test

System Administration Guide: Security Services

How to Use Secure Shell Port Forwarding

You can specify a local port to be forwarded to a remote host. Effectively, a socket is allocated to listen to the port on the local side. The connection from this port is made over a secure channel to the remote host. For example, you might specify port 143 to obtain email remotely with IMAP4. Similarly, a port can be specified on the remote side.

  1. To set a local port to be forwarded, specify the local port to listen to, and the remote host and port to forward to.


    myLocalHost% ssh -L localPort:remoteHost:remotePort

  2. To set a remote port to receive a secure connection, specify the remote port to listen to, and the local host and port to forward to.


    myLocalHost% ssh -R remotePort:localHost:localPort

Example — Using Local Port Forwarding to Receive Mail

The following example demonstrates how you can use local port forwarding to receive mail securely from a remote server.


myLocalHost% ssh -L 9143:myRemoteHost:143 myRemoteHost

This command forwards connections to port 9143 on myLocalHost to port 143 (the IMAP v2 server port) on myRemoteHost. When the user launches a mail application, he or she needs to specify the local port number. An example that uses the dtmail command is shown in Figure 4–1.

Note that the term localhost in this case and in Example — Using Remote Port Forwarding to Communicate Outside of a Firewall refers to the keyword that designates the user's local host. localhost should not be confused with myLocalHost, the hypothetical host name that is used to identify a local host in the examples in this chapter.

Figure 4–1 Specifying Port Forwarding for Email

Dialog box titled Mailer - Login. The IMAP Server field shows the server name followed by a colon and the port number.

Example — Using Remote Port Forwarding to Communicate Outside of a Firewall

This example demonstrates how a user in an enterprise environment can forward connections from a host on an external network to a host inside a corporate firewall. 


myLocalHost% ssh -R 9022:myLocalHost:22 myOutsideHost

This command forwards connections to port 9022 on myOutsideHost to port 22 (the sshd server) on the local host.


myOutsideHost% ssh -p 9022 localhost
myLocalHost%

This command demonstrates how after the remote forwarding connection has been established, the user can use ssh to connect securely from the remote host.