The problem
Here is description of imaginary situation we want to solve.
- You have access via SSH to server server with hostname
foobar-server. - The
foobar-serveris running some service – HTTP Server, a database or something different. For instance, let’s pretend you are running Mongo database, but it doesn’t actually matter. - Some firewall is set up around
foobar-server, preventing you from accessing these services. Or maybe simply ports of these services are closed. - You want to access this service from another machine – What can we do?
Create SSH Tunel
We can establish SSH tunel between our machine and foobar-server. Let’s get right on it, it’s just one command.
|
1 |
ssh -L 27077:localhost:27017 your_user@foobar-server |
You might use this in following situation:
your_useris username you use to access thefoobar-server.foobar-serveris hostname of the server running your service. Ofcrouse you can just as fine use directly its IP address.- You want to access service running on port 27017 on the
foobar-server. The way you could do that after running this command is by communication with 127.0.0.1:27077. Hence the structure of27077:localhost:27017representslocal-port:target-host:target-port.
As a result, illusion that you are only accessing a service running locally on your machine. But what is actually really going is that
- your data is encrypted,
- sent through SSH Tunel to
foobar-server, foobar-serverdecrypts the datafoobar-serverredirect decrypted data totarget-host:target-port
And ofcourse, the same happens the other way around to deliver you the response from the service.