What is ssh -L 123:farawayhost:456 remotehost?

Question

Came from this question: What's ssh port forwarding and what's the difference between ssh local and remote port forwarding, I am confused about this usage:

ssh -L 123:farawayhost:456 remotehost

ssh -L sourcePort:forwardToHost:onPort connectToHost means: connect with ssh to connectToHost, and forward all connection attempts to the local sourcePort to port onPort on the machine called forwardToHost, which can be reached from the connectToHost machine.

What does "..., which can be reached from the connectToHost machine." mean exactly?

If I understand correctly, ssh -L 123:localhost:456 remotehost is a specific case for the above command, where both farawayhost and remotehost are on the same machine.

So when farawayhost is and remotehost are not on the same machine， how does it work? Does it mean that I need to log into remotehost first and then farawayhost ?

Answer 1

I don't know why I got confused at first, maybe because the original answer is not clear enough, but then I figured that out all of a sudden.

Suppose I have 2 machine, whose public ip are 1.2.3.4 and 2.3.4.5.

The usage would be: ssh -L 10283:1.2.3.4:8000 username@2.3.4.5 -N , it will prompt a newline, requring a password of username on 2.3.4.5.

when successfully authenticated, ssh won't log you in because -N is specified, but the connection has been made. So any data send to local port 10283 will firstly be sent to 2.3.4.5 via ssh (port 22), then 2.3.4.5 will send the data to 1.2.3.4 on port 8000.

Now let me create a html file by echo hello > index.html and run a http server on 1.2.3.4 with python -m http.server.

And then I type localhost:10283 on my local PC.

Local PC:

On 1.2.3.4: