ssh port forwarding / ssh tunneling

I’ve always been curious on ssh port forwarding enough to experiment and learn it to be deadly enough. I currently have two machines that I’d like to test this with, both -L (local) and -R (remote).

I have a C7 host behind a router and a C8 host on the internet that I’ll be testing with.

Our set up is the following: (c7 Host) <->* (router) <-> (c8 host)

Local Forwarding

What I’m going to do is forward port 4444 on my c7 machine to connect to the c8 host on port 22 by launching the following on

$ ssh -L localhost

At this point I can start a SSH session to at port 4444. I’m prompted to log in at, and i’m good to go. As long as the command is running I maintain a connection.

To remove the login necessity I added ~/.ssh/ to ~/.ssh/authorized_keys for passwordless local log in.

Remote Forwarding

Remote forwarding allows world-accessible hosts to provide access to internal hosts. In our previous scenario we forwarded from an intranetwork host to a world host. Now we’re gonna use that intranetwork host and make it so that if we SSH to the world host at port 4444 that we will be ssh-ing to our intranetwork host, bypassing the router.

On I execute the following:

$ ssh -R 4444:localhost:22 -ldiffuser

On my world-accessible host I log in with “diffuser”, and the forwarding is set up.

On I can ssh to localhost:4444 and connect as internaluser with ease:

$ ssh localhost -p 4444 -linternaluser

Due to how /etc/ssh/sshd_config has GatewayPorts set up by default I cannot connect with my home computer to my world-accessible host. I would have to restart sshd service after setting GatewayPorts=yes (by default it’s no)