title: SSH Port Forwarding Functionality
date: 2012-08-27 12:10:53
tags:#
SSH has port forwarding functionality.
There are three powerful port forwarding commands in SSH:
chmod 700 xxx.pem # xxx.pem is a personal certificate
ssh -C -f -N -g -D 8000 -i xxx.pem root@xx.com
This command generates port 8000, which can be used as a socket4 proxy.
QUOTE:
ssh -C -f -N -g -L listen_port:DST_Host user@Tunnel_Host
ssh -C -f -N -g -R listen_port:DST_Host user@Tunnel_Host
ssh -C -f -N -g -D listen_port user@Tunnel_Host
-f Fork into background after authentication.
Authenticate the user/password in the background, usually used with -N to avoid logging into the remote host.
-p port Connect to this port. Server must be on the same port.
The sshd service port of the SSD server being logged in.
-L port:host
Forward a specific port on the local machine (client) to a specified port on a remote machine. The working principle is as follows: a socket is allocated on the local machine to listen on the port. Once a connection is made on this port, the connection is forwarded through the secure channel, and a connection is established between the remote host and hostport. Port forwarding can be specified in the configuration file. Only root can forward privileged ports. IPv6 addresses are specified in a different format: port/host/hostport.
-R port:host
Forward a specific port on the remote host (server) to a specified port on the local machine. The working principle is as follows: a socket is allocated on the remote host to listen on the port. Once a connection is made on this port, the connection is forwarded through the secure channel, and a connection is established between the local host and hostport. Port forwarding can be specified in the configuration file. Only root can forward privileged ports. IPv6 addresses are specified in a different format: port/host/hostport.
-D port
Specify a "dynamic" application port forwarding on the local machine. The working principle is as follows: a socket is allocated on the local machine to listen on the port. Once a connection is made on this port, the connection is forwarded through the secure channel, and based on the application protocol, it can be determined where the remote host will connect. Currently, SOCKS4 protocol is supported, and it will act as a SOCKS4 server. Only root can forward privileged ports. Dynamic port forwarding can be specified in the configuration file.
-C Enable compression.
Enable data compression during transmission.
-N Do not execute a shell or command.
Do not execute scripts or commands, usually used with -f.
-g Allow remote hosts to connect to forwarded ports.
In the -L/-R/-D parameters, allow remote hosts to connect to the established forwarded ports. If this parameter is not included, only the local host is allowed to establish connections.