1.) add an SSH tunnel instance on Preferences ->Tunnels page, user configurable. Ports don't matter\\
[{Image src='um_sshtunnel1.jpg' width='..' height='..' align='left' style='..' class='..' }]\\
\\
2.) assign that to a user\\
[{Image src='um_sshtunnel2.jpg' width='..' height='..' align='left' style='..' class='..' }]\\
\\
3.) connect with openssh tunnel mode no console
\\
ssh -v -N -L 8888:localhost:8080 testtunnel@192.168.3.102 -oPort=2222

where, replace ,as per your settings the IP and port

8888 is the local port number you will connect to with a browser http://127.0.0.1:8888/

localhost is the remote forward IP we tell the ssh (Crush server) to connect the tunneled port . It's a Crush loopback tunnel, we connect to the HTTP port 8080 on the same host

8080 is the remote port to tunnel to

192.168.3.102 -oPort=2222  is the Crush server's publicly accessible IP and SFTP port

testtunnel is the tunnel user (not necessarily the same user you log in by, over tunneled webinterface)