home |
electronics |
toolbox |
science club |
tuxtalk |
photos |
e-cards |
online-shop
April 2022
ssh tunnels, cheat-sheet
Static tunnels
Build a static tunnel:
ssh -L LocalIP:LocalPort:RemoteIP:RemotePort user@JumpHost
or if you do not want to bind to a specific local IP:
ssh -L LocalPort:RemoteIP:RemotePort user@JumpHost
Example (tunnel from 192.168.1.21, port 22, to local-port 2122):
ssh -L 2122:192.168.1.21:22 guido@10.0.0.10
Use a static tunnel:
ssh -p 2122 user@localhost
scp -P 2122 file user@localhost
sftp -P 2122 user@localhost
192.168.1.21 is a remote host behind jump-host 10.0.0.10 that is not directly reachable from your local PC.
Dynamic tunnels (socks5)
Build the tunnel:
ssh -D LocalPort user@JumpHost
Example:
ssh -D 3333 user@10.0.0.10
Use the tunnel:
ssh -o 'ProxyCommand socat - socks:127.0.0.1:%h:%p,socksport=3333' user@192.168.1.21
scp -o 'ProxyCommand socat - socks:127.0.0.1:%h:%p,socksport=3333' file_on_you_pc.txt user@192.168.1.21:/tmp
sftp -o 'ProxyCommand socat - socks:127.0.0.1:%h:%p,socksport=3333' user@192.168.1.21
google-chrome --proxy-server="socks://localhost:3333" http://192.168.1.21
curl --socks5 localhost:3333 http://192.168.1.21
192.168.1.21 is a remote host behind jump-host 10.0.0.10 that is not directly reachable from your local PC.
Netcat as a proxy
In some cases forwarding is disabled on the ssh server side. You can not tunnel traffic via that server
however running a proxy command on the server side might not be disabled. You can then use nc or netcat as
a very simple proxy to do the forwaring. That is: you can reach a host behind the jump server from your computer via that netcat proxy:
ssh -o 'ProxyCommand ssh user@10.0.0.10 nc %h %p' user@192.168.1.21
or
ssh -o 'ProxyCommand ssh user@10.0.0.10 netcat %h %p' user@192.168.1.21
This does ssh user@10.0.0.10 and then runs nc (or netcat) on the jumphost (10.0.0.10):
nc 192.168.1.21 22
netcat or nc has to be available on the jumphost.
This commands prompts you twice for the password. First at 10.0.0.10 and then at 192.168.1.21.
References
© 2004-2024 Guido Socher