====== SSH Port Forwarding (Tunneling) ======


{{ :elosys:screenshot_from_2024-03-30_22-16-17.png?nolink&600 |}}

**SSH** (Secure Shell) is a widely used protocol for system administration and file transfer. It provides secure encrypted communication between two hosts over an insecure network. One of the key features of **SSH** is **port forwarding**, also known as **SSH tunneling**, which allows users to create encrypted connections and forward network traffic through SSH sessions. This guide will provide a comprehensive overview of SSH port forwarding, including its types and practical examples.



===== Prerequisites =====

  * Before you begin using SSH port forwarding, ensure the following prerequisites are met:


==== Checking SSH Server Configuration ====

  * If using OpenSSH server, ensure AllowTcpForwarding and GatewayPorts options are appropriately configured in sshd_config.

<cli>

sudo nano /etc/ssh/sshd_config

</cli>

  * Ensure the following lines are present and set to Yes:

<code bash>

AllowTcpForwarding yes
GatewayPorts yes

</code>

  * Restart the SSH server to apply changes.

<cli>
sudo systemctl restart sshd
</cli>
==== Installing SSH Client ====

  * SSH client should be installed on the local computer.


  * For Unix-like systems, SSH client is usually pre-installed.


  * For Windows, consider using OpenSSH package from MSYS2 or Cygwin, or Putty as an alternative.



===== Local Port Forwarding =====


==== Definition and Usage ====

  * Local port forwarding allows forwarding traffic from a port on the local machine to a destination server via an SSH server.


==== Examples ====

=== Forwarding Database Traffic ===

<cli>
ssh -L 4000:127.0.0.1:3306 user@example.com

</cli>

  * This command forwards traffic from port 4000 on the local machine to port 3306 (MySQL) on the remote server.


  * After executing this command, you can connect to the database on the local machine using port 4000.

=== Forwarding Multiple Ports ===

<cli>
ssh -L 5901:127.0.0.1:5901 -L 4000:127.0.0.1:3306 user@example.com

</cli>

  * This command forwards traffic from port **5901** (**VNC**) and port **4000** (**MySQL**) on the local machine to the respective ports on the remote server.

== Note ==
    VNC stands for Virtual Network Computing. It is a graphical desktop sharing system that allows users to remotely control and interact with graphical desktops of computers or servers over a network connection.

=== Forwarding to Internal Servers ===

<cli>
ssh -L 4000:server003.local:3306 user@example.com
</cli>

  * This command forwards traffic from port **4000** on the local machine to port **3306** (**MySQL**) on a server named **server003.local** within the internal network.




===== Remote Port Forwarding =====

  
==== Definition and Usage ====

  * Remote port forwarding forwards traffic from a port on the SSH server to the local machine.


==== Examples ====


=== Sharing Local Web Application ===

<cli>
ssh -R 7000:127.0.0.1:8000 user@example.com
</cli>

  * This command forwards traffic from port 7000 on the remote server to port 8000 (web application) on the local machine.


  * Users can access the web application hosted on the local machine by visiting **http://example.com:7000**.


=== Configuring Remote Access to Local Resources ===


<cli>
ssh -R 8080:192.168.100.1:8000 user@example.com

</cli>


  * This command forwards traffic from port 8080 on the remote server to port 8000 (web application) on the local machine at IP **192.168.100.1**.


  * Allows remote access to a locally hosted web application.


===== Dynamic Port Forwarding =====


==== Definition and Usage ====



  * Dynamic port forwarding creates a SOCKS proxy on the local machine, allowing traffic to be forwarded through the SSH server dynamically.


==== Configuring Dynamic Port Forwarding ====


<cli>
ssh -D 4000 user@example.com
</cli>

  * This command creates a SOCKS proxy on port 4000 on the local machine, using the **SSH** server as a gateway.


  * Applications can be configured to use this proxy for secure communication.


==== Applications and Settings ====


  * Configure application settings to use **SOCKS** proxy.


  * Consider using browser extensions for easy proxy setup.


===== Additional Tips and Best Practices =====

  

==== Disabling Shell and Running in Background ====

  * Use **-N** flag to disable shell when not needed.


  * Use **-f** flag to run SSH in the background.


==== Considerations for Proxy Usage ====

  * Avoid running **HTTP** servers on remote machines when using SSH as a **proxy**.




----


 --- //[[nadirhabib96@gmail.com|Nadir Habib]] 2024/03/30 21:17//