Skip to main content

Create an SSH Tunnel

Hands-On Lab


Photo of Michael Christian

Michael Christian

Course Development Director in Content





In this learning activity, you will need to create an SSH tunnel that will permit Client1 to access Server2's web content via localhost port 8080.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Create an SSH Tunnel

The Scenario

Client1 ( is unable to directly connect to Server2 ( due to firewall rules that are in place. We will need to construct an SSH tunnel through Server1 ( to view the web content being served by Server2.

Get logged in

Use the credentials and server IP in the hands-on lab overview page to log into our lab server. Notice there are multiple machines we're working with. Pay attention in the lab guide, as the shell prompt will reveal which one we're working with at the moment.

Create the SSH Tunnel

We'll start off in Client1. First, let's become root:

[cloud_user@Client1]# sudo su -

Then we can install some software that will allow us to do some split screening. It's called Screen:

[root@Client1]# yum -y install screen

Type screen to start the program. Once we're in screen, most of the commands to get around are prefaced by Ctrl+a. To split our screen, type Ctrl+a and | (the pipe character). Two switch from one side of the window to the other, Ctrl+a followed by pressing Tab will do it. In the blank side of the window, start up another terminal (one that's hooked up to Client1 in this screen session) with Ctrl+a and c. Then just remember that Ctrl+a and Tab will swap you back and forth between terminals.

In the left Client1 window, we'll create the SSH tunnel with this:

[root@Client1]# ssh -L 8080: cloud_user@

Now, in the right Client1 window, let's see if we're listening for port 8080:

[root@Server1]# ss -lntp

View the Server2 Web Content through the Tunnel

Verify the SSH tunnel is working by curling the web content locally:

[root@Server1]# curl localhost:8080


From Server1, when we look at traffic on localhost port 8080, we're actually seeing the web page that Server2 is serving out on port 80, but we're doing it by tunneling between the two with SSH on Client1. We're done. Congratulations!