ssh -R (reverse tunnel) man page hell

About once every few months I have to set up a reverse tunnel.

I’ve learned the hard way to not read the man page, and just wing it.

After setting one up the other day I looked at the man page to see if it made sense whilst having a picture of its operating still in my mind.

*-R* [bind_address:]port:host:hostport

             Specifies that the given port on the remote (server) host is to be forwarded to the given host and port on the local side.
This works by allocating a socket to listen to port on the remote side, and whenever a connection is made to this port, the connec-tion is forwarded over the secure channel, and a connection is made to host port hostport from the local machine.

We all got that, right?

Break it down

OK, maybe I just wasn’t paying close enough attention, so I’m going to read it carefully and take notes while doing so:

• The given port [which given port? port? or hostport?] on the remote (server) [hang on, which is the remote/server here? is it the ‘host’?] host [ok, so the remote/server is ‘host’ here? maybe? that would mean that host == server == remote?] is to be forwarded to the given hostand port on the local side [which port? same as previously mentioned port? does that mean the previously-mentioned port is the hostport? what’s the ‘local side’ here? local to where I ssh to? or local to where I run ssh?]

At this point I’m basically crying.

• This works [so we presumably understand what’s going on by this point!] by allocating a socket to listen to port on the remote side [which is the remote side?], and whenever a connection is made to this port [ah, does this mean it’s the port on the machine I connect to (ie the ‘port’)?], the connection is forward over the secure channel, and a connection is made to host port hostport [wtf? ok, just ignore ‘host port’ there. I think we might be able to conclude that hostport is the port we are forwarding to, and the host is the host of the hostport] from the local machine [ok, now I think that the local machine is the machine we log onto. I hope that’s right].

Understand it Visually

• A – Your ssh -R command connects to the ‘fromhost’. The ‘fromhost’ is the host from which you want to connect to the server.
• B – Your ssh -R command connects to the server on the serverport
• C – The port that was allocated on the ‘fromhost’ accepts tcp requests, and passes the data to the server:serverport via the intermediary host on which ssh -R was run.

I hope this helps someone.

Please tweet any corrections or comments to: @ianmiell

My book Docker in Practice 

Get 39% off with the code: 39miell