SSH tunneling is used to tunnel all of the traffic from your local machine to a remote server that you have an account. SSH allows users to create TCP tunnels to send data over the network. The amazing thing about SSH tunnels is that they are encrypted.
How tunneling works?
This works by allocating a socket to listen to port on the local side, optionally bound to the specified bind_address. Whenever a connection is made to this port, the connection is forwarded over the secure channel, and a connection is made to host port from the remote machine. Port forwardings can also be specified in the configuration file.
There are two ways to create an SSH tunnel: local and remote port forwarding
Local port forwarding is used in cases where we are on a private network which doesn’t allow connections to a specific server.
For eg. lets say an a website test.com being blocked on a network. In this case we can create a tunnel through a server which isn’t on our network and thus can access the website.
For that use the following command in linux
# ssh user@work.example.org -L 10000:test.com:80
The key here is -L which says we’re doing local port forwarding. Then it says we’re forwarding our local port 10000 to test.com:80, which is the default port for HTTP. Now open your browser and go to http://localhost:10000.
Remote port forwarding is used to giving access to a service (SSH port tcp/22) on your home machine (localhost) to people at work. Use the following syntax for it :
# ssh user@work.example.org -R 10000:localhost:22
First you need to specify a local port on your machine which you wish to expose publicly, which in this case is 10000.
Next there is the address on which the server should listen to, and a port on which the server should listen to, which in this case is 22.
There is one more thing you need to do to enable this. SSH doesn’t by default allow remote hosts to forwarded ports.
To enable this open /etc/ssh/sshd_config using any file editor and add the following line somewhere in that config file.
===
GatewayPorts yes
===
After it save the file and restart the SSH service.
Steps for tunneling in windows using putty
- Launch putty and head to Connection > SSH > Tunnels
- In the Source port field, enter a port number that your computer will listen for traffic on. Be sure to pick one that isn’t being used by another program. (9000 should be a safe bet) .
- Then select Dynamic and Auto as the port type and then click Add. Then scroll back up and click on Session.
- Enter the IP address of the machine running the SSH server in the Host Name (or IP address
- Then type a name in the Saved Sessions box and click Save for future usage.
- Now you can double click on the name of the saved session to start up the tunnel.
- You will have to enter your username and password before the tunnel will work correctly, unless the server is configured for anonymous logins.
Once the SSH session is open and the tunnel is up.
If you require help, contact SupportPRO Server Admin
