Use Case
talk to an application, that listens on a port on a given node, from a remote computer
Port Forwarding
Let's say, your application listens on node foo.desy.de on port 34567, where the node is not accessible from outside DESY.
Now, you want to ssh to a DESY login node and tell ssh to forward all requests on local port 12345 to foo.desy.de:34567
ssh -L 12345:foo.desy.de:34567 YOURUSERNAME@LOGINNODE.desy.de
E.g., if a web server listens on foo.desy.de on port 34567, you can point now your web browser on your local machine to http://localhost:12345/ (watch out for IPv4 and IPv6) and the request will be forwarded by ssh via the login node to your target node.
Proxy Jump
More advanced than merely forwarding specific ports is ssh's proxy jump
. Depending on your use case (like accessing another server via an intermediate node), this option might suit you better. See for a detailed description for example: https://www.infoworld.com/article/3619278/proxyjump-is-safer-than-ssh-agent-forwarding.html
In summary, you can add to your ssh configuration a rule for a server, that when connecting to such a server ssh should first go to an intermediate server and automatically go on to the intended node
Host some.server.foo, another.server.foo
ProxyJump someusername@intermediate.server.foo
the equivalent command line flag is `-J
`, e.g.,
ssh -J someusername@intermediate.server.foo some.server.foo
would use intermediate.server.foo
as intermediate server and jump on to some.server.foo
.
Such jump host rules can actually be chained, for example to jump first to a server1
, jump on to server2
and finally reach the target machine server3
, something like
ssh -J username1@server1:port1,username2@server2:port2 username3@server3
should work.