Warning: this is totally silly and useless. Don't do this on production machines.
Let's try something silly for once.
tokyo$ ssh -L 5555:127.0.0.1:5555 user@moscow moscow$ ssh -L 5555:127.0.0.1:5555 user@berlin berlin$ ssh -L 5555:127.0.0.1:5555 user@newyork newyork$ ssh -L 5555:127.0.0.1:5555 user@tokyo tokyo$ echo a | netcat 127.0.0.1 5555 # after a while... channel 1017: open failed: administratively prohibited: open failed
Use tcpdump on any of the hosts to watch your "a" go round the world endlessly (well, almost: just until all available file descriptors are eaten up). It works even without piping the "a" into netcat.
If you don't have machines around the world, a simpler (but admittedly less
dramatic) way of doing the same thing with a single machine is:
host1# ssh -L 5555:127.0.0.1:5555 user@127.0.0.1 host1# echo a | netcat 127.0.0.1 5555
and of course any number of machines can be chained this way, as long as it's possible to ssh from the last into the first.
Yes, I did say it was silly.