I’ve always been curious on ssh port forwarding enough to experiment and learn it to be deadly enough. I currently have two machines that I’d like to test this with, both -L (local) and -R (remote).<\/p>\n\n\n\n
I have a C7 host behind a router and a C8 host on the internet that I’ll be testing with.<\/p>\n\n\n\n
Our set up is the following:<\/p>\n\n\n\n
192.168.2.222:22 (c7 Host) <-> 192.168.2.1:* (router) <-> 159.203.99.198:22 (c8 host)<\/code><\/pre>\n\n\n\nLocal Forwarding<\/h2>\n\n\n\n
What I’m going to do is forward port 4444 on my c7 machine to connect to the c8 host on port 22 by launching the following on 192.168.2.222:<\/p>\n\n\n\n
$ ssh -L 192.168.2.222:4444:159.203.99.198:22 localhost<\/code><\/pre>\n\n\n\nAt this point I can start a SSH session to 192.168.2.222 at port 4444. I’m prompted to log in at 159.203.99.198, and i’m good to go. As long as the command is running I maintain a connection.<\/p>\n\n\n\n
To remove the login necessity I added ~\/.ssh\/id_rsa.pub to ~\/.ssh\/authorized_keys for passwordless local log in.<\/p>\n\n\n\n
Remote Forwarding<\/h2>\n\n\n\n
Remote forwarding allows world-accessible hosts to provide access to internal hosts. In our previous scenario we forwarded from an intranetwork host to a world host. Now we’re gonna use that intranetwork host and make it so that if we SSH to the world host at port 4444 that we will be ssh-ing to our intranetwork host, bypassing the router.<\/p>\n\n\n\n
On 192.168.2.222 I execute the following:<\/p>\n\n\n\n
$ ssh -R 4444:localhost:22 159.203.99.198 -ldiffuser<\/code><\/pre>\n\n\n\nOn my world-accessible host I log in with “diffuser”, and the forwarding is set up.<\/p>\n\n\n\n
On 159.203.99.198 I can ssh to localhost:4444 and connect as internaluser with ease:<\/p>\n\n\n\n
$ ssh localhost -p 4444 -linternaluser<\/code><\/pre>\n\n\n\n