To quote someone much wiser, ‘developing good software is hard enough without having to deal with this shit’. High up on this list is having to deal with poor network infrastructure. SSH to the rescue.

Using ssh port forwarding / tunnels we can circumvent firewalls and other blockers inside corporate networks that provide no security value and basically make it hard for people to get their job done.

The simplest, yet most used command will allow you to forward a port on one network to a local port using an intermediary that you have ssh access to.

As a common example, say there are two networks in operation. All traffic is funnelled through some gateway. This is annoying, you have to first ssh into the gateway, then ssh again into your remote environment. This is even more annoying if you have to do something like push a file to that remote machine.

The solution: forward a local port to the target server via your gateway.

ssh -f -L 10022:secretsquirrel.evil.corp:22 gateway.evil.corp -N

To explain:

• -f tells ssh to drop into the background after the tunnel is established.
• -L indicates that we want to forward requests on a local port.
• 10022 is the local port to listen for request on.
• secretsquirrel is the box that you do not have access to, but gateway does.
• 22 is the port on secretsquirrel which request are forwarded to.
• gateway is the box that you have ssh access to, and it has access to secretsquirrel.
• -N tells ssh to not execute any commands as we are just port forwarding.

Now to ssh to secretsquirrel you can just run:

ssh -p 10022 user@localhost

How this works:

• SSH listens on localhost:10022
• Any requests made on localhost:10022 are forwarded to gateway.evil.corp
• gateway.evil.corp will then make the request against secretsquirrel.evil.corp

So this works, and should work for any service not just ssh (say http if there is an app server hiding in there), however it is messy. To tidy this up ssh config is the key. For the example an ssh config entry can be added to make it more natural:

Host secretsquirrel
    Hostname  localhost
    Port      10022

Now you can just:

ssh user@secretsquirrel

There is a whole other post in how awesome ssh config is. As an exercise to the reader I will leave adding an entry to tidy up the initial port forward command. Hint: see LocalForward directive.

Ok, so the first example was pretty straight forward. It also assumes that you can ssh into somewhere on the network. Sometimes that is not possible. I will get around to showing you how to do that at somepoint in the future. For now some hints:

• With outgoing ssh access - you can use -R to pin a remote port on an intermediate server that can be reached.
• With no ssh access - there is a cool little utility sslh that allows you to multiplex https (port 443) to accept both standard https and also tunnel ssh over the same port.