Skip to content

Instantly share code, notes, and snippets.

@michele-tn

michele-tn/SSH Tunnels ASCII diagrams.md

Last active May 7, 2025 09:09
Show Gist options
  • Save michele-tn/59ea8f7db8fa810ca3c6c552fab225e7 to your computer and use it in GitHub Desktop.
Save michele-tn/59ea8f7db8fa810ca3c6c552fab225e7 to your computer and use it in GitHub Desktop.
Download ZIP
SSH Tunnels ASCII diagrams.md
Raw
SSH Tunnels ASCII diagrams.md

~@eeowaa Sam post

SSH Tunnels

  • ASCII diagrams inspired by this Stack Exchange answer.
  • In all of the examples shown, port 123 must be free on your client host before opening the SSH tunnel.

Useful options

  • -T: Disables pseudo-tty allocation, which is appropriate because you're not trying to create an interactive shell.
  • -N: Says that you want an SSH connection, but you don't actually want to run any remote commands. If all you're creating is a tunnel, then including this option saves resources.
  • -f: Tells ssh to background itself after it authenticates, so you don't have to sit around running something on the remote server for the tunnel to remain alive.

Local port forwarding to remote host

$ ssh -L[TNf] 123:localhost:456 remotehost[:22]
+=============+     +=================================+
|             |     |                   +~~~~~~~~~~~+ |
|  ,-------123:<<<  |                   | localhost | |
|  |          |     |                   |           | |
|  `--(ssh)--A:-----:22--(sshd)--B:-->>>:456        | |
|             |     |                   |           | |
| [your host] |     | remotehost        +~~~~~~~~~~~+ |
+=============+     +=================================+

Local port forwarding to faraway host

$ ssh -L[TNf] 123:farawayhost:456 remotehost[:22]
+=============+     +=============+     +=============+
|             |     |             |     |             |
|  ,-------123:<<<  |             |     |             |
|  |          |     |             |     |             |
|  `--(ssh)--A:-----:22--(sshd)--B:-->>>:456          |
|             |     |             |     |             |
| [your host] |     | remotehost  |     | farawayhost |
+=============+     +=============+     +=============+

Reverse port forwarding to local host

$ ssh -R[TNf] 123:localhost:456 remotehost[:22]
+===============================+     +===============+
| +~~~~~~~~~~~+                 |     |               |
| | localhost |                 |  >>>:123---------.  |
| |           |                 |     |            |  |
| |        456:<<<--:B--(ssh)--A:-----:22--(sshd)--'  |
| |           |                 |     |               |
| +~~~~~~~~~~~+ [your host]     |     | remotehost    |
+===============================+     +===============+

Reverse port forwarding to nearby host

$ ssh -R[TNf] 123:nearbyhost:456 remotehost[:22]
+=============+     +=============+     +===============+
|             |     |             |     |               |
|             |     |             |  >>>:123---------.  |
|             |     |             |     |            |  |
|          456:<<<--:B---(ssh)---A:-----:22--(sshd)--'  |
|             |     |             |     |               |
| nearbyhost  |     | [your host] |     | remotehost    |
+=============+     +=============+     +===============+




@ https://iximiuz.com/en/posts/ssh-tunnels/ ~@iximiuz

➤ Local Port Forwarding



➤ Local Port Forwarding with a Bastion Host



➤ Remote Port Forwarding



➤ Remote Port Forwarding from a Home/Private Network


References:

SSH Tunneling Explained - ~goteleport.com
SSH Tunneling: Examples, Command, Server Config - ~ssh.com

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment