Return to Answer

The easiest way to terminate the port forwarding by acting on compute_mine is to type Ctrl+c it the terminal where our ssh -t runs (if such terminal exists). This won't directly kill ssh -t, ^C will get to compute_remote_1 and the tty there will kill ssh -NL (see this answer). Our local ssh -t will exit later.

It's up to you if you ssh -t from compute_mine to compute_remote_1 or to compute_remote_2; and if you use ssh -NL or ssh -NR there. The "target" of port forwarding does not have to be localhost, so e.g. ssh -NL 5678:compute_remote_2:1234 compute_remote_3 on compute_remote_1 may make sense. Adjust the solution to your needs.

The easiest way to terminate the port forwarding by acting on compute_mine is to type Ctrl+c it the terminal where our ssh -tt runs (if such terminal exists). This won't directly kill ssh -tt, ^C will get to compute_remote_1 and the tty there will kill ssh -NL (see this answer). Our local ssh -tt will exit later.

It's up to you if you ssh -tt from compute_mine to compute_remote_1 or to compute_remote_2; and if you use ssh -NL or ssh -NR there. The "target" of port forwarding does not have to be localhost, so e.g. ssh -NL 5678:compute_remote_2:1234 compute_remote_3 on compute_remote_1 may make sense. Adjust the solution to your needs.

To forward a port from compute_remote_1 to compute_remote_2 not via compute_mine, you need an SSH connection that starts at compute_remote_1 and ends at compute_remote_2 (or vice versa). From compute_mine you can do this:

ssh -tt compute_remote_1 'exec ssh -NL 8080:localhost:80 compute_remote_2'

It's up to you if you ssh -t from compute_mine to compute_remote_1 or to compute_remote_2; and if you use ssh -NL or ssh -NR there. Adjust the solution to your needs.

To forward a port from compute_remote_1 to compute_remote_2 not via compute_mine, you need an SSH connection that starts at compute_remote_1 or compute_remote_2. 

From compute_mine you can do this:

ssh -tt compute_remote_1 'exec ssh -NL 5678:localhost:1234 compute_remote_2'

It's up to you if you ssh -t from compute_mine to compute_remote_1 or to compute_remote_2; and if you use ssh -NL or ssh -NR there. The "target" of port forwarding does not have to be localhost, so e.g. ssh -NL 5678:compute_remote_2:1234 compute_remote_3 on compute_remote_1 may make sense. Adjust the solution to your needs.

A solution is to use ssh -t on compute_mine:

ssh -t compute_remote_1 'exec ssh -NL 8080:localhost:80 compute_remote_2'

This will allocate a tty on compute_remote_1 and start a shell as the controlling process of the tty. The shell will execute exec ssh … an thus replace itself with ssh. The point is we want ssh to be the controlling process. Some shells exec the last command automatically (an optimization, a sane behavior when there is nothing more to do), but it's better to exec explicitly in case the shell on compute_remote_1 is not that smart.

The easiest way to terminate the port forwarding by acting on compute_mine is to type Ctrl+c it the terminal where our ssh -t runs. This won't directly kill ssh -t, ^C will get to compute_remote_1 and the tty there will kill ssh -NL (see this answer). Our local ssh -t will exit later.

ssh on compute_mine may exit first for whatever reason. If this happens and if sshd on compute_remote_1 notices (depending on circumstances it may or may not notice immediately, see this answer), then the tty on compute_remote_1 will be closed and the controlling process will get SIGHUP. We made sure the controlling process is ssh that handles the port forwarding, SIGHUP will terminate it. This way the port forwarding is automatically terminated when the ssh process on compute_mine terminates.

A solution is to use ssh -tt on compute_mine:

ssh -tt compute_remote_1 'exec ssh -NL 8080:localhost:80 compute_remote_2'

^{(-t is usually enough, but -tt will do what we want even if there is no local terminal.)}

This will allocate a tty on compute_remote_1 and start a shell as the controlling process of the tty. The shell will execute exec ssh … an thus replace itself with ssh. The point is we want ssh to be the controlling process. Some shells exec the last command automatically (an optimization, a sane behavior when there is nothing more to do), but it's better to exec explicitly in case the shell on compute_remote_1 is not that smart.

The easiest way to terminate the port forwarding by acting on compute_mine is to type Ctrl+c it the terminal where our ssh -t runs (if such terminal exists). This won't directly kill ssh -t, ^C will get to compute_remote_1 and the tty there will kill ssh -NL (see this answer). Our local ssh -t will exit later.

ssh on compute_mine may exit first for whatever reason, e.g. you may kill it. If this happens and if sshd on compute_remote_1 notices (depending on circumstances it may or may not notice immediately, see this answer), then the tty on compute_remote_1 will be closed and the controlling process will get SIGHUP. We made sure the controlling process is ssh that handles the port forwarding, SIGHUP will terminate it. This way the port forwarding is automatically terminated when the ssh process on compute_mine terminates.