If you have sshd running on a server, you cannot use port 22 as a forwarding source, because sshd is already occupying that port.
If a port is occupied by a process listening on it, you cannot re-use that port number.
When using the -L option the syntax is
-L
::
The is where the ssh sets up a listening socket on the local host (where the command is executed). Then the data is taken (using the encrypted SSH tunnel) to the destination host of the SSH connection.
*From there* it is forwarded to :. This last step is *not* protected by the SSH encryption, so it's good to make this step as short as possible.
So, if you enter on server1 a command like:
ssh -L 2222:localhost:22 server2 sleep 1000000
it actually makes sense (the "localhost" is interpreted according to server2's point of view).
After this, if you connect to server1:22, you'll get server1 as normal. But if you connect to server1:2222, it will behave just as if you'd connected to server2:22.
However, unless you use the -g option, connections to server1:2222 will be refused unless they are originating from server1.
MK
