Every network device has an IP address, which can be either public or private. Public IPs are used globally, while private IPs are reserved for internal networks such as 192.168.x.x or 10.0.x.x. Regardless of whether it’s through a router’s public IP or a device’s private IP, data requests allow us to connect to the Internet.
In this tutorial, we will show you how to create SSH tunnels in Linux. We will cover local, dynamic, and remote port forwarding.
What is SSH Tunneling?
SSH tunneling, also called SSH port forwarding, is a way to securely transmit data between a client and a server system. It allows you to relay ports used by services over an encrypted SSH connection.
SSH forwarding is useful for sending network data from services that don’t have encryption, like VNC or FTP. It can also help access restricted content based on location and bypass intermediate firewalls. In simple terms, you can forward any TCP port and have the communication sent through a secure SSH connection.
SSH port forwarding can be divided into three categories:
Local port forwarding allows you to access a service on a remote machine from your local machine. For example, you could use local port forwarding to access a web server that is running on a remote machine from your local computer.
Remote port forwarding allows you to access a service on your local machine from a remote machine. For example, you could use remote port forwarding to access a file share that is shared from your local computer from a remote machine.
Dynamic port forwarding allows you to create a SOCKS proxy server that permits communication over a variety of ports. This can be useful for bypassing firewalls or accessing geo-restricted content.
This tutorial explains how to create encrypted SSH tunnels on a local, remote, and dynamic level.
Local SSH Port Forwarding
Local port forwarding allows you to access a remote service on an internal network from your local computer. This can be useful for accessing a database, VNC server, or other service that is not accessible from the internet.
To set up local port forwarding, you will need to know the IP address of the remote server and the port number of the service you want to access. You can then use the ssh command to create a local port forwarding tunnel.
To create a local port forwarding, use the following command:
ssh -L [LOCAL_IP:]LOCAL_PORT:DESTINATION:DESTINATION_PORT [USER@]SSH_SERVER
The following are the options that were used:
[LOCAL_IP:]LOCAL_PORT — The IP address and port number of the local machine. The ssh client binds to localhost if LOCAL_IP is not specified.
DESTINATION: DESTINATION_PORT — The destination machine’s IP address or hostname, as well as its port.
[USER@]SERVER_IP — IP address and the remote SSH user.
Example
ssh -L 3306:192.168.1.100:3306 user@remote_server
This command will create a local port forwarding tunnel on port 3306 on your local computer. Any connections to this port will be forwarded to the remote server on port 3306.
Once you have created the local port forwarding tunnel, you can access the database on the remote server by connecting to localhost:3306.
If you need to access a service that is not accessible from the internet, local port forwarding is a great option.
Remote SSH Port Forwarding
Remote port forwarding allows you to access a remote server’s port from your local machine. This can be useful for accessing resources that are not accessible from the public internet, such as internal web servers.
To use remote port forwarding, you will need to know the IP address of the remote server and the port number of the resource you want to access. You can then use the following command:
ssh -R [REMOTE:]REMOTE_PORT:DESTINATION:DESTINATION_PORT [USER@]SSH_SERVER
[REMOTE:]REMOTE_PORT — The remote SSH server’s IP address and port number. The remote SSH server will bind to all interfaces if REMOTE is left empty.
Example
ssh -R 8080:localhost:8080 [USER@]SSH_SERVER
Once you have created a remote port forwarding, you will be able to access the resource on the remote server by connecting to your local machine on the specified port. In the example above, you would connect to your local machine on port 8080 to access the web server on the remote server.
Note: Remote port forwarding can also be used to access resources that you do not have access to. If you are concerned about security, you should only use remote port forwarding with trusted servers.
Dynamic SSH Port Forwarding
Dynamic SSH Port Forwarding is a method of port forwarding that allows you to access a full range of TCP communications through a range of ports. This is different from local port forwarding and remote port forwarding, which only allow you to communicate with a separate port.
To use Dynamic SSH Port Forwarding, you need to set up your machine as a SOCKS proxy server. You can do this by using the -D option when you run the ssh command. For example, the following command will start a SOCKS proxy on port 1090:
ssh -f -N -D 1090
admin@server1.temp.com
Once you have set up a SOCKS proxy server, you can make applications on your machine use it. To do this, you need to configure the application to use the SOCKS proxy server. For example, in Chrome, you can configure the SOCKS proxy server in the Network settings.
Note that the SOCKS proxy server will stop working after the ssh session is closed.
Here are some of the benefits of using Dynamic SSH Port Forwarding:
It allows you to access a full range of TCP communications through a range of ports.
It is a secure way to access remote resources.
It is easy to set up and use.
If you need to access a full range of TCP communications through a range of ports, then Dynamic SSH Port Forwarding is a great option. It is a secure and easy way to do this.
Conclusion
In this article, we have learned about how to create SSH tunnels using port forwarding (local, remote, and dynamic) and how to use them to access resources on remote servers. In short, SSH tunnels are a powerful tool that can be used to securely connect to remote servers.