- How to Create SSH Tunneling or Port Forwarding in Linux
- Testing Environment:
- Local SSH Port Forwarding
- Remote SSH Port Forwarding
- Dynamic SSH Port Forwarding
- How To Create An SSH Tunnel Or Port Forward In Linux
- What Is SSH Port Forwarding?
- Tutorial Setup SSH Tunneling Or SSH port Forwarding In Linux
- Local SSH Port Forwarding
- Remote SSH Port Forwarding
- Dynamic SSH Port Forwarding
- Conclusion
How to Create SSH Tunneling or Port Forwarding in Linux
SSH tunneling (also referred to as SSH port forwarding) is simply routing the local network traffic through SSH to remote hosts. This implies that all your connections are secured using encryption. It provides an easy way of setting up a basic VPN (Virtual Private Network), useful for connecting to private networks over unsecure public networks like the Internet.
You may also be used to expose local servers behind NATs and firewalls to the Internet over secure tunnels, as implemented in ngrok.
SSH sessions permit tunneling network connections by default and there are three types of SSH port forwarding: local, remote and dynamic port forwarding.
In this article, we will demonstrate how to quickly and easily set up SSH tunneling or the different types of port forwarding in Linux.
Testing Environment:
For the purpose of this article, we are using the following setup:
- Local Host: 192.168.43.31
- Remote Host: Linode CentOS 7 VPS with hostname server1.example.com.
Usually, you can securely connect to a remote server using SSH as follows. In this example, I have configured passwordless SSH login between my local and remote hosts, so it has not asked for user admin’s password.
Local SSH Port Forwarding
This type of port forwarding lets you connect from your local computer to a remote server. Assuming you are behind a restrictive firewall or blocked by an outgoing firewall from accessing an application running on port 3000 on your remote server.
You can forward a local port (e.g 8080) which you can then use to access the application locally as follows. The -L flag defines the port forwarded to the remote host and remote port.
$ ssh [email protected] -L 8080:server1.example.com:3000
Adding the -N flag means do not execute a remote command, you will not get a shell in this case.
$ ssh -N [email protected] -L 8080:server1.example.com:3000
The -f switch instructs ssh to run in the background.
$ ssh -f -N [email protected] -L 8080:server1.example.com:3000
Now, on your local machine, open a browser, instead of accessing the remote application using the address server1.example.com:3000, you can simply use localhost:8080 or 192.168.43.31:8080 , as shown in the screenshot below.
Remote SSH Port Forwarding
Remote port forwarding allows you to connect from your remote machine to the local computer. By default, SSH does not permit remote port forwarding. You can enable this using the GatewayPorts directive in your SSHD main configuration file /etc/ssh/sshd_config on the remote host.
Open the file for editing using your favorite command-line editor.
$ sudo vim /etc/ssh/sshd_config
Look for the required directive, uncomment it, and set its value to yes , as shown in the screenshot.
Save the changes and exit. Next, you need to restart sshd to apply the recent change you made.
$ sudo systemctl restart sshd OR $ sudo service sshd restart
Next run the following command to forward port 5000 on the remote machine to port 3000 on the local machine.
Once you understand this method of tunneling, you can easily and securely expose a local development server, especially behind NATs and firewalls to the Internet over secure tunnels. Tunnels such as Ngrok, pagekite, localtunnel, and many others work in a similar way.
Dynamic SSH Port Forwarding
This is the third type of port forwarding. Unlike local and remote port forwarding which allows communication with a single port, it makes possible, a full range of TCP communications across a range of ports. Dynamic port forwarding sets up your machine as a SOCKS proxy server that listens on port 1080, by default.
For starters, SOCKS is an Internet protocol that defines how a client can connect to a server via a proxy server (SSH in this case). You can enable dynamic port forwarding using the -D option.
The following command will start a SOCKS proxy on port 1080 allowing you to connect to the remote host.
From now on, you can make applications on your machine use this SSH proxy server by editing their settings and configuring them to use it, to connect to your remote server. Note that the SOCKS proxy will stop working after you close your SSH session.
Summary
In this article, we explained the various types of port forwarding from one machine to another, for tunneling traffic through the secure SSH connection. This is one of the very many uses of SSH. You can add your voice to this guide via the feedback form below.
Attention: SSH port forwarding has some considerable disadvantages, it can be abused: it can be used to bypass network monitoring and traffic filtering programs (or firewalls). Attackers can use it for malicious activities. In our next article, we will show how to disable SSH local port forwarding. Stay connected!
