SSH Port forwarding from remote to local machine

by jagbir on July 9, 2008

SSH has a wonderful feature called SSH Port Forwarding, also known as SSH Tunneling, which allows you to establish a secure SSH session and then tunnel arbitrary TCP connections through it. Tunnels can be created at any time, with almost no effort and no programming, which makes them very appealing.

Here I’ll illustrate it using an example. Suppose you have installed and configured Jabber Instant Messaging Server (check out to do that on this site here). You found later that in the Server machine, there’s no GUI available and you need to access its graphical web admin interface. In this case, you can easily forward port from Server machine to your own PC to access the admin interface. You might know that ejabberd (Jabber Server) web admin interface is available on port 5280.

Just for checking, try once to telnet to port 5280 on locahost:

[root@Desktop]# telnet localhost 5280
telnet: connect to address Connection refused
telnet: Unable to connect to remote host: Connection refused

The connection was refused as there’s no service to entertain the request on specified port.

Let’s do the forwarding now. The syntax is: ssh -L localport:remotehost:remoteport remotehostip

Here is the example:

[root@Desktop]# ssh -L 5280:localhost:5280
Password: ******

It should come to remote server shell, leave it as is.

You will be logged in Server and the specified port will be forwarded to your host. Sometimes, its uncomfortable to login in the Server while we just need to do only port forwarding, you can avoid logging in Server by using -N option with ssh command.

Just jump to another another shell and try to telnet localhost now:

[root@Desktop]# telnet localhost 5280
Connected to localhost.localdomain (
Escape character is '^]'.

Cool. you are able to connect. Open your browser and type: http://localhost:5280/admin/ to open the web admin interface of ejabberd IM Server.

You may also like to read:
* 5 steps to secure your Linux Server
* Ensuring secure access to production Linux Servers
* Bash script to backup essential log files in Linux
* Quickly change your ssh port from defualt 22 to something higher
* SSH port forwarding from remote to local machine
* Save root or user history to check later
* Install and configure denyhost to prevent brute force attacks

Previous post:

Next post: