Linux CLIscripting~5 mins

SSH tunneling (port forwarding) in Linux CLI - Commands & Configuration

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Introduction

Sometimes you need to securely access a service on a remote computer that is not directly reachable. SSH tunneling lets you create a secure path through your SSH connection to forward network traffic from your local machine to the remote service.

When you want to access a database on a remote server that is blocked by a firewall.

When you need to securely browse a website through a remote server.

When you want to connect to a remote desktop or application that only listens on localhost of the remote machine.

When you want to encrypt traffic between your local machine and a remote service without changing the service itself.

When you need to bypass network restrictions by forwarding ports through an SSH server.

Commands

This command creates an SSH tunnel that forwards your local port 8080 to port 80 on the remote server example.com. You can then access the remote web server by opening http://localhost:8080 on your local machine.

Terminal

ssh -L 8080:localhost:80 user@example.com

Expected OutputExpected

user@example.com's password:

→

-L - Specifies local port forwarding in the format local_port:remote_host:remote_port

This command tests the SSH tunnel by sending an HTTP request to the local forwarded port 8080, which is tunneled to the remote server's port 80.

Terminal

curl http://localhost:8080

Expected OutputExpected

<!DOCTYPE html> <html> <head><title>Example Domain</title></head> <body> <h1>Example Domain</h1> <p>This domain is for use in illustrative examples in documents.</p> </body> </html>

This command sets up remote port forwarding. It forwards port 9090 on the remote server to port 3000 on your local machine. This allows users on the remote server to access your local service running on port 3000.

Terminal

ssh -R 9090:localhost:3000 user@example.com

Expected OutputExpected

user@example.com's password:

→

-R - Specifies remote port forwarding in the format remote_port:local_host:local_port

This command creates a local port forwarding tunnel for MySQL (port 3306) without opening a remote shell (-N). It forwards your local port 3306 to the remote server's port 3306, useful for database connections.

Terminal

ssh -N -L 3306:localhost:3306 user@example.com

Expected OutputExpected

No output (command runs silently)

→

-N - Do not execute remote commands, useful for port forwarding only

→

-L - Local port forwarding

Key Concept

If you remember nothing else from SSH tunneling, remember: port forwarding securely sends local or remote traffic through an encrypted SSH connection to access services behind firewalls or on localhost.

Common Mistakes

Using the wrong port numbers or hostnames in the forwarding syntax.

The tunnel will not connect to the intended service, causing connection failures.

Double-check the local port, remote host, and remote port values to match the service you want to access.

Not using the -N flag when only port forwarding is needed.

An unnecessary remote shell session opens, which may be confusing or unwanted.

Use -N to prevent opening a remote shell when you only want to forward ports.

Trying to forward ports that are already in use on the local or remote machine.

The SSH command will fail with an error about the port being busy.

Choose free ports on both local and remote sides before setting up the tunnel.

Summary

Use ssh -L to forward a local port to a remote service through SSH.

Use ssh -R to forward a remote port to a local service through SSH.

Use the -N flag to create tunnels without opening a remote shell session.