Goal : let you access to a private port, example a database listening on 127.0.0.1 only on the remote server
SSH -L <choose a localport on your laptop>:<destinationip>:<destinationport> me@myserver
Example with the database:
ssh -L 50000:127.0.0.1:5432 me@server
or with a remote database
ssh -L 50000:123.254.99.21:3306 me@server
SSH/config option : LocalForward <localport on your laptop> <destinationip>:<destination port>
Goal: have a socks5 proxy on your laptop that let your going out through a remote server
SSH -D <choose a localport on your laptop> me@myserver
Example :
SSH -D 10000 me@myserver
Now I can configure firefox to use a localhost proxy on port 10000 type socks to visit some pages.
SSH/config option : DynamicForward <port number>
Goal: Share a local service with a server, share a local (or in your network) database with a remote server
SSH -R <local port>:<bindingiponremoteserver>:<remoteport> me@myserver
Example :
SSH -R <5432>:<127.0.0.1>:<5433> me@myserver
Let your local postgres database available on the remote server on port 5433
SSH/config option : RemoteForward <localport> <remotelisteningip>:<remoteport>
note: remote listening ip can be 0.0.0.0
If you have to connect via a bastion use ProxyJump option:
Example :
ssh -J me@bastion me@mydestserver
Example with ssh/config option:
ProxyJump <name of the ssh config entrie OR hostname>
Host thebastion
PubkeyAuthentication yes
HostName bastion.superservice.prod.aws.corp.com
IdentityFile ~/.ssh/legacy/id_rsa
Port 222
host my-remote-dev-server
# we only have the ip address of the server
Hostname 10.137.42.11
# use the bastion to connect
ProxyJump thebastion
IdentityFile ~/.ssh/id_aws_dev_vm
User jean.dupont
# let my firefox and curl access network via this server
DynamicForward 10000
# access to a remote database behind my dev server
LocalForward 20000 10.0.20.58:5432
# accessing private API (firewalled port)
LocalForward 15000 172.17.0.1:5000
# Sharing local squid
RemoteForward 3128 127.0.0.1:3128
# Sharing a local database on a custom port
RemoteForward 5432 127.0.0.1:15432
Connect to the server & start all theses tunnel via ssh my-remote-dev-server