What command do we use to create an SSH local forwarding tunnel?

/ / Published in Cybersecurity, EITC/IS/LSA Linux System Administration, Advanced sysadmin in Linux, Advancing in Monit - SSH local forwarding for a web dashboard, Examination review

To create an SSH local forwarding tunnel, we use the "ssh" command in Linux. SSH (Secure Shell) is a cryptographic network protocol that allows secure remote login and command execution. Local forwarding is a technique used to redirect network traffic from a local port on the client machine to a specific destination port on the server machine through an SSH connection. This enables us to securely access services running on the server through the client's local machine.

The syntax for creating an SSH local forwarding tunnel is as follows:

ssh -L [local_address:]local_port:remote_address:remote_port user@server

Let's break down the components of this command:

– `-L`: Specifies that we want to create a local forwarding tunnel.
– `[local_address:]local_port`: Specifies the address and port on the client machine where we want to listen for incoming connections. The local address is optional and can be omitted if we want to bind to all available network interfaces.
– `remote_address:remote_port`: Specifies the address and port on the server machine to which we want to forward the traffic.
– `user@server`: Specifies the username and hostname (or IP address) of the server we want to connect to.

Here are a few examples to illustrate the usage of the SSH local forwarding command:

Example 1: Forwarding local port 8080 to a web server running on the remote machine:

ssh -L 8080:localhost:80 user@server

In this example, any traffic sent to the client's port 8080 will be securely forwarded to the server's port 80. This allows us to access the web server running on the remote machine by opening a web browser on the client and navigating to `http://localhost:8080`.

Example 2: Forwarding local port 5432 to a PostgreSQL database server on the remote machine:

ssh -L 5432:localhost:5432 user@server

In this example, any traffic sent to the client's port 5432 will be securely forwarded to the server's port 5432. This enables us to connect to the PostgreSQL database server running on the remote machine using a local client by specifying `localhost` as the host and port 5432.

Example 3: Forwarding traffic to a specific network interface on the client machine:

ssh -L 192.168.1.100:8080:localhost:80 user@server

In this example, the SSH local forwarding tunnel is bound to the network interface with the IP address 192.168.1.100. Any traffic sent to this address and port 8080 on the client machine will be securely forwarded to the server's port 80.

It is important to note that the SSH local forwarding tunnel remains active as long as the SSH connection is established. If the connection is terminated, the tunnel will be closed, and the forwarded services will no longer be accessible.

The "ssh" command with the "-L" option allows us to create an SSH local forwarding tunnel, enabling secure access to services running on a remote server through a client's local machine. This technique is useful for accessing web dashboards, databases, and other services securely over an encrypted SSH connection.

Other recent questions and answers regarding Advanced sysadmin in Linux:

View more questions and answers in Advanced sysadmin in Linux

More questions and answers:

Tagged under: , , , ,