You probably already know how to use SSH to securely log in toremote hosts over the Web. In this article, take things a little further byusing SSH to encrypt connections to other ports as well. Scenarios coveredinclude securing your mail server connection so that your mail password isalways protected and creating secure pathways through firewalls for trustedhosts.
One of the things that frequently goes unmentioned when discussing SSH port forwarding - perhaps because it's not so obvious at first glance - it that you can use the remote host to forward connections to *any* other named host (not just to itself) on the network.
If you look at the example on the previous page again,
you will notice that I am using the remote host "brutus" to open connections to port 9000 on a host named "localhost". Since "brutus" automatically resolves the host name "localhost" to itself, I could also write the command above as
In this case, all connections made to port 9001 on my local machine "olympus" will automatically get forwarded to port 25 (the SMTP port) on the new host "medusa" via the host "brutus". Try it and see for yourself:
[me@olympus] $ telnet localhost 9001
Trying 127.0.0.1...Connected to localhostEscape character is '^]'.220 medusa.domain.com ESMTP Sendmail 8.9.3/8.9.3; Fri, 28 Mar 2003 11:11:44+0530