Securely forward a TCP service with SSH

Sometimes you want to directly access a server on a remote LAN beyond a firewall and you don’t want to set up a VPN, or maybe you want to encrypt an unencrypted service in simple and easy way. If you can contact a [remote] SSH server, then you only need a ssh client, and that’s all!

Let’s see it more in deep:
ssh -fn -N -L

The -N -L switches do the trick! The first parameter to the L siwtch (1080 in this example) will be the local port you will use to direct connect to the remote service, located at address on port 80. So, for example, you can point your browser to http://localhost:1080 and magically you will have established an encrypted connection to that web server (well, if you have a user/password for remote-ssh-prxy ;)
The -N switch is mandatory in this use case because it will disable the need of a program to be passed as an argument to ssh, permitting the tunnel-only connection.
The -fn is to put in background the connection, so the tunnel will stay open and your console won’t be blocked.

You can change the -L for -R which will do just the reverse. It will forward a port from the remote proxy to a local machine.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s