User Tools

Site Tools



ssh Quick Reference

This is just some common tricks to use for ssh

Port Forwarding

ssh has the ability to forward an IP:port as seen by the local machine to an IP:port as seen by the remote machine. The most common occurrence of this would be to be able to access an internal web site when you ssh into a remote machine that is on that internal network.

The syntax uses the -L parameter to ssh, in the form

ssh -L localip:localport:remoteip:remoteport something

Remember, the local port is as seen by the local machine, and the remote ip/port is as seen by the remote machine. Let's use an example where we want to hit an internal web site where we have remote ssh capabilities. We can log into the remote server as


The internal IP of is, and we want to hit an HTTPS (port 443) web site at (same subnet). We can not use ports under 1024 unless we are root, so we'll use port 8080 on our local machine (localhost) to get to that. The following command shows the example.

ssh -L localhost:8080:
# or, you can leave off the first IP and localhost is assumed
ssh -L 8080:

When this connection is made, any traffic going to localhost:8080 will be forwarded over the ssh connection to on port 443. So, we can open our web browser on our local machine and put in the URL:


and see the normally inaccessible web site on the remote network.

Note: You should not try to use a port that is already being used on your machine. So, for example, if you have a web server running on your local machine at port 8080, ssh can get very confused. In that case, you would want to use another port. You can use any unused port between 1025 and 65535 (don't know about the first and last ones there).

Relay Port Forwarding

I don't know the actual term for this, but we can forward a port to some machine, then forward that port to still another one. In this case, we have, which we can get to. We also have which we can not get to unless we are logged into jane. We need to get to a Windows RDP server which can get to (port 3389).

ssh -L localhost:3389:localhost:3389
# we make the connection to jane and get a command prompt
ssh -L localhost:3389:
# we are now on john, and 3389 from jane is forwarded to windows
# server at

In this case, we have said any traffic for port 3389 on my local machine is forwarded to localhost port 3389 on jane in the first command.

The second ssh command says any traffic for port 3389 on my local machine (jane) is forwarded to port 3389 on the machine on my same subnet at on port 3389

You can now open an rdp client on your local machine to connect to localhost:3389. Any traffic for that will be forwarded to jane, which will then forward to john, who will then forward to

quickreference/ssh.txt · Last modified: 2018/10/27 23:45 by rodolico