About once every few months I have to set up a reverse tunnel.
I’ve learned the hard way to not read the man page, and just wing it.
After setting one up the other day I looked at the man page to see if it made sense whilst having a picture of its operating still in my mind.
*-R* [bind_address:]port:host:hostport Specifies that the given port on the remote (server) host is to be forwarded to the given host and port on the local side. This works by allocating a socket to listen to port on the remote side, and whenever a connection is made to this port, the connec-tion is forwarded over the secure channel, and a connection is made to host port hostport from the local machine.
We all got that, right?
Break it down
OK, maybe I just wasn’t paying close enough attention, so I’m going to read it carefully and take notes while doing so:
- The given port [which given port? port? or hostport?] on the remote (server) [hang on, which is the remote/server here? is it the ‘host’?] host [ok, so the remote/server is ‘host’ here? maybe? that would mean that host == server == remote?] is to be forwarded to the given host and port on the local side [which port? same as previously mentioned port? does that mean the previously-mentioned port is the hostport? what’s the ‘local side’ here? local to where I ssh to? or local to where I run ssh?]
At this point I’m basically crying.
- This works [so we presumably understand what’s going on by this point!] by allocating a socket to listen to port on the remote side [which is the remote side?], and whenever a connection is made to this port [ah, does this mean it’s the port on the machine I connect to (ie the ‘port’)?], the connection is forward over the secure channel, and a connection is made to host port hostport [wtf? ok, just ignore ‘host port’ there. I think we might be able to conclude that hostport is the port we are forwarding to, and the host is the host of the hostport] from the local machine [ok, now I think that the local machine is the machine we log onto. I hope that’s right].
Understand it Visually
- A – Your ssh -R command connects to the ‘fromhost’. The ‘fromhost’ is the host from which you want to connect to the server.
- B – Your ssh -R command connects to the server on the serverport
- C – The port that was allocated on the ‘fromhost’ accepts tcp requests, and passes the data to the server:serverport via the intermediary host on which ssh -R was run.
I hope this helps someone.
Please tweet any corrections or comments to: @ianmiell
My book Docker in Practice
Get 39% off with the code: 39miell
One thought on “ssh -R (reverse tunnel) man page hell”