User Tools

Site Tools


Setting up SSH tunnel

SSH tunneling with config-file

Easiest way for ssh-tunneling is to store tunneling configuration permanently into ssh client software configuration.

On linux or mac you can add frequently used tunneling configuration to $HOME/.ssh/config

   ProxyCommand ssh nc %h %p

   ProxyCommand ssh nc %h %p

Now it is easy to connect for example to server, eq ssh Also scp and sftp works with this.

The most GUI clients have option to do the configuration through more user-friendly graphical user interface.

Another way for forwarding any port

To setup SSH tunneling between a server visible outside of the university firewall, you can use the following SSH commands:

  ssh -f -N -p 22 -c 3des -L 7180/

The options are as follows: -f Send SSH to background (optional, if used, will free the terminal window for further usage) -N Do not execute remote commands, i.e. just do port forwarding -p 22 Port of the remote host (server visible outside of the university firewall) -c 3des Select 3des encryption. is your username and address of the server visible outside of the firewall

-L 7180/ specifies the port forwards with the following format -L localport/remotehost/remote_port

This would allow you to connect to the remote host at, port 80 with connecting to localhost port 7180, i.e.:

ssh user@localhost -p 7180

Note: The username is your username at the remote host.

To add more port-forwards, specify more forwards with the -L switch, e.g.:

ssh -f -N -p 22 -c 3des -L 7180/ -L 7122/

You can add your port-forwarding commands to a shell script (e.g. and for example run it with:


If your tunnels break for example because of lost net connection, and you have chosen the -f switch for sending SSH to background, you may have to kill the SSH process and re-start the tunneling. To find the process id you can use:

pf -fu username

Find the process id from the list, and kill it:

kill -9 process_id_you_found
guides/ssh-tunnel.txt · Last modified: 29.10.2019 15:10 (external edit)