A Practical Guide to SSH Tunnels: Local and Remote Port Forwarding

(labs.iximiuz.com)

49 points by signa114 days ago

8 comments

  • buredoranna23 minutes ago
    I&#x27;ll mention it here, because I learned about it here.<p>&quot;~C&quot; will drop you into the SSH command line, allowing you to, among other things, effect port forwarding<p><pre><code> -L8080:localhost:443 </code></pre> Learning that &quot;~C&quot; exists, and what you can do with it, has supercharged my use of SSH tunnels, which were already awesome on their own.<p>But for some reason this has been disabled by default in more recent ssh configurations... to ensure its available<p><pre><code> -o EnableEscapeCommandline=yes </code></pre> or, in your ~&#x2F;.ssh&#x2F;config<p><pre><code> EnableEscapeCommandline yes </code></pre> (edit: formatting)
    • telotortium9 minutes ago
      Important to note that `~` SSH commands work only right after you press Enter - it doesn’t trigger everywhere you press `~`.<p>Also EnableEscapeCommandline fortunately only affects `~C` - the all-important `~.` to kill a hung SSH session still works with it disabled.
  • hylaride32 minutes ago
    Learning how SSH port forwarding is great as a pseudo-vpn for everything from GUI-client database access to (in physical infra) access to web-admin tools for appliances.<p>The socks proxy support can also deal with bad web filtering and privacy issues on public wifi networks (though nowadays if you&#x27;re ssh&#x27;ing to a cloud IP, you&#x27;ll get lots of &quot;bot&quot; restrictions).
  • trollbridge1 hour ago
    When I see one of these with obvious AI tells at the top (sentences lacking a subject or verb), I ask myself:<p>Can’t I just open up a harness and prompt “Teach me how to do X?”
    • lfx37 minutes ago
      I do this all the time, I have a skill&#x2F;gem with instructions on how I want to receive info, how to format and so on. Really helps to go fast to get the point.
    • GL2651 minutes ago
      I personally do this, ask claude code to teach me about concepts I don&#x27;t know about when it codes something, and only then I accept what it suggests to me
  • chasil54 minutes ago
    The article mentions bastions, but no jumphosting?<p><pre><code> ssh -J user1@bastion1,user2@bastion2 targetuser@targethost</code></pre>
    • dspillett29 minutes ago
      It is surprising how many times I see this content (this version might be marked “Published: Jun 19, 2026” but I&#x27;ve definitely seen those <i>exact</i> diagrams before, starting at least a few years ago, and the same content around them in many tutorials before that) without it being updated to mention jump-hosts.<p>Support was added to OpenSSH about a decade ago? Even on a low moving Linux distro like Debian&#x2F;LTS everyone should have support by now.
  • riobard50 minutes ago
    There&#x27;s a asymmetry here that &quot;-R&quot; works both for reverse static and dynamic (using SOCKS protocol) forwarding, but &quot;-D&quot; is required for dynamic forwarding which &quot;-L&quot; cannot do.<p>Why is that?
  • segphault30 minutes ago
    Or you could just install something like Tailscale and never have to think about it again.
  • felooboolooomba35 minutes ago
    As a sysadmin, one of your biggest ROI is learning the ins and outs of SSH.
  • teddyh1 hour ago
    It’s amazing what you can learn by reading the manual.
    • felooboolooomba32 minutes ago
      It is, because manuals are often not the best way to learn things. Most software manuals are reference manuals. SSH man page isn&#x27;t too bad. I learned most of my SSH knowledge from it, but I&#x27;m not sure it&#x27;s the best way to do it.