Go to main content

Managing Secure Shell Access in Oracle® Solaris 11.3

Exit Print View

Updated: October 2019
 
 

How to Use Port Forwarding in Secure Shell

You can specify that a local port be forwarded to a remote host. Effectively, a socket is allocated to listen to the port on the local side. The connection from this port is made over a secure channel to the remote host. For example, you might specify port 143 to obtain email remotely with IMAP4. Similarly, a port can be specified on the remote side.

Before You Begin

To use port forwarding, the administrator must have enabled port forwarding on the remote Secure Shell server. For details, see How to Configure Port Forwarding in Secure Shell.

  • Set secure port forwarding either from a remote port to a local port or from a local port to a remote port.
    • To set a local port to receive secure communication from a remote port, specify both ports.

      Specify the local port that listens for remote communication. Also, specify the remote host and the remote port that forward the communication.

      mySystem$ ssh -L localPort:remoteHost:remotePort 
    • To set a remote port to receive a secure connection from a local port, specify both ports.

      Specify the remote port that listens for remote communication. Also, specify the local host and the local port that forward the communication.

      mySystem$ ssh -R remotePort:localhost:localPort
Example 5  Using Local Port Forwarding to Receive Mail

The following example demonstrates how you can use local port forwarding to receive mail securely from a remote server.

mySystem$ ssh -L 9143:myRemoteSys:143 myRemoteSys 

This command forwards connections from port 9143 on myLocalHost to port 143. Port 143 is the IMAP v2 server port on myRemoteSys. When the user launches a mail application, the user specifies the local port number for the IMAP server, as in localhost:9143.

Example 6  Using Remote Port Forwarding to Communicate Outside of a Firewall

This example demonstrates how a user in an enterprise environment can forward connections from a host on an external network to a host inside a corporate firewall.

mySystem$ ssh -R 9022:mySystem:22myOutsideHost

This command forwards connections from port 9022 on myOutsideHost to the port where the sshd daemon listens on the local host. Typically, the listening port is port 22.

myOutsideHost$ ssh -p 9022 localhost
mySystem$