Use SSH to Forward Multiple Protocols to Multiple Machines

(This is part five in a series of posts on ssh.)

Let's say you have a half-dozen machines at work you want to log into. Instead of setting up a remote forwarding connection from each of those machines, you can have the connection from your main machine perform multiple forwardings instead of just one. This even works if some of the machines don't support ssh.

It shouldn't surprise you at this point that you can do this with your config file. On your work machine, you might have something like:

Host tunnel
  User mycloudusername
  IdentityFile ~/.ssh/id_dsa
  Port 22
  RSAAuthentication yes
  PubkeyAuthentication yes
  ExitOnForwardFailure yes
  # tunnel ssh to myworkmachine
  RemoteForward 4022 localhost:22
  # tunnel remote desktop to mywindowsbox via myworkmachine
  RemoteForward 5389
  # tunnel http to mywindowsbox via myworkmachine
  RemoteForward 5080
  # tunnel remote desktop to otherwindowsbox via myworkmachine
  RemoteForward 6389
  # tunnel ssh to workserver via myworkmachine
  RemoteForward 7022

You can add a bunch of forwardings as shown above. Each entry will open the given port on cloud and forward it to the specified port on the specified machine. Now when you run "ssh tunnel" on your work machine, it will connect to cloud and set up the five port forwardings specified in your config file.

Then when logged in to, you can do, for example, "ssh -p 7022 myserverlogin@localhost" to log into the machine called workserver.

If you mirror the remote forwardings in your home config file as local forwardings, then when you "ssh work" from home you can remote desktop to a windows machine from your home pc by doing "rdesktop -u myworkwinuser localhost:5389" and it will use the tunnel. (The connection will go from your home pc to cloud, to myworkmachine, to mywindowsbox.) The windows machine does not need to know anything about ssh.

Posted on 2009-12-04 by brian in ssh .
Comments on this post are closed. If you have something to share, please send me email.