In OpenSSH to create a local port that forwards to a remote port without creating a connection to the shell.

ssh -N -l johndoe -i .ssh/id_dsa -L45432:0.0.0.0:5432 191.168.1.1

The above command uses the identity file id_dsa and creates a local port 45432 that forwards to the remote system on port 5432 (postgres).

This will allow the local client to connect with postgres on local port 45432 and run queries against the remote database over the encrypted SSH tunnel. This is a very secure method for database connectivity.

To create an identity file:

ssh-keygen -t dsa -b 2048

Do not enter a password if you are going to use this to connect without user interaction. If you do this you must keep the key protected.

Once you have the keys take the public key (id_dsa.pub) and add it to the authorized_keys file of the user you are connecting as:

For instance if the user is johndoe on the remote system go to johndoe's home directory, something like /home/johndoe and then to the .ssh directory ( /home/johndoe/.ssh ) and add the id_dsa.pub key to the end of the authorized_keys file. If the file does not exist create it and add the key on the end. They key is only one line so make sure that it doesn't span more than one line.

Make sure to make the file read/write only for the owner: chmod 600 authorized_keys

Now you can log in or use the above command to create a local port to tunnel to a remote port.

Of course to log in: ssh -l johndoe -i /home/johndoe/.ssh/id_dsa 192.168.1.1