Port Tunneling

// Because searching for this sort of thing is more difficult than I wanted

Lets get right into it

The data below gets put into ~/.ssh/config - it'll probably complain about permissions, so they should be 600 (I think).

We're assuming you're familiar with SSH, and postgres (or some other DB/service you can forward ports on).

Host db-01.home.lan db-01 main-db    # these are aliases you use, e.g. ssh db-01
  Hostname      db-01.home.lan       # the IP or name of the host to connect to
  User          centos               # The username used to authenticate
  IdentityFile  ~/.ssh/2022-apr.pem  # The private key used to auth
  #LogLevel      Info                # this is just some log level, makes a lot of noise on the screen
  LocalForward  9999 localhost:5432  # localport remotehost:remoteport - in this example, it brings
                                     # the local port 5432 on the remote host, to be exposed locally
                                     # as port 9999

I won't go into the fun stuff of not being able to bind to ports that are super low, you should be fine setting it to >2k and <64k To activate the forward, you'll need a session open ssh main-db - should do the trick