Skip to content

How to Use ssh tunnel

homepage-banner

SSH Tunneling allows you to access resources on a remote server or allow others to access your local resources. You may need to set up SSH tunneling in two scenarios: 1) when you want to access remote resources that you can’t normally access, and 2) when you want people from outside your network to access your locally hosted web server.

In simple terms, SSH tunneling (also known as port forwarding) is a mechanism in OpenSSH that allows you to tunnel an application from your client machine to a server machine. Local port forwarding allows you to forward a port on your local computer to the SSH server hosted on the remote server.

There are three different types of SSH tunneling methods, each of which we will explain with examples in this tutorial.

Local Port Forwarding

Local port forwarding is used to forward a connection from a machine on the local network to the SSH server and then to the destination port. For example, if your web server is hosted on the local IP address of your office machine, and you want to access it from your home computer, you can use local port forwarding.

Generally, local port forwarding is used to connect to a remote service on an internal network, like a VNC or web server.

To understand local port forwarding better, let’s use an example:

  • Your web server is running on your office machine on port 80, and its local IP is 192.168.0.100.
  • An SSH server is running in your office server on port 22, and its public IP is 10.10.0.12.
  • You have a Linux machine at home with an SSH client installed.

Question: How can you connect to your web server running on your office machine from your Linux machine at home?

Solution:

On your Linux machine at home, open a terminal window and create a local port forwarding with the following command:

ssh -L 8080:192.168.0.100:80 -f root@10.10.0.12

You will be asked to provide the root password of the server located at 10.10.0.12 to finish the port forwarding.

Now, open a web browser on your Linux machine at home and type the URL http://localhost:8080. You will be able to access the webserver hosted on your office machine.

Remote Port Forwarding

Remote port forwarding is the opposite of local forwarding. It allows you to make a resource on your local machine available on the SSH server. With remote port forwarding, you can forward a port on the remote SSH server to a port on the local SSH client machine, and then forward to a port on the destination machine.

To better understand remote port forwarding, let’s consider an example. Suppose you are developing a web application on your local machine and want to show a presentation to another developer in a remote location. You have access to a remote SSH server that runs on the public IP 10.10.0.11, but your web application runs on port 80 on your local machine.

To set up remote port forwarding on your local machine, enter the following command:

ssh -R 8080:127.0.0.1:80 -N -f root@10.10.0.11

This command will make the remote SSH server listen on port 8080 and tunnel all traffic from this port to your local machine on port 80.

Now, another developer can access your web application using the URL http://10.10.0.11:80.

Dynamic Port Forwarding

Dynamic port forwarding is similar to a proxy or VPN that allows communication across a range of ports. With this option, an SSH server can act as a SOCKS proxy server. Dynamic port forwarding is useful when you are using a public Wi-Fi network and want to browse the internet securely without being snooped on.

To use dynamic port forwarding, you need live SSH server access located at your home, office, or cloud machine. Then, connect to the live SSH server and create a dynamic port forwarding. This will create a SOCKS proxy on your PC, and all traffic sent to that proxy will be sent over the SSH server connection, securing your browsing history.

To create a dynamic port forwarding, open your terminal and run the following command:

ssh -D 8080 root@ssh-server-ip

After that, open your web browser and configure a proxy to use 127.0.0.1 and port 8080. This will redirect all traffic from your browser through the tunnel.

Conclusion

In the guide above, you learned how to configure and use SSH tunneling in three different ways. I hope you now have enough knowledge of SSH tunneling and port forwarding.

Small world. Big idea!
  • Welcome to visit the knowledge base of SRE and DevOps!
  • License under CC BY-NC 4.0
  • No personal information is collected
  • Made with Material for MkDocs and generative AI tools
  • Copyright issue feedback me#imzye.com, replace # with @
  • Get latest SRE news and discuss on Discord Channel