SSH Local Port Forwarding: Ubuntu Configuration Guide
Secure Shell (SSH) local port forwarding is a powerful technique used to securely tunnel network traffic from a local client machine to a destination server through an intermediary SSH server. This article explains the core concept of SSH local port forwarding and provides a clear, step-by-step guide on how to configure and run it using an Ubuntu Linux client.
What is SSH Local Port Forwarding?
SSH local port forwarding allows you to forward a port on your local computer (the Ubuntu client) to a port on a remote server. When configured, any traffic sent to the specified local port is encrypted and tunneled through the SSH connection to the SSH server, which then decrypts the traffic and forwards it to the destination host and port.
This is commonly used to: * Access a database or web service running behind a firewall that is not publicly accessible. * Securely transmit unencrypted protocol traffic (like HTTP, VNC, or database connections) over an encrypted SSH tunnel. * Bypass restrictive local network firewalls.
The basic syntax for the command is:
ssh -L local_port:destination_host:destination_port user@ssh_serverHow to Configure SSH Local Port Forwarding on Ubuntu
To set up local port forwarding, you only need the standard SSH client, which is installed by default on Ubuntu.
Step 1: Identify Your Connection Details
Before running the command, you need four pieces of information: 1.
Local Port: An unused port on your Ubuntu machine
(e.g., 8080). 2. Destination Host: The IP
address or hostname of the resource you want to access (often
localhost or 127.0.0.1 if the service is
running directly on the SSH server itself). 3. Destination
Port: The port of the service you want to access on the
destination host (e.g., 5432 for PostgreSQL or
80 for a web server). 4. SSH Server: The
username and IP address/hostname of the SSH intermediary server (e.g.,
ubuntu@192.168.1.50).
Step 2: Execute the SSH Forwarding Command
Open your Ubuntu terminal and run the SSH command with the
-L flag.
For example, to access a remote PostgreSQL database (running on port
5432 of the remote server) through your SSH server, mapping
it to port 9000 on your local Ubuntu machine, use:
ssh -L 9000:localhost:5432 ubuntu@192.168.1.50-L 9000:localhost:5432: Tells SSH to allocate socket port9000on the local Ubuntu client. Whenever a connection is made to this port, it is forwarded over the secure channel tolocalhost:5432from the perspective of the SSH server.ubuntu@192.168.1.50: The remote SSH server you are authenticating against.
Step 3: Run in the Background (Optional)
If you want to establish the tunnel without opening a remote shell
session on the SSH server, add the -N (do not execute
remote command) and -f (run in the background) flags:
ssh -f -N -L 9000:localhost:5432 ubuntu@192.168.1.50Step 4: Verify and Connect to the Local Port
With the tunnel active, you can now connect your local applications to the forwarded port on your local machine.
To test the connection, open a new terminal tab on your Ubuntu client
and use curl, telnet, or your specific
database client to connect to localhost:9000:
nc -zv localhost 9000If successful, the connection will be established, routing your traffic securely through the SSH tunnel to the destination service.