How to know actives ssh port forwarding

ssh port-forwarding

43,242

If you use the -v option to ssh it will show you what you are forwarding (but it will show you a bunch of other debug messages, too):

ssh -v -L2222:localhost:22 remotehost

Will show you:

...debug messages...
debug1: Authentication succeeded (publickey).
Authenticated to remotehost ([10.0.0.23]:22).
debug1: Local connections to LOCALHOST:2222 forwarded to remote address localhost:22
debug1: Local forwarding listening on ::1 port 2222.
debug1: channel 0: new [port listener]
debug1: Local forwarding listening on 127.0.0.1 port 2222.
...debug messages...

And then when you are connected to that remote shell you can type a special key sequence:

~#

which will list the connections like this:

The following connections are open:
  #3 client-session (t4 r0 i0/0 o0/0 fd 7/8 cc -1)
  #4 direct-tcpip: listening port 2222 for localhost port 22, connect from 127.0.0.1 port 59742 (t4 r1 i0/0 o0/0 fd 10/10 cc -1)

Note, however, that this will only list forwarded ports that are actually being used by another program (in this case I just did telnet localhost 2222 on my local machine to have it forwarded to remotehost.

If you do not have any connections that are currently being forwarded you can still see what your ssh command is listening for locally by using the netstat command like this:

% netstat -tpln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.1:2222          0.0.0.0:*               LISTEN      28995/ssh       
tcp6       0      0 ::1:2222                :::*                    LISTEN      28995/ssh

The netstat command will also probably list other things, but what you want to look for in the output is the PID/Program column to look for ssh processes, and the Local Address column which will show you what ports are being listened to. In this example it is listening on port 2222 for both IPv4 and IPv6 interfaces on my machine.

43,242

slc66

Updated on September 18, 2022

Comments

slc66 over 1 year

I have configured in ~/.ssh/config many port forwarding for VNC with different port for each servers.

Is there a command which can help me to know which port is forwarding to when I open an SSH session ?
slc66 about 12 years

Thanks for this answer, My goal was to add script in /etc/update-motd.d/ to display Ports redirected to. But with the ~# command I have only ports redirected on server. And the goal was to display (part of ssh -v output) : Local connections to LOCALHOST:5901 forwarded to remote address 127.0.0.1:5900 Local forwarding listening on ::1 port 5901. It seem impossible to display ONLY this 2 lines client side.
ScumCoder about 4 years

For people coming here in 2020+: netstat has been obsoleted in favor of ss.
Tripp Kinetics almost 4 years

@ScumCoder Only for Linux.