- needing to be root to specify a privileged port (under 1024)
- needing to pick up the right SSH key
And then there's the small matter of the port mapping flag to remember.
So here's the incantation that tunnels your local port 80 to the remote host.
@ -A -p -L 80:localhost:80 -i