The most useful SSH command - create a tunnel between localhost and a remote host

16 Oct 2011

If you’re developing an app, it is extremely useful to be able to access your local development machine from an external url. For instance, when you open a Facebook app in a browser, Facebook sends a request to your canvas URL. One way is to use your IP address, but this probably won’t work if you’re at Starbucks or an airport, and it will change each time you reconnect to the internet.

So what’s a reliable way to do this? Set up a linux host, and just use ssh to create a tunnel:

ssh  -nNt -g -R :11223:0.0.0.0:3000 hoisie.com

This forwards all requests from hoisie.com:11223 to localhost:3000.

More generally, the command is:

ssh  -nNt -g -R :remoteport:0.0.0.0:localport user@host.com

What are all the flags for?

• -n redirects stdin from /dev/null. This basically prevents from reading from stdin. Not essential, but since you’re making a pure tunnel, there’s no point in reading stdin
• -N does not execute a remote command. This is just port forwarding after all
• -t forces a pseudo-tty allocation. This isn’t critical, but helps in some situations
• -g allows remote hosts to connect to local forwarded ports
• -R bind_address:port:host:hostport . This specifies the local and remote ports.

Also, in your /etc/ssh/sshd_config server side, add this line:

GatewayPorts yes

Some other useful SSH flags:

• -f is similar to -n, but supports passwords, and then executes ssh in the background.
• -L is the opposite of -R. It forwards local ports to remote hosts. Useful if you need a tunnel in the opposite direction.

For some reason most developers I talk to are oblivious to this trick. Use it!