A QUICK REFERENCE TO… SSH TUNNELLING
An SSH tunnel is an SSH connection between two computers that is used to transfer data securely between the two. For example, ssh -L 8080:localhost:80 example.com results in all connections to port 8080 on the local computer being forwarded to port 80 on example.com. There are various reasons you may want to do this. There may be a restriction that prevents you directly connecting to port 80 on the remote computer with a browser. Or you may wish to send sensitive data with a program that does not provide its own encryption. All traffic going through the tunnel is encrypted by SSH. A good example is the VNC problem answered on the previous page – VNC is not encrypted but you may not want anyone to be able to snoop on what you are doing on your desktop.
The above example uses the -L option to set up local port forwarding,
from a port on the local computer to one on the remote system. You can also set up a reverse tunnel to facilitate a connection in the opposite direction, with the -R option:
$ ssh -R 8080:localhost:80 example.com
In this case, we are connecting port 8080 on the remote system to the local port 80.
Although we have set up a tunnel through localhost, the tunnel allows connections from any computer. Another computer on your LAN can connect to port 8080 on your computer in the first example to access the remote system. You can prevent that by adding a bind address – to only allow the tunnel to be used by the system that is running it, you could do the following:
$ ssh -L 127.0.0.1:8080:localhost:80
example.com