The Daily Build

(This is part two in a series of posts on ssh.)

Ssh tunneling can be a bit mind bending at first, but it’s simple when you get used to it. Assume that you’re trying to ssh between two sites that do not allow incoming ssh. Maybe your IT at work is unenlightened and doesn’t have an ssh gateway. And your ISP has braindead configuration rules that don’t allow incoming ssh or they make it difficult.

What you need to get around this is a server “in the cloud” that permits ssh logins. This could be a hosting server that you pay for, or even a friend with an enlightened ISP who will give you a login account.

On your work PC, use ssh to login to the “cloud” server. Using the “-R” argument, you tell ssh to listen on a TCP port on the cloud server. Any connection coming in to this server will be forwarded back through the ssh connection to the TCP port you specify. For example, on mymachine.work.com, “ssh -R 4022:localhost:22 me@cloud.example.com” tells ssh to listen on cloud’s port 4022. Incoming connections to that port on cloud will be forwarded to port 22 (ssh) on mymachine.

By default, ssh will only listen to port 4022 on cloud’s localhost interface. So to log in to work, you will first need to log into cloud, and then use “ssh -p 4022 myworklogin@localhost” to log into work.

We’ll work around this limitation in the next post in this series.

Like this post? Get updates from my feed.

Related posts:

1. Use Local SSH Forwarding to Reduce the Number of Manual Hops Local port forwarding is the same as remote port forwarding...
2. Open an SSH Tunnel in Four Seconds or Less As I mentioned in a previous post on ssh configuration,...
3. Use SSH to Forward Multiple Protocols to Multiple Machines Let's say you have a half-dozen machines at work you...
4. How to Tell SSH Who You Are Do you log in to several servers with different usernames...
5. Using Python’s ctypes to Call Into C Libraries The ctypes module makes loading and calling into a dynamic...