Creating a secure connection between the local host and the remote host is called SSH tunneling or port forwarding. All connections made by SSH tunneling are encrypted.  This feature of SSH is useful for many purposes, such as managing the database of the restricted server safely, implementing basic VPN (Virtual Private Network), using different services without opening port on the firewall, etc. SSH port forwarding can be done in three different ways. These are local port forwarding, remote port forwarding, and dynamic port forwarding. The ways to use SSH tunneling or port forwarding have been explained in this tutorial.

Prerequisites

Before starting the steps of this tutorial, the following steps will be required to complete.

A. Enable the SSH service on Ubuntu if it is not enabled before.

B. Generate the SSH Key pairs to execute the commands in the remote server. Run the following command to create the public key and the private key. The private key will be stored in the remote server, and the public keys will be stored in the client securely.

C. Run the following command to open the sshd_config file using nano editor to add some necessary configurations.

$ sudo nano /etc/ssh/sshd_config

Add the following lines in the file to enable the root login and password-based authentication.

PasswordAuthentication yes


PermitRootLogin yes

D. Run the following command to restart the SSH service.

$ sudo service ssh restart

Local Port Forwarding

It is used to forward a port from the client machine to a port of the server machine, and next, that will be forwarded to the destination machine. The client machine listens on a given port and tunnels the connection from that port to the particular port of the server machine in this type of forwarding. Here, the destination machine can be any remote server or another machine. This forwarding is mainly used on the internal network such as VNC (Virtual Network Computing) server.

Remote Port Forwarding

The opposite of the local port forwarding is remote port forwarding. It is used to forward a port from the server machine to a port of the client machine, and next, that will be forwarded to the destination machine. The server machine listens on a given port and tunnels the connection from that port to the particular port of the client machine in this type of forwarding. Here, the destination machine can be any local machine or another machine.

Dynamic Port Forwarding

It is used to create a socket on the client machine that will work as a SOCKS proxy server, and when a client connects to the port, the connection will be forwarded to the server machine. Next, it will forward to the dynamic port of the destination machine. The applications using SOCKS proxy will connect to the server machine that will forward the traffics to the destination machine.

Examples of SSH tunneling or port forwarding

The SSH tunneling and port forwarding examples have been shown here using two local server accounts. You can follow the same process for the remote server. Here, the username of the server machine is ‘fahmida,’ and the username of the client machine is ‘Yasmin. Three types of SSH port forwarding have been shown here by three examples.

A. Access remote resources from the client machine

The resources of the remote machine can be accessed from the client machine by using local port forwarding. It will normally connect to the SSH server, but in this case, you have to use the -L option with ssh command by defining the local port, remote address, and remote port. The syntax of the local port forwarding is given below.

ssh -L local_port:remote_address:remote_port <a href="mailto:[email protected]“>[email protected]

Suppose the local port number is 8080, the IP address of the remote server is 10.0.2.15, and the remote port number is 80. Run the following command to connect with the server machine by local port forwarding. Here, the hostname of the remote machine is ‘fahmida.com.bd.’

$ ssh -L 8080:10.0.2.15:80 <a href="mailto:[email protected]“>[email protected]

After connecting with the remote machine, the user of the client machine will be able to access any content from the remote machine that has been shown here.  A text file named log.txt exists in the remote machine. Now, run the following command from the client machine to read the file’s content after login into the remote machine.

Run the following commands to log out from the remote machine.

The following similar output will appear after executing the above commands. The output shows the content of the text file from the remote machine and the next log out from the remote machine.

<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2021/06/echo/use-SSH-tunneling-port-forwarding-01-1.png" data-lazy- height="191" src="data:image/svg xml,” width=”1037″>

B. Access local resources from the server machine

The resources of the local machine can be accessed from the server machine by using remote port forwarding. It will normally connect to the SSH server, but in this case, you have to use the -R option with ssh command by defining the remote port, local address, and local port. The syntax of the remote port forwarding is given below.

ssh -R remote_port:local_address:local_port [email protected]

Suppose the remote port number is 22, the hostname of the local server is localhost, and the local port number is 2345. Run the following command to connect with the server machine by remote port forwarding. Here, the hostname of the remote machine is ‘fahmida.com.bd.’

$ ssh -R 22:localhost:2345  <a href="mailto:fa[email protected]“>[email protected]

After connecting with the remote machine, the remote machine user will access any content from the remote machine shown here.  A text file named products.txt exists in the home directory of the client machine. Now, run the following command after connecting with the remote machine to read the content of the local file.

$ cat /home/yesmin/products.txt

Run the following commands to log out from the remote machine.

[cc lang=”text”  width=”100%” height=”100%” escaped=”true” theme=”blackboard” nowrap=”0″]

$ exit

The following similar output will appear after executing the above commands. The output shows the content of the text file from the client machine and the next log out from the remote machine.

<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2021/06/echo/use-SSH-tunneling-port-forwarding-02.png" data-lazy- height="389" src="data:image/svg xml,” width=”1037″>

C. Using SSH server as a proxy server

Dynamic port forwarding is mainly used to access the particular application of the internal network by using a SOCKS proxy. The -D option is used with ssh command for dynamic port forwarding. The syntax of the dynamic port forwarding is given below.

ssh -D local_port [email protected]

Suppose the local port number is 5050. Run the following command to open a SOCKS proxy at the 5050 port. Now, the user can configure any browser or application to use the local IP address and the 5050 port for redirecting all traffic through the tunnel.

$ ssh -D 5050 <a href="mailto:[email protected]“>[email protected]

<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2021/06/echo/use-SSH-tunneling-port-forwarding-04.png" data-lazy- height="383" src="data:image/svg xml,” width=”1037″>

Conclusion

Three different ways of SSH port forwarding have been described in this tutorial for helping the readers to understand the concept of SSH tunneling or port forwarding.

About the author

<img alt="" data-del="avatar" data-lazy-src="https://kirelos.com/wp-content/uploads/2021/06/echo/channel-logo.jpg60cd156770289.jpg" height="112" src="data:image/svg xml,” width=”112″>

Fahmida Yesmin

I am a trainer of web programming courses. I like to write article or tutorial on various IT topics. I have a YouTube channel where many types of tutorials based on Ubuntu, Windows, Word, Excel, WordPress, Magento, Laravel etc. are published: Tutorials4u Help.