File this under just-blog-it-already-so-you-can-stop-googling-it

Imagine having Nagios/Resque Web/Monit/Cacti/MySQL/etc all set up on one of your servers. You want to access it from your local machine, but you don’t want to make it listen on a public interface and set up a firewall and all that junk.

Instead, you can use SSH to tunnel your local client to the remote server’s service. The command looks like this:

ssh user@remotehost -N -L localhost:localport:remotehost:remoteport

For example, let’s say that Resque Web is listening on port 5678 on my jerodsanto.net server and I want to access it via port 9999 in my local browser.

The command would be:

ssh me@jerodsanto.net -N -L localhost:9999:jerodsanto.net:5678

With that command running I can visit localhost:9999 in my browser and it will load the remote Resque Web app.

A few notes about the given flags:

Oh, and one more thing. If you have this host set up in your SSH config, you can use that too.

So, if I had created an SSH host named jms, the command would instead be:

ssh jms -N -L localhost:9999:jms:5678

Happy tunneling!