Skip to content

Instantly share code, notes, and snippets.

@todgru

todgru/ssh-tunnel.md

Last active May 6, 2023 15:32
Show Gist options
  • Save todgru/9609262 to your computer and use it in GitHub Desktop.
Save todgru/9609262 to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. todgru revised this gist Mar 17, 2014. 1 changed file with 3 additions and 18 deletions.
    21 changes: 3 additions & 18 deletions ssh-tunnel.md
    View file
    Original file line number Diff line number Diff line change
    @@ -2,7 +2,7 @@

    Our db is hosted on Amazon. Our web server can connect to the db. Connections to the db are not allowed outside of the web server.

    ## Run ssh tunnel locally: ##
    ### Run ssh tunnel locally: ###

    This creates a tunnel from my local machine to the web server:

    @@ -11,12 +11,13 @@ This creates a tunnel from my local machine to the web server:
    `-N` -- `Do not execute a remote command. This is useful for just forwarding ports (protocol version 2 only).
    `

    ## Connect to db using your favorite db interface. ##
    ### Connect to db using your favorite db interface. ###

    An example using `mysql`:

    $ mysql -uusername -h 127.0.0.1 -P 3307 -p


    From `man ssh`:

    ```
    @@ -33,19 +34,3 @@ From `man ssh`:
    ``localhost'' indicates that the listening port be bound for local use only, while an empty
    address or `*' indicates that the port should be available from all interfaces.
    ```

    From `man ssh_config`:

    ```
    LocalForward
    Specifies that a TCP port on the local machine be forwarded over the secure channel to
    the specified host and port from the remote machine. The first argument must be
    [bind_address:]port and the second argument must be host:hostport. IPv6 addresses can be
    specified by enclosing addresses in square brackets. Multiple forwardings may be specified,
    and additional forwardings can be given on the command line. Only the superuser can forward
    privileged ports. By default, the local port is bound in accordance with the GatewayPorts
    setting. However, an explicit bind_address may be used to bind the connection to a specific
    address. The bind_address of ``localhost'' indicates that the listening port be bound for
    local use only, while an empty address or `*' indicates that the port should be available from all
    interfaces.
    ```
  2. todgru revised this gist Mar 17, 2014. 1 changed file with 21 additions and 21 deletions.
    42 changes: 21 additions & 21 deletions ssh-tunnel.md
    View file
    Original file line number Diff line number Diff line change
    @@ -21,31 +21,31 @@ From `man ssh`:

    ```
    -L [bind_address:]port:host:hostport
    Specifies that the given port on the local (client) host is to be forwarded to the given
    host and port on the remote side. This works by allocating a socket to listen to port on
    the local side, optionally bound to the specified bind_address. Whenever a connection is
    made to this port, the connection is forwarded over the secure channel, and a connection
    is made to host port hostport from the remote machine. Port forwardings can also be
    specified in the configuration file. IPv6 addresses can be specified by enclosing the
    address in square brackets. Only the superuser can forward privileged ports. By default,
    the local port is bound in accordance with the GatewayPorts setting. However, an explicit
    bind_address may be used to bind the connection to a specific address. The bind_address of
    ``localhost'' indicates that the listening port be bound for local use only, while an empty
    address or `*' indicates that the port should be available from all interfaces.
    Specifies that the given port on the local (client) host is to be forwarded to the given
    host and port on the remote side. This works by allocating a socket to listen to port on
    the local side, optionally bound to the specified bind_address. Whenever a connection is
    made to this port, the connection is forwarded over the secure channel, and a connection
    is made to host port hostport from the remote machine. Port forwardings can also be
    specified in the configuration file. IPv6 addresses can be specified by enclosing the
    address in square brackets. Only the superuser can forward privileged ports. By default,
    the local port is bound in accordance with the GatewayPorts setting. However, an explicit
    bind_address may be used to bind the connection to a specific address. The bind_address of
    ``localhost'' indicates that the listening port be bound for local use only, while an empty
    address or `*' indicates that the port should be available from all interfaces.
    ```

    From `man ssh_config`:

    ```
    LocalForward
    Specifies that a TCP port on the local machine be forwarded over the secure channel to
    the specified host and port from the remote machine. The first argument must be
    [bind_address:]port and the second argument must be host:hostport. IPv6 addresses can be
    specified by enclosing addresses in square brackets. Multiple forwardings may be specified,
    and additional forwardings can be given on the command line. Only the superuser can forward
    privileged ports. By default, the local port is bound in accordance with the GatewayPorts
    setting. However, an explicit bind_address may be used to bind the connection to a specific
    address. The bind_address of ``localhost'' indicates that the listening port be bound for
    local use only, while an empty address or `*' indicates that the port should be available from all
    interfaces.
    Specifies that a TCP port on the local machine be forwarded over the secure channel to
    the specified host and port from the remote machine. The first argument must be
    [bind_address:]port and the second argument must be host:hostport. IPv6 addresses can be
    specified by enclosing addresses in square brackets. Multiple forwardings may be specified,
    and additional forwardings can be given on the command line. Only the superuser can forward
    privileged ports. By default, the local port is bound in accordance with the GatewayPorts
    setting. However, an explicit bind_address may be used to bind the connection to a specific
    address. The bind_address of ``localhost'' indicates that the listening port be bound for
    local use only, while an empty address or `*' indicates that the port should be available from all
    interfaces.
    ```
  3. todgru revised this gist Mar 17, 2014. 1 changed file with 20 additions and 7 deletions.
    27 changes: 20 additions & 7 deletions ssh-tunnel.md
    View file
    Original file line number Diff line number Diff line change
    @@ -21,18 +21,31 @@ From `man ssh`:

    ```
    -L [bind_address:]port:host:hostport
    Specifies that the given port on the local (client) host is to be forwarded to the given host and port on the remote side. This works by allocating a socket to listen to port on the local side, optionally bound to the specified bind_address. Whenever a connection is made
    to this port, the connection is forwarded over the secure channel, and a connection is made to host port hostport from the remote machine. Port forwardings can also be specified in the configuration file. IPv6 addresses can be specified by enclosing the address in square
    brackets. Only the superuser can forward privileged ports. By default, the local port is bound in accordance with the GatewayPorts setting. However, an explicit bind_address may be used to bind the connection to a specific address. The bind_address of ``localhost''
    indicates that the listening port be bound for local use only, while an empty address or `*' indicates that the port should be available from all interfaces.
    Specifies that the given port on the local (client) host is to be forwarded to the given
    host and port on the remote side. This works by allocating a socket to listen to port on
    the local side, optionally bound to the specified bind_address. Whenever a connection is
    made to this port, the connection is forwarded over the secure channel, and a connection
    is made to host port hostport from the remote machine. Port forwardings can also be
    specified in the configuration file. IPv6 addresses can be specified by enclosing the
    address in square brackets. Only the superuser can forward privileged ports. By default,
    the local port is bound in accordance with the GatewayPorts setting. However, an explicit
    bind_address may be used to bind the connection to a specific address. The bind_address of
    ``localhost'' indicates that the listening port be bound for local use only, while an empty
    address or `*' indicates that the port should be available from all interfaces.
    ```

    From `man ssh_config`:

    ```
    LocalForward
    Specifies that a TCP port on the local machine be forwarded over the secure channel to the specified host and port from the remote machine. The first argument must be [bind_address:]port and the second argument must be host:hostport. IPv6 addresses can be specified by
    enclosing addresses in square brackets. Multiple forwardings may be specified, and additional forwardings can be given on the command line. Only the superuser can forward privileged ports. By default, the local port is bound in accordance with the GatewayPorts setting.
    However, an explicit bind_address may be used to bind the connection to a specific address. The bind_address of ``localhost'' indicates that the listening port be bound for local use only, while an empty address or `*' indicates that the port should be available from all
    Specifies that a TCP port on the local machine be forwarded over the secure channel to
    the specified host and port from the remote machine. The first argument must be
    [bind_address:]port and the second argument must be host:hostport. IPv6 addresses can be
    specified by enclosing addresses in square brackets. Multiple forwardings may be specified,
    and additional forwardings can be given on the command line. Only the superuser can forward
    privileged ports. By default, the local port is bound in accordance with the GatewayPorts
    setting. However, an explicit bind_address may be used to bind the connection to a specific
    address. The bind_address of ``localhost'' indicates that the listening port be bound for
    local use only, while an empty address or `*' indicates that the port should be available from all
    interfaces.
    ```
  4. todgru created this gist Mar 17, 2014.
    38 changes: 38 additions & 0 deletions ssh-tunnel.md
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,38 @@
    # SSH Tunnel

    Our db is hosted on Amazon. Our web server can connect to the db. Connections to the db are not allowed outside of the web server.

    ## Run ssh tunnel locally: ##

    This creates a tunnel from my local machine to the web server:

    ssh -N -L 3307:my-rds-db.us-east-1.rds.amazonaws.com:3306 ec2-my-web-server.compute-1.amazonaws.com

    `-N` -- `Do not execute a remote command. This is useful for just forwarding ports (protocol version 2 only).
    `

    ## Connect to db using your favorite db interface. ##

    An example using `mysql`:

    $ mysql -uusername -h 127.0.0.1 -P 3307 -p

    From `man ssh`:

    ```
    -L [bind_address:]port:host:hostport
    Specifies that the given port on the local (client) host is to be forwarded to the given host and port on the remote side. This works by allocating a socket to listen to port on the local side, optionally bound to the specified bind_address. Whenever a connection is made
    to this port, the connection is forwarded over the secure channel, and a connection is made to host port hostport from the remote machine. Port forwardings can also be specified in the configuration file. IPv6 addresses can be specified by enclosing the address in square
    brackets. Only the superuser can forward privileged ports. By default, the local port is bound in accordance with the GatewayPorts setting. However, an explicit bind_address may be used to bind the connection to a specific address. The bind_address of ``localhost''
    indicates that the listening port be bound for local use only, while an empty address or `*' indicates that the port should be available from all interfaces.
    ```

    From `man ssh_config`:

    ```
    LocalForward
    Specifies that a TCP port on the local machine be forwarded over the secure channel to the specified host and port from the remote machine. The first argument must be [bind_address:]port and the second argument must be host:hostport. IPv6 addresses can be specified by
    enclosing addresses in square brackets. Multiple forwardings may be specified, and additional forwardings can be given on the command line. Only the superuser can forward privileged ports. By default, the local port is bound in accordance with the GatewayPorts setting.
    However, an explicit bind_address may be used to bind the connection to a specific address. The bind_address of ``localhost'' indicates that the listening port be bound for local use only, while an empty address or `*' indicates that the port should be available from all
    interfaces.
    ```