SSH tunneling/ Port Forwarding

Gayan July 08, 2022





The ability to create SSH tunnels is probably the coolest, if not the most popular, SSH feature. Another name for this is port forwarding, which is a little more precise. SSH can send all traffic intended for a local TCP port across an SSH session to a port on another server via an encapsulated tunnel. For administrators, this is very helpful. Ingenious UNIX administrators can use it to "get around" some firewall restrictions and secure traffic that is typically sent in clear text.SSH tunneling is useful for transmitting information that uses an unencrypted protocol, such as IMAP, VNC, or IRC.


Types of port forwarding.

Local port forwarding:

  Local port forwarding allows you to forward a port on the local (ssh client) machine to a port on the remote (ssh server) machine, which is then sent to a port on the destination machine.




There is a Server and a Client, where there is a user called Bob at the server. Bob needs to connect to the website running at port 80 on the server. But this is not accessible due to the firewall blocking.

ssh -L [LOCAL_IP:]LOCAL_PORT:DESTINATION:DESTINATION_PORT [USER@]SSH_SERVER

The options used are as follows:

  • [LOCAL_IP:]LOCAL_PORT - The local machine IP address and port number. When LOCAL_IP is omitted, the ssh client binds on the localhost.
  • DESTINATION:DESTINATION_PORT - The IP or hostname and the port of the destination machine.
  • [USER@]SERVER_IP - The remote SSH user and server IP address.

Command to add at the client:


ssh -L 8080:10.10.10.1:80 -N bob@10.10.10.1

In another window (on Client ) run wget through the tunnel

wget http://localhost:8080/hello.html

and try in the browser as well if you are using OS with GUI.

Things to remember:

You can use any port number greater than 1024 as a LOCAL_PORT. Ports numbers less than 1024 are privileged ports and can be used only by root. If your SSH server is listening on a port other than 22 (the default), use the -p [PORT_NUMBER] option.

Other Port Forwarding Options :

Remote port forwarding: Remote port forwarding is the opposite of local port forwarding. It allows you to forward a port on the remote (ssh server) machine to a local (ssh client) machine, which is then forwarded to a port on the destination machine.
Dynamic port forwarding: connections from various programs are forwarded via the SSH client, then via the SSH server, and finally to several destination servers


Gayan

Posted by Gayan

Post a Comment

0 Comments