Scenario: You’re at home and want to log into the office Intranet to finish up some work. But wait, the Intranet is on your corporate network and you’re at home. Sure you can use your corporate VPN – if you have one and can remember the credentials. If not, consider using SSH.
This is a trick for Linux system administrators.
You need to have SSH access to the “jump” server for this to work. A jump server is also called a Bastian host or otherwise a device that allows remote SSH logins and also allows access to the internal network (the LAN).
This article demonstrates how to tunnel a connection through the jump server allowing you to access resources behind it.
For context, we’re going to access a web server at IP address “192.168.1.2” via HTTPS.
sudo ssh -l myusername -L 127.0.0.1:443:192.168.1.2:443 jump.example.com
let’s break it down. We need to be root (sudo) to create forward “privileged” ports. We us “-l myusername” to state the user we’re connecting to the jump server as. The “-L 127.0.0.1:443:192.168.1.2:443” opens port 443 on the localhost (your workstation) and forwards packets heading there to the jump server who , in turn, forwards the packets onto the target server “192.168.1.2”. Easy.
When you execute the above command, you will be asked for your password unless you are using your SSH key. The password (or key) must be recognized on the jump server.
Now you can browse to your target website using the form “https://127.0.0.1“.
See more examples here: “https://www.ssh.com/ssh/tunneling/example”.