How To Create An SSH Tunnel Or Port Forward In Linux
[Updated] Each device on a network has an IP. There are two types of IPs: public and private. Public IP addresses are available anywhere in the world. But private types are used in internal networks. Such as 192.168x.x, or 10.0x.x. In order to receive information from the Internet, data requests are exchanged with either a public IP address owned by the router or a private IP address corresponding to the address of the computer or any other device connected to the network. SSH forwarding is useful for transporting network data of services that use an unencrypted protocol. In this article, you will learn How To Create an SSH Tunnel or Port Forward in Linux. Visiting various packages of Eldernode will fulfill your expectations to buy your own Linux VPS.
What Is SSH Port Forwarding?
SSH tunneling or SSH port forwarding is quite simply able to route internal network traffic to remote hosts through SSH tunnels. This means that all incoming traffic is secured through encryption. This solution provides a simple way to create a VPN tunnel that is a practical way to connect to private networks over the Internet. It may also use the Internet platform to access servers located behind NAT or firewalls. SSH sessions allow tunneling of all network communications by default. There are currently three methods for SSH port forwarding: Local, Remote, and Dynamic. Normally we can securely connect to our server using SSH.
Tutorial Setup SSH Tunneling Or SSH port Forwarding In Linux
The SSH Tunnel (also known as SSH port forwarding) is actually the easy routing of local network traffic via SSH to remote hosts. This way all your connections are secure using encryption. This provides an easy way to define a VPN (Virtual Private Network), which connects to private networks through insecure public networks such as the Internet. You may also access the local servers behind NAT and Firewall from a secure tunnel platform, as implemented in ngrok.
By default, SSH sessions allow tunneling for network communication. There are also three types of SSH port forwarding:
We continue this example with respect to the default values below:
Local Host: YourIPAddress
Remote host: server1.example.com
You can securely connect to a remote server using SSH as in the example below. I have configured the ssh login without a password between remote and local hosts, so I am not asked for a password.
Local SSH Port Forwarding
This type of port forwarding allows you to connect to a remote server from your local computer. Suppose you are behind a restricted firewall or are blocked by an output firewall from accessing an application running on port 3000 on your remote server. You can forward a local port (for example 8080) that you can use to access the application locally.
Note: The -L option is for defining the forwarded port to the remote host and remote port.
ssh [email protected] -L 8080: server1.example.com:3000
Adding the -N option means not executing a remote command, in which case you will not receive a shell.
ssh -N [email protected] -L 8080: server1.example.com:3000
The -f option executes the ssh command in the background environment.
Now open a browser on your local machine instead of accessing the remote app. Instead of using server1.example.com:3000, you can easily use localhost: 8080 or YouIPAddress: 8080 as shown below:
Remote SSH Port Forwarding
Remote SSH Port Forwarding allows you to connect to your local computer from your remote machine.
Note: By default, ssh does not allow remote port forwarding. You can enable it using the GatewayPorts section in the main sshd settings located in the etc/ssh/sshd_config/ config file on your remote host.
Open the file and edit it using your favorite text editor:
sudo vim /etc/ssh/sshd_config
Look for the desired section and remove it from the comment and set its value as yes as below:
Save the changes and exit. Then in order to apply the changes you need to restart the sshd service:
sudo systemctl restart sshd
sudo service sshd restart
Then, run the following command to forward port 5000 on the remote machine to port 3000 on the local machine:
Once you understand this method of tunneling, you can easily and securely publish a local programming server, especially if it is behind NAT and Firewall.
Tunnels like Ngrok, pagekite, localtunnel, and countless other methods all work the same way.
Dynamic SSH Port Forwarding
This is the third method of port forwarding. Unlike local port forward and remote, which made it possible to communicate with a separate port, this method allows for a full range of TCP communications through a range of ports.
The Dynamic Port Forwarding method sets up and defines your machine as a SOCKS proxy server that is playing by default on port 1080.
For starters, SOCKS is an Internet protocol that defines how a client connects to a server through a proxy server (here SSH). You can enable Dynamic Port Forwarding with the -D option.
The following command starts a SOCKS proxy on port 1080 that allows you to connect to a remote host.
From now on, you can make applications on your machine use this SSH Proxy server. All you have to do is configure them to use this server.
Note that Socks Proxy will stop working after session ssh is closed.
Conclusion
In this article, we have explained the different types of port forwarding from one machine to another and tunneling traffic through a secure SSH connection. This is one of the many uses of SSH. Port forwarding ssh has significant drawbacks, this command can have adverse effects. Can be used to bypass network monitoring and traffic filtering (or firewall) applications. Hackers can use it for their malicious activities. If you are interested in learning more, find our articles on Setup SSH Tunnel With Putty and Port Forwarding On Mikrotik.
Click on a star to rate it!
Average rating 0 / 5. Vote count: 0
No votes so far! Be the first to rate this post.