Often, when working with Java machines behind firewalls, there is the requirement to debug or analyze Java servers or processes in general using tools like Java VisualVM, jconsole or others. To make it as simple as possible, JMX- and RMI-ports need to be configured on Java application server and authentication or certificate checking for security are disabled in this example.

Java application on remote server

When starting up the application, add these (sample) configuration parameters:

-Dcom.sun.management.jmxremote.port=9010
-Dcom.sun.management.jmxremote.authenticate=false 
-Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.local.only=false
-Dcom.sun.management.jmxremote.rmi.port=9011
-Djava.rmi.server.hostname=localhost

Both ports need to be tunneled via SSH to be accessible on the local machine.

SSH-Tunnel on local machine

When working on *nix environments, the default SSH command is capable to establish the SSH-tunnel to the remote server.

Default command:

ssh -C $username@$server_ip -L $port_local_machine:localhost:$port_remote_machine

Example command to map both ports from example above:

ssh -C $username@$server_ip -L 9010:localhost:9010 -L 9011:localhost:9011

Another solution, especially on Windows machines, would be to use PuTTY.

In PuTTY Configuration window, select the category: “Connection” – “SSH” – “Tunnels” and put the necessary configuration in “Add new forwarded port”:

For this example:

Source port: 9010
Destination: localhost:9010
Choose “Local”- and “Auto”-radiobox and press the “Add”-Button.

Source port: 9011
Destination: localhost:9011
Choose “Local”- and “Auto”-radiobox and press the “Add”-Button.

Debug tool

Java VisualVM, jconsole or other tools can be used by starting them on the local machine and telling them to connect to a remote process: “localhost:9010”