If you forgot to put in your string of -L and -R and -D port forwards with ssh: ie: ssh -L 54321:localhost:443 email@example.com . Dont worry, you can launch them while your in your ssh session (doing it live!). But only If you use “ssh” as your client (not sure if it will work with putty) you can do this.
SUMMARY: only possible with ssh program (not putty – maybe its possible with putty just not with regular options). From Man Page we see ~C gets us to ssh command mode. First Type SHIFT-~ (to get ssh to listen to special escaped ssh commands) and then SHIFT-c (to get the capital C, I do it without letting go of shift until after I press the C). This gets it into a special ssh command prompt that looks like this ssh> . Now type ? or help to see the format of the different commands you can type. And start stringing your -L and -R and -D commands. i.e.-L 54321:localhost:443 but it will look like this in the prompt ssh> -L 54321:localhost:443 (because ssh> is the prompt so of course it will look like that). Here is the command:
# ssh> ? Commands: -L[bind_address:]port:host:hostport Request local forward -R[bind_address:]port:host:hostport Request remote forward -D[bind_address:]port Request dynamic forward -KL[bind_address:]port Cancel local forward -KR[bind_address:]port Cancel remote forward -KD[bind_address:]port Cancel dynamic forward
To check out your list of port forwards. SHIFT-~ and then SHIFT-3 (to get the # key). This will list your port forwards like so (this one I used -L 30003:localhost:443 )
# The following connections are open: #0 client-session (t4 r0 i0/0 o0/0 fd 4/5 cc -1) #5 direct-tcpip: listening port 30003 for localhost port 443, connect from ::1 port 58838 to ::1 port 30003 (t4 r3 i3/0 o0/0 fd 11/11 cc -1)
Now to cancel this port forward you would type SHIFT-~ and then SHIFT-c (to get the capital C) which gets you to the ssh prompt. Now type this to cancel -KL 30003 of course you will see this because its a prompt ssh> -KL 30003
NOTE: With default options I cant get putty to do this, after all putty client is not ssh client.
NOTE: with putty you can setup port forwards while your session is running, thru the GUI, but not with the keyboard.
NOTE: even though this doesnt work with putty, it will work with ssh program provided by cygwin (the regular openssh ssh client program)
NOTE: ~ is literally the tilde character. So to get ~C you press in SHIFT (dont let go) and hit ` (tick mark, which is the tilde when shift is held) and then c (which is the capital C with shift held. dur..)
A list of all of the ESCAPE CHARACTER options (From the FreeBSD ssh man page):
ESCAPE CHARACTERS When a pseudo-terminal has been requested, ssh supports a number of func- tions through the use of an escape character. A single tilde character can be sent as ~~ or by following the tilde by a character other than those described below. The escape character must always follow a newline to be interpreted as special. The escape charac- ter can be changed in configuration files using the EscapeChar configura- tion directive or on the command line by the -e option. The supported escapes (assuming the default `~') are: ~. Disconnect. ~^Z Background ssh. ~# List forwarded connections. ~& Background ssh at logout when waiting for forwarded connection / X11 sessions to terminate. ~? Display a list of escape characters. ~B Send a BREAK to the remote system (only useful for SSH protocol version 2 and if the peer supports it). ~C Open command line. Currently this allows the addition of port forwardings using the -L, -R and -D options (see above). It also allows the cancellation of existing port-forwardings with -KL[bind_address:]port for local, -KR[bind_address:]port for remote and -KD[bind_address:]port for dynamic port-forwardings. !command allows the user to execute a local command if the PermitLocalCommand option is enabled in ssh_config(5). Basic help is available, using the -h option. ~R Request rekeying of the connection (only useful for SSH protocol version 2 and if the peer supports it). ~V Decrease the verbosity (LogLevel) when errors are being written to stderr. ~v Increase the verbosity (LogLevel) when errors are being written to stderr.
So when your in an ssh session press
~C and then you will see an ssh prompt ssh> and then type your forwarding command per these rules (to list these rules type ? enter)
Commands: -L[bind_address:]port:host:hostport Request local forward -R[bind_address:]port:host:hostport Request remote forward -D[bind_address:]port Request dynamic forward -KL[bind_address:]port Cancel local forward -KR[bind_address:]port Cancel remote forward -KD[bind_address:]port Cancel dynamic forward
So for example I want to locally forward 54321 on this local windows PC (using ssh in cygwin) to port 443 on the SSH server:
So that you see:
ssh> -L 54321:localhost:443
Then hit Enter and now you should have that port forward setup. So go to your browser and type “localhost:54321” and you will access the 443 webserver on the ssh server.
To cancel your prompt get back to the ssh prompt and type ssh> -KL 54321
Sidenote: if you specified the bind_address with your portfowards like so ssh> -L localhost:54321:localhost:443 , then you will have to kill it like this ssh> -KL localhost:54321 . Note I think by default (if you dont specify that bind_address) the bind interface is all interfaces *:54321:localhost:443 (meaning all interfaces can connect to 54321).