# SSH Proxy — Examples > Concrete SSH Proxy walkthroughs: a database tunnel, a local dev server, a SOCKS proxy, a jump host, an ~/.ssh/config entry and a systemd tunnel service. Source: https://www.jpkc.com/db/en/tools/ssh-proxy/examples/ Back to overview: [SSH Proxy](https://www.jpkc.com/db/en/tools/ssh-proxy/) · Open the live tool: [www.jpkc.com/tools/ssh-proxy/](https://www.jpkc.com/tools/ssh-proxy/) This page shows **SSH Proxy** through concrete walkthroughs. Hosts, users and ports are examples — plug in your own values. How the individual fields and options work in detail is covered in the [manual](https://www.jpkc.com/db/en/tools/ssh-proxy/manual/). Remember: the tool only builds the commands; you run them in your own terminal. ## Example 1: Reach a remote database Goal: reach a MySQL database that only listens locally on the server from your own machine. 1. Select **Local Forward**. 2. **SSH Host** = `db-server.example.com`, **SSH User** = `deploy`, **SSH Port** = `22`. 3. In the **Port Forwards** table: Local Bind `127.0.0.1`, Local Port `3306`, Remote Host `127.0.0.1`, Remote Port `3306`. 4. Leave **Background** and **KeepAlive** on, click **Generate**. **Result:** a Bash script with an invocation like ```bash ssh \ -L 127.0.0.1:3306:127.0.0.1:3306 \ -f \ -N \ -o ServerAliveInterval=60 \ -o ServerAliveCountMax=3 \ deploy@db-server.example.com ``` After starting it, simply point your DB client at `127.0.0.1:3306` — as if the database were running locally. The explanation table breaks down every flag. If the port is already taken locally, the forward will clash; pick a free local port then, such as `13306`. ## Example 2: Expose your local dev server Goal: make your locally running web server (`localhost:3000`) reachable from a remote server, e.g. for a webhook test. 1. Select **Remote Forward**. 2. **SSH Host** = `public.example.com`, **SSH User** = `tunnel`. 3. Table: Remote Bind `0.0.0.0`, Remote Port `8080`, Local Host `127.0.0.1`, Local Port `3000`. 4. Tick the **GatewayPorts** switch (you want the port reachable from outside). 5. **Generate**. **Result:** an `ssh -R 0.0.0.0:8080:127.0.0.1:3000` invocation — plus a clear comment block reminding you that the SSH server needs `GatewayPorts clientspecified` in `/etc/ssh/sshd_config` and a restart afterwards. Without that server setting the tunnel binds only to the server's `127.0.0.1`, not to `0.0.0.0`. ## Example 3: A SOCKS5 proxy to browse through a server Goal: route your browser traffic through a remote server. 1. Select **Dynamic / SOCKS**. 2. **SSH Host** = `gateway.example.com`, **SSH User** = `me`. 3. **Bind Address** `127.0.0.1`, **SOCKS Port** `1080`. 4. Also tick **Compression** (slow link), **Generate**. **Result:** `ssh -D 127.0.0.1:1080 -f -N -C … me@gateway.example.com`, along with ready test commands like `curl --socks5-hostname 127.0.0.1:1080 https://ifconfig.me`. Then configure your application to use the SOCKS5 proxy `127.0.0.1:1080` — conveniently via the **Proxy Settings** generator. Important: in Firefox set `network.proxy.socks_remote_dns = true`, otherwise DNS queries leak around the proxy. ## Example 4: Reach the internal network through a bastion host Goal: reach an internal server that's only accessible via a jump host. 1. Select **Jump Host**, **Mode** = *Modern (-J / ProxyJump)*. 2. In the **Jump Chain** table: Host `bastion.example.com`, Port `22`, User `jumpuser`. 3. **Final Destination Host** = `internal.example.com`, **Destination User** = `admin`. 4. **Generate**. **Result:** ```bash ssh \ -J jumpuser@bastion.example.com \ -o ServerAliveInterval=60 \ admin@internal.example.com ``` Need a second intermediate hop? Click **Add Jump** and add the row — `-J` takes multiple, comma-separated hops. On very old servers (before OpenSSH 7.3) choose **Legacy (ProxyCommand)** instead; for multiple hops the tool then emits chained `~/.ssh/config` blocks. ## Example 5: Bake a recurring tunnel into ~/.ssh/config Goal: stop typing the long command every time and let `ssh myserver` suffice. 1. Select **SSH Config**. 2. **Host Alias** = `myserver`, **HostName** = `db-server.example.com`, **User** = `deploy`. 3. **IdentityFile** = `~/.ssh/id_ed25519`. 4. In the forward table: Type `L`, Bind:Port `127.0.0.1:3306`, Target:Port `127.0.0.1:3306`. 5. **Generate**. **Result:** a ready block to append to `~/.ssh/config`: ``` Host myserver HostName db-server.example.com User deploy IdentityFile ~/.ssh/id_ed25519 ServerAliveInterval 60 ServerAliveCountMax 3 ExitOnForwardFailure yes LocalForward 127.0.0.1:3306 127.0.0.1:3306 # Usage: ssh myserver ``` After that `ssh myserver` is enough, and the forward comes up automatically. Use **Copy**, then append it to your config. ## Example 6: Run a tunnel as a systemd service at boot Goal: keep a database tunnel running permanently as a service that comes back up by itself after a reboot. 1. Select **Autostart Setup**, **Autostart Method** = *systemd (Linux)*. 2. **SSH Host** = `db-server.example.com`, **SSH User** = `deploy`, **Identity File** = `~/.ssh/id_ed25519`. 3. **Tunnel Type** = `Local (-L)`, **Forward Spec** = `3306:127.0.0.1:3306`. 4. **Service Name** = `db-tunnel`, **Run as User** = your username. 5. **Generate**. **Result:** two tabs. `tunnel.sh` holds the start script; `db-tunnel.service` holds a systemd unit with `Restart=always` and `RestartSec=10`, plus the install instructions baked into the comments (`sudo cp …`, `daemon-reload`, `enable --now`). Copy the service tab to `/etc/systemd/system/db-tunnel.service` and enable it — the tunnel then survives reboots and drops. If you need several tunnels managed centrally, the **Management Script** generator is the better fit. --- There's more on the individual generators in the [manual](https://www.jpkc.com/db/en/tools/ssh-proxy/manual/), strategy and pitfalls in the [tips & tricks](https://www.jpkc.com/db/en/tools/ssh-proxy/tips/). Get started directly in the [tool](https://www.jpkc.com/tools/ssh-proxy/).