to reach an SSH host behind another one, there’s two ways, the dirty way
ssh -tA JUMP-HOST ssh INTERNAL-HOST
and the right way
ssh INTERNAL-HOST -l INTERNAL-USER -J JUMP-HOST
which is equivalent for
ssh INTERNAL-HOST -l INTERNAL-USER -o ProxyCommand="ssh -W %h:%p JUMP-HOST"
You want to map a remote port locally,
ssh -L localport:localhost:remoteport remotehost
You want to map a port that is available on the remote network locally,
ssh -L localport:internalhost:remoteport remotebounce
Check
netstat -lntupe --inet --inet6 | grep localport
You can even further make the service accessible on your network by adding a bind_address at front
x.x.x.x:
You want to map a local port to a remote host,
ssh -R remoteport:localhost:localport remotehost
You want to map a port that is available on your network to a remote host,
ssh -R remoteport:somepeer:localport remotehost
Check on the remote host
netstat -lntupe --inet --inet6 | grep remoteport
You can even further make the service accessible on the remote network by adding a bind_address at front
x.x.x.x:
You want a SOCKS4 or SOCKS5 forward proxy on your local system,
ssh -D 1080 remotehost
You want the same but actually providing the forwarding service to others on your internal network,
ssh -D BIND-TO-IP:PORT remotehost
or just on any network interface,
ssh -D *:PORT remotehost
Finally, if you want to bring this up at startup,
vi /etc/rc.local #goes into bg #ssh -fN -D *:PORT remote su - USER -c "sleep 10; ssh -fN -D *:PORT remote" &
Or if you rather prefer to have a one minute delay and keep it as a watchdog
as user
crontab -e * * * * * $HOME/bin/watchsocks.bash PORT REMOTESRV
Opening and closing an SSH tunnel in a shell script the smart way https://gist.github.com/scy/6781836
Can SSH be tunneled over HTTPS using thttpd? https://serverfault.com/questions/140945/can-ssh-be-tunneled-over-https-using-thttpd