Using SSH for tunneling

A very useful resource (in French) to use SSH, with specific use cases: Les_tunnels_SSH

Another useful (and short one for tunneling):

Connecting to another remote computer through a common central computer

In short, if you have a configuration with 3 computers (A – B – C) and you want to connect to A (arrival) from C (client) but A doesn’t allow direct SSH connection, you can do the following:

  1. On A and B, install openssh-server
  2. On A, open an SSH connection to B: ssh -R 5000:localhost:22 user-on-B@B
  3. From C, connect to B: ssh user-on-B@B
  4. Using the open connection on B, open a connection to A: ssh -p 5000 user_on_A@localhost

This should get you all ready to work on A.

Opening a browser

Another special case is you have A-B-C, you are on C and want to access the internal website running on A, but you can only access B in SSH, and from B, access A.

  1. Install openssh-server on A and B
  2. From C, instruct your SSH client to connect to B and to link your local port 8080 to A’s port 80: ssh -L 8080:A.A.A.A:80 user_on_B@B.B.B.B
  3. Open your browser on http://localhost:8080

Opening a browser to a named host in SSL

Finally, a more complex case could be to open your browser in HTTPS to a server that only answers correctly if you use a specific domain (or subdomain) name. We use the same terminology as above, where you (as a client) are C, and want to connect to A but have to pass through B.

Let’s say the destination URL is

  1. Install openssh-server on A and B
  2. Add the domain name you want to reach as an alias for in your /etc/hosts file ( localhost
  3. From C, instruct your SSH client to connect to B and to link your local port 8080 to A’s port 443 (for SSL): ssh -L user_on_B@B.B.B.B
  4. Open your browser on

Note that, depending on the web application on the other hand, the fact that you use port :8080 to reach it might generate some issues, like for example that, following a link in the application, the URL would be returned to a version without the port number. In this case, you would have to manually update the URL to add the port again.

It's only fair to share...Share on Facebook
Tweet about this on Twitter
Share on LinkedIn
Share on Tumblr
Email this to someone

Leave a Reply

Your email address will not be published. Required fields are marked *