(This is part five in a series of posts on ssh.)
Let's say you have a half-dozen machines at work you want to log into. Instead of setting up a remote forwarding connection from each of those machines, you can have the connection from your main machine perform multiple forwardings instead of just one. This even works if some of the machines don't support ssh.
It shouldn't surprise you at this point that you can do this with your config file. On your work machine, you might have something like:
Host tunnel HostName cloud.example.com User mycloudusername IdentityFile ~/.ssh/id_dsa Port 22 RSAAuthentication yes PubkeyAuthentication yes ExitOnForwardFailure yes # tunnel ssh to myworkmachine RemoteForward 4022 localhost:22 # tunnel remote desktop to mywindowsbox via myworkmachine RemoteForward 5389 192.168.4.10:3389 # tunnel http to mywindowsbox via myworkmachine RemoteForward 5080 192.168.4.10:80 # tunnel remote desktop to otherwindowsbox via myworkmachine RemoteForward 6389 192.168.4.11:3389 # tunnel ssh to workserver via myworkmachine RemoteForward 7022 192.168.4.2:22
You can add a bunch of forwardings as shown above. Each entry will open the given port on cloud and forward it to the specified port on the specified machine. Now when you run "ssh tunnel" on your work machine, it will connect to cloud and set up the five port forwardings specified in your config file.
Then when logged in to cloud.example.com, you can do, for example, "ssh -p 7022 myserverlogin@localhost" to log into the machine called workserver.
If you mirror the remote forwardings in your home config file as local forwardings, then when you "ssh work" from home you can remote desktop to a windows machine from your home pc by doing "rdesktop -u myworkwinuser localhost:5389" and it will use the tunnel. (The connection will go from your home pc to cloud, to myworkmachine, to mywindowsbox.) The windows machine does not need to know anything about ssh.