SSH tunneling which is also known as SSH port forwarding creates a secure connection between the local and a remote computer through which services can be relayed.
SSH tunnels ensure a high level of data encryption and security so these are useful for transmitting the information especially for unencrypted network protocols such as VNC, IMAP, FTP, etc.
There are three types of SSH port forwarding –
- Local port forwarding
- Remote port forwarding
- Dynamic port forwarding
In this article, you will learn all the given types of ssh port forwarding and we will also discuss how to set up it on a Linux machine.
Local port forwarding
The local port forwarding allows us to forward a port on a local machine to a specific port on a remote machine and then it is forwarded to some destination address.
In this type of port forwarding, the local machine listens to a given port and tunnels any traffic to the specified port on the remote machine. After receiving the traffic from the local machine remote server forwards this to the set destination address. To use port forwarding make sure it is enabled on the server-side.
The typical uses of local port forwarding are –
- Connecting to a service on an internal network from outside
- Tunneling sessions and file transfer
- Connecting to a remote file share over the internet
Now to create the local port forward use the -L flag with ssh command in your terminal.
ssh -L [LOCAL_IP:]LOCAL_PORT:DESTINATION:DESTINATION_PORT [USERNAME@]SSH_SERVER
Where,
LOCAL_IP
– This is the IP address of the local machine if you do not specify it ssh client will automatically bind the localhost
LOCAL_PORT
– Port number on the local machine use any port above 1024 as below this are privileged ports for root user only
DESTINATION
– The IP or hostname of the destination machine
DESTINATION_PORT
– Port number on the destination machine
USERNAME@SSH_SERVER
– User name and IP of the ssh server
For example –
Let’s say you want to access a database server located at 192.168.5.101 on your office network and you have the access to ssh server at ssh.example.com with user name lalit. Now you can access the database server through the ssh server from outside.
ssh -L 8888:192.168.5.101:4323 lalit@ssh.example.com
Remote port forwarding
The remote port forwarding is opposite to local forwarding it allows us to forward a port on a remote machine(ssh server) to a specific port on a local machine(ssh client) and then it is forwarded to some destination address.
In this type of port forwarding, the remote machine listens to a given port and tunnels any traffic to the specified port on the ssh client machine. After receiving the traffic from the remote server local machine forwards this to the set destination address.
To create a remote port forwarding you need to use option -R on your ssh client machine –
ssh -R [REMOTE_IP:]REMOTE_PORT:DESTINATION:DESTINATION_PORT [USERNAME@]SSH_SERVER
Where,
LOCAL_IP
– This the IP address of the local machine if you do not specify it ssh client will automatically bind the localhost
REMOTE_PORT
– Port number on the remote machine use any port above 1024 as below this are privileged ports for root user only
DESTINATION
– The IP or hostname of the destination machine
DESTINATION_PORT
– Port number of the destination machine
USER@SSH_SERVER
– User name and IP of the ssh server
For example –
Suppose you wanted to let a friend access your desktop through a command-line ssh client. You would use port number 5900 the first VNC port and destination server localhost then use –
ssh -R 5900:localhost:5900 guest@lk-pc
Now during the ssh session, your friend will able to access your desktop by connecting the VNC client to port number 5900. Option -R will specify the remote port forwarding.
Dynamic port forwarding
Dynamic port forwarding turns your ssh client into a SOCKS proxy server. It is a widely implemented protocol for programs to request any internet connection through a proxy server. Each program using a proxy server need to configure specifically.
To create dynamic port forwarding (SOCKS) on Linux system pass option -D to your ssh client.
ssh -D [LOCAL_IP:]LOCAL_PORT [USERNAME@]SSH_SERVER
Where option -D specifies dynamic port forwarding and
LOCAL_IP
– This is the IP address of the local machine if you do not specify it ssh client will automatically bind the localhost
LOCAL_PORT
– Port number on the local machine use any port above 1024 as below this are privileged ports for root user only
USERNAME@SSH_SERVER
– User name and IP of the ssh server
For example –
Let’s say you have access to the SSH server at ssh.example.com and your username is lalit. You want to use dynamic forwarding to open a SOCKS proxy at port 8888 on your system then use –
ssh -D 8888 lalit@ssh.example.com
Now you can configure a web browser or another application to use your local IP address (127.0.0.1) and port 8888. All traffic from that application will be redirected through the tunnel.
Conclusion
Now you know how to set up and use SSH tunneling on a Linux system. If you have a query then write us in the comments below.