:<remote-port>:<target-host>:<target-port>

The remote-ip can be skipped and will default to localhost.

Dynamic port forwards