Ssh tunneling allows you to view content from a remote machine via another machine. This is useful if your destination machine is not immediately available to you, and you must go through one or more gateway machines first.

An Example

We are at home on a Linux machine or a Mac, and we want to log on to a machine called observatory which is only accessible from a machine called firewall which is only accessible from a machine called aquila. So to create a ssh tunnel on port 30000 from your local machine to observatory, do this.

First log on to aquila, specifying the port you want to use for port
forwarding, there is nothing to stop you using the same port number on
you local machine and on the remote machine. The port number is
usually a large number, 30000 is a good one to try. The port
forwarding is specified in the format localport:remotehost:remoteport
as below.

ssh -L 30000:localhost:30000

type in your aquila password and you are now logged on to aquila.

ssh -L 30000:localhost:30000 firewall

type in your firewall password and you are now logged on to firewall.

ssh -L 30000:localhost:22 observatory

type in your password for observatory and you are now logged on to
observatory using port 22 the standard ssh port.

Now in another terminal do:

ssh -XY localhost -p30000

and type in your password to observatory, and X applications you run
on observatory will pop up on your home machine. You could specify
a different username on the observatory machine using the -l flag as

ssh -XY localhost -p30000 -lroot

But you must keep the -p30000 which specifies that you want use the
ssh instance listening on port 30000 to tunnel through to the
observatory machine.

Rhys Morris
Last modified: Mon Sep 14 16:08:45 BST 2009