Creating an SSH tunnel in Linux allows you to securely forward traffic between your local machine and a remote server. This can be useful for a variety of purposes, such as encrypting your connection or accessing services on a remote server that are not directly accessible from your local machine. There are two main types of SSH tunnels: local and remote.
Here's how you can create both types of SSH tunnels using the `ssh` command in Linux:
1. Local Port Forwarding:
Local port forwarding allows you to forward traffic from a port on your local machine to a port on a
remote server.
ssh -L local_port:remote_host:remote_port user@ssh_server
- local_port: The port on your local machine where you want to receive the forwarded
traffic.
- remote_host: The hostname or IP address of the remote server.
- remote_port: The port on the remote server to which the traffic will be forwarded.
- user: Your username on the remote server.
- ssh_server: The hostname or IP address of the SSH server you're connecting to.
Example:
To forward traffic from a remote server's port 80 to your local machine's port 8080 :
2. Remote Port Forwarding:
Remote port forwarding allows you to forward traffic from a port on a remote server to a
port on your local machine.
ssh -R remote_port:local_host:local_port user@ssh_server
- remote_port: The port on the remote server where you want to receive the forwarded
traffic.
- local_host: The hostname or IP address of your local machine as seen from the remote
server (usually `localhost` or `127.0.0.1`).
- local_port: The port on your local machine to which the traffic will be forwarded.
- user: Your username on the remote server.
- ssh_server: The hostname or IP address of the SSH server you're connecting to.
Example:
To forward traffic from a local machine's port 80 to remote server's port 8080:
ssh -R 8080:localhost:80 user@192.168.1.100
Remember to replace placeholders like `local_port`, `remote_host`, etc., with the appropriate values for your setup. Also, make sure that you have SSH access to the remote server and that the necessary ports are allowed through any firewalls.
No comments:
Post a Comment