ssh(1) -p 64295 -l tsec -N -L8080: yourHoneypotsPublicIPaddress
OpenSSH SSH client (remote login program)
-p port
        Port to connect to on the remote host.  This can be specified on a per-host basis in the
        configuration file.
-l login_name
        Specifies the user to log in as on the remote machine.  This also may be specified on a per-host
        basis in the configuration file.
-N      Do not execute a remote command.  This is useful for just forwarding ports (protocol version 2
-L [bind_address:]port:host:hostport
        Specifies that the given port on the local (client) host is to be forwarded to the given host and
        port on the remote side.  This works by allocating a socket to listen to port on the local side,
        optionally bound to the specified bind_address.  Whenever a connection is made to this port, the
        connection is forwarded over the secure channel, and a connection is made to host port hostport
        from the remote machine.  Port forwardings can also be specified in the configuration file.  IPv6
        addresses can be specified by enclosing the address in square brackets.  Only the superuser can
        forward privileged ports.  By default, the local port is bound in accordance with the GatewayPorts
        setting.  However, an explicit bind_address may be used to bind the connection to a specific
        address.  The bind_address of “localhost” indicates that the listening port be bound for local use
        only, while an empty address or ‘*’ indicates that the port should be available from all
ssh connects and logs into the specified hostname (with optional user name).  The user must prove his/her
identity to the remote machine using one of several methods depending on the protocol version used (see

If command is specified, it is executed on the remote host instead of a login shell.
source manpages: ssh