Post

SSH Tunneling

Posted
By x3ric
2 min read

SSH tunneling is a technique used to enhance security by establishing encrypted connections between local and remote systems, facilitating secure data transfer and access to remote resources. There are several types of SSH tunneling, each serving different purposes:

1. Local Port Forwarding (-L)

Local port forwarding allows you to forward traffic from a specified local port to a remote host and port via the SSH server. This is useful when you want to access a service running on a remote machine securely.

Example Command:

1

ssh -L <local_port>:<remote_host>:<remote_port> <username>@<host>

This command establishes a tunnel where traffic sent to <local_port> on your local machine is forwarded to <remote_host>:<remote_port> on the remote machine via the SSH server.

2. Remote Port Forwarding (-R)

Remote port forwarding allows you to forward traffic from a specified remote port on the SSH server to a local host and port. This is useful when you want to expose a service running on your local machine to the internet securely.

Example Command:

1

ssh -R <remote_port>:<local_host>:<local_port> <username>@<host>

This command establishes a tunnel where traffic sent to <remote_port> on the SSH server is forwarded to <local_host>:<local_port> on your local machine.

3. Dynamic Port Forwarding (-D)

Dynamic port forwarding creates a SOCKS proxy on a specified local port, allowing you to tunnel traffic from your local machine through the SSH server to the internet. This is useful for securing your internet browsing or accessing restricted resources.

Example Command:

1

ssh -D <local_port> <username>@<host>

This command creates a SOCKS proxy on <local_port> on your local machine. You can then configure your browser or other applications to use this proxy to route their traffic securely through the SSH server.

Client Configuration

Add the following to $HOME/.ssh/config:

1
2
3
4
5
6
7

Host <name>
    HostName <host>
    Port <port> # if not 22
    User <username>
    #LocalForward <local_port> <remote_host>:<remote_port>
    #RemoteForward <remote_port> <local_host>:<local_port>
    #DynamicForward <proxy_port>

after you can simply ssh <name>

Server Configuration

On the SSH server, ensure that GatewayPorts is enabled in /etc/ssh/sshd_config if you plan to use remote port forwarding:

1

GatewayPorts yes

Finally, restart the SSH service to apply the changes:

1

sudo systemctl restart ssh

By understanding and utilizing these SSH tunneling options, you can securely access and transfer data between local and remote systems while mitigating security risks associated with plaintext communication over the internet.

ssh
ssh
This post is licensed under CC BY 4.0 by the author.