For example, let’s say you’re running a web server on the local PC you’re sitting in front of. It allows you to make a resource on your local PC available on the SSH server. “Remote port forwarding” is the opposite of local forwarding, and isn’t used as frequently. RELATED: What is SSH Agent Forwarding and How Do You Use It? Remote Port Forwarding: Make Local Resources Accessible on a Remote System You will also need to enter the address and port of the SSH server itself on the main “Session” screen before connecting, of course. Click “Add” afterwards and then click “Open” to open the SSH connection. For “Destination”, enter the destination address and port in the form remote_address:remote_port.įor example, if you wanted to set up the same SSH tunnel as above, you’d enter 8888 as the source port and localhost:1234 as the destination. To do this in the PuTTY application on Windows, select Connection > SSH > Tunnels. So the “localhost” in the command above means “localhost” from the perspective of the remote server. When it arrives on the system running the SSH server, the SSH server will send it to port 1234 on “localhost”, which is the same PC running the SSH server itself. In this case, you could run a command like the following one: ssh -L 8888:localhost:1234 you attempt to access the database server at port 8888 on your current PC, the traffic will be sent over the SSH connection. You want to access the database server from home, but the system is only accepting SSH connections on port 22 and its firewall doesn’t allow any other external connections. For example, let’s say you have an SSH server running at port 22 on your office computer, but you also have a database server running at port 1234 on the same system at the same address. It’s a little more confusing if you want to connect to a server application running on the same system as the SSH server itself. All traffic sent to port 8888 on your PC will be tunneled to 192.168.1.111:1234 on your office network. If you had a command line tool that needs the network address of a database, you’d point it at localhost:8888. So, if the database server offered web access, you could plug into your web browser to access it. In that case, your command would look like this: ssh -L 8888:192.168.1.111:1234 running that command, you’d be able to access the database server at port 8888 at localhost. You have access to the office’s SSH server at, and your user account on the SSH server is bob. The syntax is: ssh -L local_port:remote_address:remote_port example, let’s say the database server at your office is located at 192.168.1.111 on the office network. To use local forwarding, connect to the SSH server normally, but also supply the -L argument. You can use any command line or graphical tool to access the database server as if it was running on your local PC. The SSH server sits in the middle, forwarding traffic back and forth. So, when you attempt to access the database server at port 1234 your current PC, “localhost”, that traffic is automatically “tunneled” over the SSH connection and sent to the database server. To do this, you establish an SSH connection with the SSH server and tell the client to forward traffic from a specific port from your local PC-for example, port 1234-to the address of the database’s server and its port on the office network.
This is often the case, as it’s easier to secure a single SSH server against attacks than to secure a variety of different network resources.
But if you have access to an SSH server at the office, and that SSH server allows connections from outside the office network, then you can connect to that SSH server from home and access the database server as if you were in the office.
For security reasons, that database server is only configured to accept connections from the local office network. For example, let’s say you want to access a database server at your office from your home. “Local port forwarding” allows you to access local network resources that aren’t exposed to the Internet. Local Port Forwarding: Make Remote Resources Accessible on Your Local System