SSH Remote Port Forwarding

Remote Port Forwarding with SSH Config

Remote port forwarding is the reverse of local forwarding: it makes a service running on your local machine accessible from the remote server. This is useful for exposing local development servers, receiving webhooks, or allowing remote team members to access your work.

Example Config

Host expose-local
  HostName remote-server.example.com
  User developer
  RemoteForward 8080 localhost:3000
  IdentityFile ~/.ssh/id_ed25519
  ServerAliveInterval 60
  ServerAliveCountMax 3

How It Works

When you connect with ssh expose-local:

1. SSH connects to remote-server.example.com
2. Port 8080 on the remote server is mapped to port 3000 on your local machine
3. Anyone who accesses remote-server.example.com:8080 is routed to your local port 3000

Webhook Development

A common use case is receiving webhooks from external services during development:

Host webhook-tunnel
  HostName your-vps.example.com
  User dev
  RemoteForward 9000 localhost:3000
  ServerAliveInterval 30

Configure your webhook provider to send events to http://your-vps.example.com:9000, and they arrive at your local dev server on port 3000.

GatewayPorts

By default, remotely forwarded ports only listen on the loopback interface (127.0.0.1) of the remote server. To make them accessible from other machines, the SSH server must have GatewayPorts yes in its sshd_config.

Security Considerations

• Remote forwarding exposes your local services to the remote network
• Ensure you trust the remote server and its network
• Use firewall rules on the remote server to restrict access to forwarded ports
• Consider using authentication on the exposed service

Combining with ProxyJump

You can combine remote forwarding with bastion hosts for more complex setups:

Host demo-tunnel
  HostName internal.example.com
  ProxyJump bastion
  RemoteForward 8080 localhost:3000