SSH Port Forwarding
One-liner explanations + exact commands. No fluff. Just pivot and go.
Quick Decision Table
Situation
SSH Direction
Target Known?
Proxy Needed?
Use
Flag
You can SSH into a box and access a known internal host
SSH into victim
✅ Yes
❌ No
Local Port Forwarding
-L
You have reverse shell and want Kali to access an internal host via victim
SSH from victim to Kali
✅ Yes
❌ No
Remote Port Forwarding
-R
You can SSH into a box and want to scan multiple unknown targets
SSH into victim
❌ No
✅ Yes
Dynamic Port Forwarding
-D
You have reverse shell and want Kali to proxy via victim to scan/enumerate
SSH from victim to Kali
❌ No
✅ Yes
Remote Dynamic Port Forwarding
-R (SOCKS)
Local Port Forwarding (-L)
-L)You can SSH into a box and want to access an internal host from there.
Example:
Remote Port Forwarding (-R)
-R)You have reverse shell and want Kali to access something the victim can reach.
Example:
Dynamic Port Forwarding (-D)
-D)You can SSH into a pivot box and want to explore or scan targets via proxychains.
Example:
Then in /etc/proxychains4.conf:
Remote Dynamic Port Forwarding (-R + SOCKS)
-R + SOCKS)You have reverse shell and want to proxy traffic from Kali through victim.
Example:
Then in /etc/proxychains4.conf:
Last updated
Was this helpful?