Skip to content

Instantly share code, notes, and snippets.

@thomsh

thomsh/ssh-tunnel-jump.md

Created October 31, 2019 14:53
Show Gist options
  • Save thomsh/9b3617b0b345a58cd6d6db92f67feb27 to your computer and use it in GitHub Desktop.
Save thomsh/9b3617b0b345a58cd6d6db92f67feb27 to your computer and use it in GitHub Desktop.
Download ZIP
SSH tunnels and jump memo
Raw
ssh-tunnel-jump.md

SSH Tunnel/jump memo for sweet devs :)

SSH tunnels

The basic LocalForward

Goal : let you access to a private port, example a database listening on 127.0.0.1 only on the remote server
SSH -L <choose a localport on your laptop>:<destinationip>:<destinationport> me@myserver
Example with the database:
ssh -L 50000:127.0.0.1:5432 me@server
or with a remote database
ssh -L 50000:123.254.99.21:3306 me@server

SSH/config option : LocalForward <localport on your laptop> <destinationip>:<destination port>

The usefull DynamicForward

Goal: have a socks5 proxy on your laptop that let your going out through a remote server
SSH -D <choose a localport on your laptop> me@myserver
Example :
SSH -D 10000 me@myserver
Now I can configure firefox to use a localhost proxy on port 10000 type socks to visit some pages.

SSH/config option : DynamicForward <port number>

The less known RemoteForward

Goal: Share a local service with a server, share a local (or in your network) database with a remote server
SSH -R <local port>:<bindingiponremoteserver>:<remoteport> me@myserver
Example :
SSH -R <5432>:<127.0.0.1>:<5433> me@myserver
Let your local postgres database available on the remote server on port 5433
SSH/config option : RemoteForward <localport> <remotelisteningip>:<remoteport>
note: remote listening ip can be 0.0.0.0

Proxy Jump

If you have to connect via a bastion use ProxyJump option:
Example :
ssh -J me@bastion me@mydestserver
Example with ssh/config option:
ProxyJump <name of the ssh config entrie OR hostname>

Example of ssh config :

Host thebastion
    PubkeyAuthentication yes
    HostName bastion.superservice.prod.aws.corp.com
    IdentityFile ~/.ssh/legacy/id_rsa
    Port 222

host my-remote-dev-server
    # we only have the ip address of the server
    Hostname 10.137.42.11
    # use the bastion to connect
    ProxyJump thebastion
    IdentityFile ~/.ssh/id_aws_dev_vm
    User jean.dupont
    # let my firefox and curl access network via this server
    DynamicForward 10000
    # access to a remote database behind my dev server
    LocalForward 20000 10.0.20.58:5432
    # accessing private API (firewalled port)
    LocalForward 15000 172.17.0.1:5000
    # Sharing local squid
    RemoteForward 3128 127.0.0.1:3128
    # Sharing a local database on a custom port
    RemoteForward 5432 127.0.0.1:15432

Connect to the server & start all theses tunnel via ssh my-remote-dev-server

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment