Tunnel: SSH

Saurabh Sharma

SSH tunneling is a powerful technique that allows you to securely tunnel network traffic between two endpoints. SSH tunneling can be used for a variety of purposes, including bypassing network security restrictions, accessing resources on a remote network, and encrypting network traffic.

There are three types of SSH tunneling:

  • local port forwarding,
  • remote port forwarding, and
  • dynamic port forwarding.

Each type of tunneling has its own use case and can be used in different scenarios.

Local Port Forwarding

Local port forwarding allows you to forward traffic from a local port to a remote host and port. This is useful when you need to access a service on a remote host that is not directly accessible from your local machine.

For example, suppose you want to access a web server that is running on a remote host, but the web server is only accessible from the remote host’s local network. To access the web server, you can create a local port forwarding tunnel that forwards traffic from your local machine’s port 8080 to the remote host’s port 80:

ssh -L 8080:web-server:80 user@remote-host

In this example, web-server is the hostname or IP address of the remote server that is running the web server.

After creating the tunnel, you can access the web server by opening a web browser and navigating to http://localhost:8080.

Remote Port Forwarding

Remote port forwarding allows you to forward traffic from a remote port to a local host and port. This is useful when you need to access a service on your local machine from a remote host.

For example, suppose you want to give a friend access to a web server that is running on your local machine. To do this, you can create a remote port forwarding tunnel that forwards traffic from the remote host’s port 8080 to your local machine’s port 80:

ssh -R 8080:localhost:80 user@remote-host

In this example, localhost is the hostname or IP address of your local machine.

After creating the tunnel, your friend can access the web server by opening a web browser and navigating to http://remote-host:8080.

Dynamic Port Forwarding

Dynamic port forwarding allows you to create a SOCKS proxy server on your local machine that forwards traffic through an SSH tunnel to a remote server. This is useful when you need to access resources on a remote network that is not directly accessible from your local machine.

For example, suppose you are working from a coffee shop and need to access a company network that is behind a firewall. To access the network, you can create a dynamic port forwarding tunnel that forwards traffic from your local machine’s SOCKS proxy server to the remote server:

ssh -D 1080 user@remote-server

After creating the tunnel, you can configure your web browser to use the SOCKS proxy server at localhost:1080. Any network traffic sent from your web browser will be forwarded through the SSH tunnel to the remote server.

Conclusion

In conclusion, SSH tunneling is a powerful technique that can be used to securely tunnel network traffic between two endpoints. Local port forwarding, remote port forwarding, and dynamic port forwarding each have their own use case and can be used in different scenarios.

Local port forwarding is useful when you need to access a service on a remote host that is not directly accessible from your local machine. Remote port forwarding is useful when you need to give someone access to a service on your local machine from a remote host. Dynamic port forwarding is useful when you need to access resources on a remote network that is not directly accessible from your local.


Image credit to goteleport.com