埠（作為通信連接端點）在 SSH 埠轉發中屬於哪些程序？

(1) 遠端轉發：

-R [bind_address:]port:host:hostport
        Specifies that the given port on the remote (server) host is to be forwarded to the given host and port on the local side.  This works by
        allocating a socket to listen to port on the remote side, and whenever a connection is made to this port, the connection is forwarded over the
        secure channel, and a connection is made to host port hostport from the local machine.

        Port forwardings can also be specified in the configuration file.  Privileged ports can be forwarded only when logging in as root on the
        remote machine.  IPv6 addresses can be specified by enclosing the address in square brackets.

        By default, the listening socket on the server will be bound to the loopback interface only.  This may be overridden by specifying a
        bind_address.  An empty bind_address, or the address ‘*’, indicates that the remote socket should listen on all interfaces.  Specifying a
        remote bind_address will only succeed if the server's GatewayPorts option is enabled (see sshd_config(5)).

        If the port argument is ‘0’, the listen port will be dynamically allocated on the server and reported to the client at run time.  When used
        together with -O forward the allocated port will be printed to the standard output.

hostport為在目標上執行的目標程序指定一個連接端點host。

是port 連接端點

• 在 SSH 伺服器程序中，或
• 在與 SSH 伺服器在同一源主機上執行的程序中，並希望通過將自身附加到 SSH 隧道來使用port？

（我的猜測是後者）

(2) 對於本地轉發：

-L [bind_address:]port:host:hostport
        Specifies that the given port on the local (client) host is to be forwarded to the given host and port on the remote side.  This works by
        allocating a socket to listen to port on the local side, optionally bound to the specified bind_address.  Whenever a connection is made to
        this port, the connection is forwarded over the secure channel, and a connection is made to host port hostport from the remote machine.  Port
        forwardings can also be specified in the configuration file.  IPv6 addresses can be specified by enclosing the address in square brackets.
        Only the superuser can forward privileged ports.  By default, the local port is bound in accordance with the GatewayPorts setting.  However,
        an explicit bind_address may be used to bind the connection to a specific address.  The bind_address of “localhost” indicates that the listen‐
        ing port be bound for local use only, while an empty address or ‘*’ indicates that the port should be available from all interfaces.

hostport為在目標上執行的目標程序指定一個連接端點host。

是port 連接端點

• 在 SSH 客戶端程序中或
• 在與 SSH 客戶端在同一源主機上執行的程序中，並希望通過將自身附加到 SSH 隧道來使用port？

（我的猜測是後者）

(3) 對於 SOCKS 代理：

-D [bind_address:]port
        Specifies a local “dynamic” application-level port forwarding.  This works by allocating a socket to listen to port on the local side, option‐
        ally bound to the specified bind_address.  Whenever a connection is made to this port, the connection is forwarded over the secure channel,
        and the application protocol is then used to determine where to connect to from the remote machine.  Currently the SOCKS4 and SOCKS5 protocols
        are supported, and ssh will act as a SOCKS server.  Only root can forward privileged ports.  Dynamic port forwardings can also be specified in
        the configuration file.

        IPv6 addresses can be specified by enclosing the address in square brackets.  Only the superuser can forward privileged ports.  By default,
        the local port is bound in accordance with the GatewayPorts setting.  However, an explicit bind_address may be used to bind the connection to
        a specific address.  The bind_address of “localhost” indicates that the listening port be bound for local use only, while an empty address or
        ‘*’ indicates that the port should be available from all interfaces.

是port連接端點

• 在 SSH 客戶端程序中，
• 在 SSH SOCKS 伺服器中，或
• 在與 SSH 客戶端在同一主機上執行的程序中，並希望通過連接來使用 SOCKS 伺服器port？

（我的猜測是第二個。我猜它不是第一個，因為 SSH 客戶端有自己的預設埠。我不確定第三個）

這些草圖應該可以幫助您回答所有問題：https ://unix.stackexchange.com/a/118650/121504

但是要明確回答您的問題：

1. 對於遠端轉發：

port是 SSH 伺服器中的連接端點。 2. 對於本地轉發：

port是 SSH 客戶端程序中的連接端點 3. 對於 SOCKS 代理：

port是 SSH 客戶端程序中的連接端點

但更多視覺解釋實際上是上面連結的草圖。但總結一下：

第一個埠（對於 SOCK 代理是唯一的）始終是您將使用下一步連接的空閒埠。****另一個埠是執行現有服務的埠。

編輯：

如果我了解真正的問題是使用lsof. 您的埠在我的範例中12345：

對於遠端轉發：

[local ] $ ssh -R 12345:localhost:22 remote
[remote] $ lsof -P | grep 12345
sshd 27772 root  7u IPv6 1304283702 0t0 TCP localhost:12345 (LISTEN)
sshd 27772 root  8u IPv4 1304283703 0t0 TCP localhost.localdomain:12345 (LISTEN)

對於本地轉發：

[local] $ ssh -L 12345:localhost:22 remote
[local] $ lsof -p $(pidof ssh) -P | grep 12345
ssh  6779 jakuje    4u  IPv6 146565      0t0     TCP ip6-localhost:12345 (LISTEN)
ssh  6779 jakuje    5u  IPv4 146566      0t0     TCP localhost:12345 (LISTEN)

對於動態埠轉發：

[local] $ ssh -D 12345 root@dta3.com
[local] $ lsof -p $(pidof ssh) -P | grep 12345
ssh     11388 jakuje    4u  IPv6 173537    0t0   TCP ip6-localhost:12345 (LISTEN)
ssh     11388 jakuje    5u  IPv4 173538    0t0   TCP localhost:12345 (LISTEN)

引用自：https://unix.stackexchange.com/questions/236429