Computing : ssh port forwarding or ssh proxy jump

Use Case

talk to an application, that listens on a port on a given node, from a remote computer

Port Forwarding

Let's say, your application listens on node foo.desy.de on port 34567, where the node is not accessible from outside DESY.

Now, you want to ssh to a DESY login node and tell ssh to forward all requests on local port 12345 to foo.desy.de:34567

ssh -L 12345:foo.desy.de:34567 YOURUSERNAME@LOGINNODE.desy.de


E.g., if a web server listens on foo.desy.de on port 34567, you can point now your web browser on your local machine to http://localhost:12345/ (watch out for IPv4 and IPv6) and the request will be forwarded by ssh via the login node to your target node.

Proxy Jump

More advanced than merely forwarding specific ports is ssh's proxy jump. Depending on your use case (like accessing another server via an intermediate node), this option might suit you better. See for a detailed description for example: https://www.infoworld.com/article/3619278/proxyjump-is-safer-than-ssh-agent-forwarding.html

In summary, you can add to your ssh configuration a rule for a server, that when connecting to such a server ssh should first go to an intermediate server and automatically go on to the intended node

Host some.server.foo, another.server.foo
     ProxyJump someusername@intermediate.server.foo

the equivalent command line flag is `-J`, e.g.,

  ssh -J someusername@intermediate.server.foo   some.server.foo

would use intermediate.server.foo as intermediate server and jump on to some.server.foo.


Such jump host rules can actually be chained, for example to jump first to a server1, jump on to server2 and finally reach the target machine server3, something like

ssh -J username1@server1:port1,username2@server2:port2 username3@server3

should work.