-L [bind_address:]port:host:hostport] # Forward local :8000 to :80 on the host connected to $ ssh -L 8000:localhost:80 host # Forward local :9000 to :9000 on a host the connected to host can reach $ ssh -L 9000:foo.example.com:9000 host -R [bind_address:]port:host:hostport] # Have :8000 on the remote host forward all connections to localhost:80 $ ssh -R 8000:localhost:80 host # Have :8000 on the remote host forward all connections to Google # (useful for testing) $ ssh -R 8000:www.google.com:80 host -D [bind_address:]port # Set up SOCKS proxy listening on localhost:5000. Configure # FoxyProxy for SOCKSv4 or SOCKSv5 on localhost:5000 and you have an # instant HTTP proxy server! Be sure to enable remote resolution so # DNS happens on the remote host. $ ssh -D 5000 host
MyEnTunnel is a Windows application that maintains persistent SSH tunnels. Install it as a startup application and watch as your tunnels always stay connected.
When configuring an SSH server on a new machine, ensure that it has the following items in the config file (typically /etc/sshd_config):
PermitRootLogin no # disable passwords and only allow more secure authn, like pubkey PasswordAuthentication no ChallengeResponseAuthentication no # whitelist specific users AllowUsers gps # whitelist groups AllowGroups foo
For personal (and possibly production machines):