SSH tunneling

You need to log in to a server on an internal network, but you can access the internal network through a gateway machine. If both these machines are running SSH, it is convenient to set up an SSH tunnel.

Commands
On the client (where you are):

where
 * GATEWAY = hostname/IP address of the gateway machine
 * GWUSERNAME = username on the gateway (optional if this username is the same as on the client)
 * SERVER = hostname/IP address of the server you wish to log into
 * SUSERNAME = username on the server (optional if this username is the same as on the client)
 * SPORT = port number on which the server SSH daemon is listening, usually 22
 * CPORT = port number of your choosing on which the tunnel will be receiving connections on your client (should be greater than 1024 unless you are invoking as root)

In the first invocation, -f instructs the ssh instance to go into the background, and -N instructs it to not launch a shell.

You can scp files from the server as you would normally by specifying the tunnel port:

Similarly for sending files to the server:

Streamlining
Tips for streamlining this tunneling process:
 * Set these commands as shell aliases (in Bash, usually in ~/.bashrc).
 * Copy the client key to the gateway, and the client and gateway keys to the server. This is described in the official Gentoo documentation OpenSSH key management.

X11 forwarding
To forward X11 connections from the server to client, some configuration is required:
 * The SSH daemon on the gateway machine must have TCP forwarding must be enabled, otherwise X11 connections won't be forwarded:


 * The SSH daemon on the server must built with xauth present. On Gentoo, install  with the X USE flag set.
 * X11 forwarding must be enabled in the server SSH daemon configuration:


 * Finally, add the -Y switch to the second invocation above: