Permanent SSH tunnels
I use this sometimes when I have a web service I want access to do development work with on some remote server, but I dont want to expose it to the internet.
ssh -L 9090:localhost:8080 some-server
Doing something like this will hit the remote server at port 8080:
This flag uses the SOCKS protocol, you can point firefox to it:
# Temporary Firefox session commands. alias socks-proxy="ssh -D 50000 -N me@some-server" alias firefox-proxy="firefox -P \"Proxy\""
Reverse SSH tunnels are really useful if you want access to a machine that is behind a firewall. Firewalls, like those found in consumer routers, don’t typically block outbound connections to certain ports. So that means you can used an established outgoing connection to funnel traffic/requests from outside in.
Here’s a plain SSH example:
ssh -R 8888:localhost:22 example.net
You can run the following command on the remote machine:
ssh -p 8888 localhost
Combined with autossh
You can combine this with autossh to have persistant ssh tunnels to hosts that are behind firewalls.
autossh -R 8888:localhost:22 example.net -M 0
- Use DNS if you can, just in case you need to change the addresses
- Might be possible to add your autossh script as a systemd service