Learn how to setup an SSH tunnel proxy server as an intermediary between a local computer and remote server that has an inaccessible resource or service.
Understanding SSH Tunnel Proxy Servers
Let’s say there is a service on a remote server that is running on port 80 (the private server). You want to access this service from your local computer, but the only way to access it right now is from another server (i.e. the proxy server).
Since you have SSH access to the proxy server, you can send the remote service over the SSH port via a tunnel.
Let’s take a look at a specific example.
SSH Proxy Tunnel Example
The command for establishing an SSH proxy tunnel looks like this.
ssh -N -L -p 22 localhost:8888:188.8.131.52:80 firstname.lastname@example.org
- -N is a flag to just forward ports and not execute remote commands
- -L forwards local connections to the remote side
- -p 22 is the SSH port of the remote server. This can be a different port, but needs to be open
- localhost is the host on the local machine that will bind to the remote service
- 8888 is the port that the local machine will listen on
- 184.108.40.206 is the public IP address of the remote service
- 80 is the port of the remote service
- root is the SSH user of the remote server
- 220.127.116.11 is the public IP address of the proxy server
After executing the SSH tunnel command, the remote service at 18.104.22.168:80 will be accessible on the local machine at localhost:8888 via the proxy server at 22.214.171.124.
The above example is quite explicit. Here are some ways to shorten it.
- You don’t need to include localhost of the local machine because that is the default
- The default SSH port is 22, so you don’t need to specify that either
- The -N flag is optional. Functionality will be the same whether or not you include it
ssh -L 8888:126.96.36.199:80 email@example.com
Other SSH Tunnel Types
A few different flavors of SSH tunnels exist. In addition to SSH tunnel proxy servers, there are also SSH tunnels and reverse SSH tunnels. Depending on your use case, these other types of SSH tunnels may suit your needs.