Over a million developers have joined DZone.

How to Use SSH Tunneling to Get to Your Restricted Servers

DZone 's Guide to

How to Use SSH Tunneling to Get to Your Restricted Servers

· DevOps Zone ·
Free Resource

Have you ever been told that in your network serverX can only be reached by a serverY via SSH? Now you have access to serverY from your own PC with normal SSH access as well, but just not directly to serverX.

What can you do in situation like this if you need to access the restricted serverY? Well you can always ssh into serverY, then ssh again into serverX to check your work or log or whatever. But what happen if you have a database server or WebLogic Server instance running in serverX; and you want your local PC's fancy tools to access the serverX? (Eg: Accessing the WLS admin console, or using SqlDeveloper to connect to your DB etc). In this case, that's where ssh tunneling can help you, and here is how.

 1. Establish a connection to your serverY that you have access to from your PC. On top of that and at the same time, you will create a tunnel to serverX (your restricted server) by letting serverY redirect all the network traffic data back to your local PC on a specific port. Sounds scary, but it can be done with single command. For example this is how I can access the WLS Admin Console app that was running on server Y. On your own PC, open a terminal and run the following:

bash> ssh -L 12345:serverY:7001 serverX

Above will prompt you to access serverX with ssh credential. Once logged in, you need to keep the terminal open. Now the tunnel is established and redirecting traffic from port 7001 on serverY to your own PC on port 12345, which is where the WLS admin console is running.

2. Open a browser on your own PC and type in address http://localhost:12345/console

Now you should able to access your restricted serverY WLS admin console!

Same can be done with a database server such as MySQL. For example, you will run ssh -L 12346:serverY:3306 serverX and then change your SqlDeveloper JDBC connection url string to the tunnel port jdbc:mysql://localhost:12346/mydb
This is a cool technique to get around a secured environment.


Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}