乐闻世界logo
搜索文章和话题

What are the types and use cases of SSH port forwarding?

2月19日 19:29

SSH Port Forwarding is a powerful feature provided by SSH that allows secure forwarding of network traffic through encrypted SSH connections. It can forward local or remote port traffic to target hosts through SSH tunnels.

Three Port Forwarding Modes

1. Local Port Forwarding

Forwards local port traffic to a target accessible by the remote server.

bash
# Syntax
ssh -L [local_address:]local_port:target_address:target_port user@remote_server

# Example: Access MySQL on remote server
ssh -L 3306:localhost:3306 user@remote-server

# Example: Access internal service through jump server
ssh -L 8080:internal-server:80 jump-server

Use Cases:

  • Access databases on remote servers
  • Access internal network services through jump servers
  • Local development testing of remote services

2. Remote Port Forwarding

Forwards remote server port traffic to a target accessible by the local machine.

bash
# Syntax
ssh -R [remote_address:]remote_port:target_address:target_port user@remote_server

# Example: Let remote server access local development server
ssh -R 8080:localhost:3000 user@remote-server

# Example: Remote access to local database
ssh -R 3306:localhost:3306 user@remote-server

Use Cases:

  • Intranet penetration, allowing external access to local services
  • Remote debugging of local applications
  • Accessing local resources from remote servers

3. Dynamic Port Forwarding

Creates a SOCKS proxy that supports dynamic forwarding to multiple targets.

bash
# Syntax
ssh -D local_port user@remote_server

# Example: Create SOCKS proxy
ssh -D 1080 user@remote-server

Use Cases:

  • Browser proxy access to internal network resources
  • Unified proxy for multiple target services
  • Bypass network restrictions

Advanced Configuration

Persistent Connections

bash
# Use autossh to maintain connection
autossh -M 0 -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -L 8080:remote:80 user@server

# Or set in SSH configuration
ServerAliveInterval 60
ServerAliveCountMax 3

SSH Configuration File

bash
# ~/.ssh/config
Host tunnel
    HostName remote-server.com
    User username
    LocalForward 8080 localhost:80
    RemoteForward 9000 localhost:3000
    DynamicForward 1080

Background Running

bash
# Run port forwarding in background
ssh -f -N -L 8080:remote:80 user@server

# -f: Run in background
# -N: Do not execute remote command

Security Considerations

  1. Access Control:

    • Use GatewayPorts no to restrict to local access only
    • Configure firewall rules to restrict forwarded ports
    • Use AllowTcpForwarding to control forwarding permissions

  2. Connection Security:

    • Use strong encryption algorithms
    • Regularly rotate SSH keys
    • Monitor abnormal connection behavior

  3. Resource Management:

    • Set connection timeouts
    • Limit concurrent connections
    • Regularly clean up unused forwarding rules

Practical Use Cases

Development Environment Access

bash
# Access development database through jump server
ssh -L 3307:dev-db.internal:3306 jump-server

# Then connect locally
mysql -h 127.0.0.1 -P 3307 -u user -p

Internal Service Debugging

bash
# Expose local development server to remote team
ssh -R 8080:localhost:3000 remote-server

# Team members access via http://remote-server:8080

Secure Browsing

bash
# Create SOCKS proxy
ssh -D 1080 corporate-server

# Configure browser SOCKS5 proxy to 127.0.0.1:1080

SSH port forwarding is an essential skill for network engineers and developers, capable of securely solving complex network access requirements.

标签:SSH
热门标签
更多
Git(114)C语言(23)C++(15)前端(148)React(32)JavaScript(56)Linux(20)Rust(10)Docker(65)Cypress(4)TypeScript(23)Tailwind CSS(29)Vue(13)CSS(19)网络(12)MySQL(7)TypeORM(31)Next.js(30)