ssh (SSH client) is a program for logging into a remote machine and provide secure encrypted communications between two untrusted hosts over an insecure network.

In some scenarios, you can't directly ssh to some devices/servers due to either server or network constrains. Tunneling can play a role to make sure you can have secure connection between device/server and you client.

 

Before get started, make sure you can ssh to ssh_server(use it in below examples), , you can setup ssh_server for ssh passprase free login, or setup multiple ssh keys on one client to different ssh servers/accounts, In addition to that, X11 connections and arbitrary TCP ports can be forwarded over the secure channel too.

Syntax

ssh -L localport:remotehost:remotehostport [email protected]_server -N 

where:
-L - port forwarding parameters
-N - do not execute a remote command, it's optional, no shell in this session

Basic connection diagarm

Suppose localport=8800 and remotehostport=8080

| SSH Client  |<-ssh port 22>-|ssh_server|<-Port 8080->| remote host  | 
+-------------+              +----------+            +--------------+
localhost:8800              <tunnel>      remotehost:8080

Example:

Suppose you have some devices have web access, but not https, then you probably want them get accessed via a secured connection, So config devices internal access only, then use ssh tunnel to access them.

ssh -L 8800:http://fibrevillage.com:8080 [email protected]_server

In example above, open your browser and go to http://localhost:8800 to access the device web interface.

Note:
1. Make sure ssh server has forwarding enabled

2. When using tunneling for device web access, also make sure X11forwarding enabled

3.you can use multiple -L for multiple ports, for example, use tunneling to access mail server(tunnel both SMTP and IMAP/POP)

More about tunneling(-L):

Specifies that the given port on the local (client) host is to be forwarded to the given host and port on the remote side.  This  works by allocating a socket to listen to port on the local side, and whenever a connection is made to this port, the connection is forwarded over the secure channel, and a connection is made to host port hostport from the remote machine.  Port forwardings can also be specified in the configuration file.