SSH tricks: Forward and Reverse Tunneling for Fun and Profit
SSH or Secure SHell is a protocol for connecting to a remote computer’s shell securely. Many people use it for just this purpose, but there are several less used, yet extremely useful tricks you can use to get more out of SSH.
In this post, I will cover what forward and reverse tunneling of ports through SSH is. Why you would want to do it, and how to do it. Port tunneling is also known as port forwarding.
Forward Tunneling
Port forwarding allows a specific port to be mapped between one computer and another. A forward tunnel allows you to have a remote port appear as a local one.
This can be useful if you need to connect your MySQL query browser to a remote database, but the database only listens to localhost. Although this section only talks about MySQL, it is applicable to almost any other piece of client/server software that uses specific ports.
To forward port 3306 (MySQL’s default port) to your local systems port 3306 use the following command:
ssh user@remote-hostname -L 3306:remote-hostname:3306
If you are running MySQL locally on port 3306, or want to use a different local port to the remote port, change the port before the first colon:
ssh user@remote-hostname -L 3305:remote-hostname:3306
Then you can connect to your remote MySQL server as if it was a local one. Use the usual username, password and database name as you would to connect to the database, but change the host to 127.0.0.1 and the port to 3305. You should now be able to access the remote database as if it was a local one.
Reverse Tunneling
Reverse tunneling allows you to have a port on a remote machine work as if it is a port on your local machine. It’s the exact opposite of a forward tunnel.
You could use this when working on code that needed to be accessed by a service that is outside of your firewall, but not ready to be deployed on a server. For example, developing a payment gateway for a shop, when the payment gateway needs to talk to the code that is on your development machine and you don’t want to (or can’t) make modifications to your firewall.
To reverse tunnel port 8080 on a remote server to port 80 on the local machine use the following command:
ssh username@remote-hostname -R 8080:127.0.0.1:80
This will let you, or anyone else, visit http://remote-hostname:8080 and see what is visible on http://127.0.0.1:80. In this case, your local web server is available to anyone who can see remote-hostname. If remote-hostname is a server available to the whole internet, the whole internet can see into your local machine that is usually hidden behind your firewall.
Some notes
- This guide is for OpenSSH, other implementations may vary.
- You will need to set GatewayPorts to yes in /etc/ssh/sshd_config (Don’t forget to restart sshd after the change).
- When you close your ssh session, the port forwarding stops.
For more information, read the OpenSSH documentation and Frequently Asked Questions