Table of Contents

Setting up SSH tunnel

SSH tunneling with config-file

Easiest way for ssh-tunneling is to store tunneling configuration permanently into ssh client software configuration.

On linux or mac you can add frequently used tunneling configuration to $HOME/.ssh/config

Host solu.uef.fi
   ProxyCommand ssh username@codon.uef.fi nc %h %p

Host gitlab.uef.fi
   ProxyCommand ssh username@intron.uef.fi nc %h %p

Now it is easy to connect for example to solu.uef.fi server, eq ssh username@intron.uef.fi. Also scp and sftp works with this.

The most GUI clients have option to do the configuration through more user-friendly graphical user interface.

Another way for forwarding any port

To setup SSH tunneling between a server visible outside of the university firewall, you can use the following SSH commands:

  ssh -f -N -p 22 -c 3des username@messi.uku.fi -L 7180/193.167.236.245/80

The options are as follows: -f Send SSH to background (optional, if used, will free the terminal window for further usage) -N Do not execute remote commands, i.e. just do port forwarding -p 22 Port of the remote host (server visible outside of the university firewall) -c 3des Select 3des encryption.

username@messi.uku.fi is your username and address of the server visible outside of the firewall

-L 7180/193.167.236.245/80 specifies the port forwards with the following format -L localport/remotehost/remote_port

This would allow you to connect to the remote host at 193.167.236.245, port 80 with connecting to localhost port 7180, i.e.:

ssh user@localhost -p 7180

Note: The username is your username at the remote host.

To add more port-forwards, specify more forwards with the -L switch, e.g.:

ssh -f -N -p 22 -c 3des username@messi.uku.fi -L 7180/193.167.236.245/80 -L 7122/193.167.236.245/22

You can add your port-forwarding commands to a shell script (e.g. tunnels.sh) and for example run it with:

  sh tunnels.sh

If your tunnels break for example because of lost net connection, and you have chosen the -f switch for sending SSH to background, you may have to kill the SSH process and re-start the tunneling. To find the process id you can use:

pf -fu username

Find the process id from the list, and kill it:

kill -9 process_id_you_found