elosys:ssh_tunneling

This is an old revision of the document!

SSH Port Forwarding (Tunneling)

SSH (Secure Shell) is a widely used protocol for system administration and file transfer. It provides secure encrypted communication between two hosts over an insecure network. One of the key features of SSH is port forwarding, also known as SSH tunneling, which allows users to create encrypted connections and forward network traffic through SSH sessions. This guide will provide a comprehensive overview of SSH port forwarding, including its types and practical examples.

Prerequisites

  • Before you begin using SSH port forwarding, ensure the following prerequisites are met:

Checking SSH Server Configuration

  • If using OpenSSH server, ensure AllowTcpForwarding and GatewayPorts options are appropriately configured in sshd_config.
sudo nano /etc/ssh/sshd_config
  • Ensure the following lines are present and set to Yes:
AllowTcpForwarding yes
GatewayPorts yes
  • Restart the SSH server to apply changes.
sudo systemctl restart sshd

Installing SSH Client

  • SSH client should be installed on the local computer.
  • For Unix-like systems, SSH client is usually pre-installed.
  • For Windows, consider using OpenSSH package from MSYS2 or Cygwin, or Putty as an alternative.

Local Port Forwarding

Definition and Usage

  • Local port forwarding allows forwarding traffic from a port on the local machine to a destination server via an SSH server.

Examples

Forwarding Database Traffic

ssh -L 4000:127.0.0.1:3306 user@example.com
  • This command forwards traffic from port 4000 on the local machine to port 3306 (MySQL) on the remote server.
  • After executing this command, you can connect to the database on the local machine using port 4000.

Forwarding Multiple Ports

ssh -L 5901:127.0.0.1:5901 -L 4000:127.0.0.1:3306 user@example.com
  • This command forwards traffic from port 5901 (VNC) and port 4000 (MySQL) on the local machine to the respective ports on the remote server.
Note
  VNC stands for Virtual Network Computing. It is a graphical desktop sharing system that allows users to remotely control and interact with graphical desktops of computers or servers over a network connection.

Forwarding to Internal Servers

ssh -L 4000:server003.local:3306 user@example.com
  • This command forwards traffic from port 4000 on the local machine to port 3306 (MySQL) on a server named server003.local within the internal network.

Remote Port Forwarding

Definition and Usage

Examples

Sharing Local Web Application

Configuring Remote Access to Local Resources

Dynamic Port Forwarding

Definition and Usage

Configuring Dynamic Port Forwarding

Applications and Settings

Additional Tips and Best Practices

Disabling Shell and Running in Background

Considerations for Proxy Usage

Security Considerations

  • elosys/ssh_tunneling.1711813635.txt.gz
  • Last modified: 2024/03/30 15:47
  • by nadir