Skip to content

Instantly share code, notes, and snippets.

@gkastrinis
Last active June 3, 2020 13:50
Show Gist options
  • Save gkastrinis/0d05ab2f49ca67f18fc73c96e09f28d6 to your computer and use it in GitHub Desktop.
Save gkastrinis/0d05ab2f49ca67f18fc73c96e09f28d6 to your computer and use it in GitHub Desktop.
SSH Tunneling (a.k.a. Port Forwarding)

SSH Tunneling (a.k.a. Port Forwarding)

In general, SSH tunneling creates a secure connection between a local computer and a remote machine through which services can be relayed (the important part). Because the connection is encrypted, SSH tunneling is useful for transmitting information that uses an unencrypted protocol, such as IMAP, VNC, or IRC (the not-so-important part).

A case where I found this to be a useful technique was when I had a remote machine running a web server but because of various reasons (e.g. security concerns) there was no public open port available (that I could use). If such a port existed (e.g. 9876), I could simply access the web server from my favorite web browser just by providing the appropriate URL address (e.g. http://example.com:9876). But fortunately enough, I had SSH access to that remote machine.

This is how it works:

  1. On the remote machine, the web server is running using whatever (maybe non-public) port we like (e.g. 9876)
  2. Use SSH to connect to the remote machine, but in a specific way that will forward a port on the remote machine to a port on our local computer (e.g. 8080) -- this is the important part
  3. On our local computer, we use our web browser to access the web server by providing the following URL address: http://localhost:8080

The important part

Linux local computer (more info)

We connect to our remote machine using ssh -L 8080:localhost:9876 george@example.com

Windows local computer (more info)

One simple solution is using an SSH client like PuTTY (or my prefered alternative/fork KiTTY).

  1. Go to "Connection" -> "SSH" -> "Tunnels"
  2. Tick the option "Remote ports do the same (SSH-2 only)"
  3. In the "Source port" field use 8080
  4. In the "Destination" field use example.com:9876
  5. Click "Add"
  6. Connect to the remote machine
@redouans1982
Copy link

hi,
its possible to do this setting with SecureCRT?
Thanks

@bolodecenouracomcafe
Copy link

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment