Walker News

SSH Remote Port Forwarding In 3 Minutes

I’ve just wrote about How to setup SSH Port Forwarding in Linux with OpenSSH client and in Windows Vista with Putty networking freeware.

As you guess, SSH Remote Port Forwarding is just the opposition of SSH LOCAL Port Forwarding!

In order to visualize the concept, I find it perfectly to revert the arrows in the diagram above. Anyway, I’m too lazy to redraw it and think of saving some tiny bits of hosting space too :-)!

Visualize SSH Local Port Forwarding that encrypting insecure TCP connection with SSH tunnel, i.e. via SSH protocol!
Visualize SSH Local Port Forwarding that encrypting insecure TCP connection with SSH tunnel, i.e. via SSH protocol!

Though, the port 22 is suppose exists in Walker-B (the OpenSSH server listening port for SSH protocol). The SSH client that initiate connection will be using arbitrary local TCP port that’s free.

How to setup or configure SSH REMOTE Port Forwarding in Linux (Walker-A) with OpenSSH client?

3-minutes SSH Remote Port Forwarding? Assuming OpenSSH server/client is up and running, I don’t think this exercise need more than 1 minutes to complete!

At Walker-A machine that running Real VNC server and OpenSSH server/client on Red Hat Enterprise Linux, execute this command:

ssh -R 988:localhost:5907 root@Walker-B
How to read that SSH Remote Port Forwarding command syntax?
  • Instructs Walker-A OpenSSH client to login Walker-B OpenSSH server with root user ID, and
  • Establish the secure SSH Tunnel that end up with a remote listening port 988 at Walker-B

Once the authentication completed successfully, keep the SSH session remains open and active, so as to establish and maintain the secure SSH Tunnel.

Now, at Walker-B, the netstat or nc command will shows that a local TCP port 988 is opened and listening for TCP connections.

So, Walker-B VNC Viewer is ready to login Walker-A VNC server with SSH Remote Port Forwarding technique via the secure SSH Tunnelling:

vncviewer localhost:988

As usual, instead of executing vncviewer Walker-A:5907, the vncviewer connect to the local TCP port with loopback IP address! (Refers to SSH LOCAL Port Forwarding at previous post.)

You can imagine that
  1. An agent (SSH client) of Walker-A is commanded to built a secure tunnel from the inside of Walker-A to the inner of Walker-B machine with a Walker-B official pass (the root user ID and password for authentication),
     
  2. The tunnel’s entry at the remote host (Walker-B) is fixed and called Port 988,
     
  3. When Walker-B agent (VNC Viewer) wants to communicate with VNC server, it’ll have to check in at Port 988, travel through the secure tunnel, check out at Walker-A and walks towards VNC server via an insecure (but trusted) route!

Is the “story” makes the concept clearer, or the illustration still serve the purpose better?

Custom Search

  1. jameshanley39 15-11-07@10:36

    this was clear. I had got local port forwarding working. Then read this and it makes sense to me.

    it may be worth mentioning, that i think the reason why you – wisely – did not write in ssh client or ssh server along with vnc client or vnc server, in your diagram. Is that the ssh client and ssh server are the other way, for this. As is implied by saying the arrows change direction in the diagram. And that becomes clear in your text too. I didn`t realise that immediately!

    great article.

2017  •  Privacy Policy