Secure Tunnelling with SSH - Any Port In A Storm (
Page 6 of 9 )
One of the things that frequently goes unmentioned when discussing SSH port forwarding - perhaps because it's not so obvious at first glance - it that you can use the remote host to forward connections to *any* other named host (not just to itself) on the network.
If you look at the example on the previous page again,
[me@olympus] $ /usr/local/ssh/bin/ssh -L 9000:localhost:110 brutus
you will notice that I am using the remote host "brutus" to open connections to port 9000 on a host named "localhost". Since "brutus" automatically resolves the host name "localhost" to itself, I could also write the command above as
[me@olympus] $ /usr/local/ssh/bin/ssh -L 9000:brutus:110 brutus
and obtain an equivalent result.
This opens up an interesting possibility - using an SSH connection between two hosts to create a connection to a third host. Can it be done? Yes indeedy - take a look:
[me@olympus] $ /usr/local/ssh/bin/ssh -L 9001:medusa:25 brutus
In this case, all connections made to port 9001 on my local machine "olympus" will automatically get forwarded to port 25 (the SMTP port) on the new host "medusa" via the host "brutus". Try it and see for yourself:
[me@olympus] $ telnet localhost 9001
Trying 127.0.0.1...
Connected to localhost
Escape character is '^]'.
220 medusa.domain.com ESMTP Sendmail 8.9.3/8.9.3; Fri, 28 Mar 2003 11:11:44
+0530
Neat, huh?
