SSH Tunneling (a.k.a. Port Forwarding)
In general, SSH tunneling creates a secure connection between a local computer and a remote machine through which services can be relayed (the important part). Because the connection is encrypted, SSH tunneling is useful for transmitting information that uses an unencrypted protocol, such as IMAP, VNC, or IRC (the not-so-important part).
A case where I found this to be a useful technique was when I had a remote machine running a web server but because of various reasons (e.g. security concerns) there was no public open port available (that I could use).
If such a port existed (e.g.
9876), I could simply access the web server from my favorite web browser just by providing the appropriate URL address (e.g.
But fortunately enough, I had SSH access to that remote machine.
This is how it works:
- On the remote machine, the web server is running using whatever (maybe non-public) port we like (e.g.
- Use SSH to connect to the remote machine, but in a specific way that will forward a port on the remote machine to a port on our local computer (e.g.
8080) -- this is the important part
- On our local computer, we use our web browser to access the web server by providing the following URL address:
The important part
We connect to our remote machine using
ssh -L 8080:localhost:9876 firstname.lastname@example.org
- Go to "Connection" -> "SSH" -> "Tunnels"
- Tick the option "Remote ports do the same (SSH-2 only)"
- In the "Source port" field use
- In the "Destination" field use
- Click "Add"
- Connect to the remote machine