[SGVLUG] example .ssh/config for port forwarding

Claude Felizardo cafelizardo at gmail.com
Sat Jan 12 00:08:23 PST 2013 

During the ssh tunneling presentation at the last meeting I mentioned
that I set up quite a few forwards when I connect from work to home.
Because I might open multiple connections I don't want to clutter my
screen with lots of bind errors because I have already created a
listener for the port so I have two aliases.  The first just does a
simple connect, the other sets up a slew of forward assignments so I
can access multiple devices at home.  I can then open a web browser
and go to localhost:5001 to connect to my router for example.  So
here's part of my .ssh/config file:

ForwardX11 yes
ForwardAgent yes
ForwardX11Trusted yes

Host home
   Hostname my.ip.at.home
   Port 5022                                    <-- use non standard
port for ssh

Host home-forwards
   Hostname my.ip.at.home
   Port 5022                                    <-- use non standard
port for ssh
   # forward connections to TiVos
   LocalForward 5052 10.5.1.52:80    <- TiVo's have static IP's so I
just add my base port number
   LocalForward 5053 10.5.1.53:80
   LocalForward 5054 10.5.1.54:80
   # forward router
   LocalForward 5001 10.5.1.1:80      <-- connect to router
   # forward voice
   LocalForward 5002 10.5.1.2:80
   # forward wireless router
   LocalForward 5004 10.5.1.4:80
   # forward webmin
   LocalForward 5010 localhost:10000

   # forward voice
   LocalForward 5254 10.5.1.254:80

# file server
   LocalForward 5100 10.5.1.10:80                 <-- web server
   LocalForward 5122 10.5.1.10:22                 <-- ssh
   LocalForward 5110 10.5.1.10:10000           <-- webmin

# hp color printer
   LocalForward 5211 10.5.1.21:80

# ReadyNAS
   LocalForward 5200 10.5.1.20:80
   LocalForward 5222 10.5.1.20:22
   LocalForward 5243 10.5.1.20:443

# naspro
   LocalForward 5300 10.5.1.30:80
   LocalForward 5322 10.5.1.30:22
   LocalForward 5343 10.5.1.30:443


As you can see this would have required a horrendously long list of
-L lport:rhost:rport options.

Check the man page for ssh.  Make note of the difference between -L
which opens ports on the local side vs -R which opens ports on the
remote side.

I'll have to give the -D option a try when I get a chance.

Claude

More information about the SGVLUG mailing list