ssh tweaks

local port forwarding

ssh -L 8080:127.0.0.1:8080 user@remote.system.com

The command forwards the local port of the system remote.system.com to the localhost of the machine from which we are trying to ssh into remote.system.com

remote port forwarding

ssh -R 8000:127.0.0.1:8000 user@remote.system.com

When someone tries to access the remote.system.com's port 8000 the request will be forwarded to local system's port 8000. For this to work properly we might need to edit /etc/ssh/sshd_config on remote.system.com to allow

GatewayPorts yes

dynamic port forwarding

ssh -D 1080 -C -N -f ubuntu@remote.system.com

where

• -D 1080 — dynamic port forwarding via 1080;
• -C — compress all data;
• -N — do not execute remote command or shell;

• -f — run in background. Dynamic port forwarding sets up a connection that will forward traffic to a remote server, irrespective of the destination port. Effectively it turns the SSH client into a SOCKS5 proxy server. Some advantages of dynamic port forwarding are

• protocol agnostic (can handle HTTP and many others)

• TCP and UDP
• DNS resolution (happens on the proxy server rather than the client).

Using dynamic port forwarding for various services

ssh jump host

ssh -J user@bastion.remote.system.com user@remote.system.com

scp -J user@jump localfile.txt user@target:/path/

Persistent configuration

It can be set on the client's ~/.ssh/config file

# The public gateway
Host jump-host
    HostName jump.example.com
    User your-user

# The internal server reachable only via the jump host
Host target-server
    HostName 10.0.0.50
    User internal-user
    ProxyJump jump-host