Basic SSH Tunneling and port forwarding
Just the other day I was looking for a good HowTo guide for SSH tunnelling in Linux but I could not exactly what I was looking for. So once I found all the information I needed I thought I should write so someone - perhaps me - might find it useful in future.
The basics - What exactly is SSH tunnelling
SSH tunnelling allows you to encrypt data between two servers. The data is transported via SSH. This mean the remote server treats the data coming from the tunnel as its own data. Common uses for SSH include encrypting data to and from email servers and bypassing firewall restrictions on company networks to all remote access to servers using VNC.
In my case I had a network that was only accessible from one of my company servers and I wanted to access it from my desk without first logging into the other server. I know there are other possibly better ways to do this but I want to try this method.
How To Use It
Here is an example command to set up an SSH tunnel:
To break the command down:
With this example if the server you set up the tunnel on was called myserver.com you could connect to some-server.com using the following command:
Note: Although you are pointing SSH at myserver.com the SSH tunnel forwards the connection to some-server.com so the user name and password should match that server and not myserver.com. This confuses SSH a bit because it believes the identity of the server has changed.
The basics - What exactly is SSH tunnelling
SSH tunnelling allows you to encrypt data between two servers. The data is transported via SSH. This mean the remote server treats the data coming from the tunnel as its own data. Common uses for SSH include encrypting data to and from email servers and bypassing firewall restrictions on company networks to all remote access to servers using VNC.
In my case I had a network that was only accessible from one of my company servers and I wanted to access it from my desk without first logging into the other server. I know there are other possibly better ways to do this but I want to try this method.
How To Use It
Here is an example command to set up an SSH tunnel:
ssh -f user@some-server.com -L 3865:some-server.com:22 -NTo break the command down:
- -f tells SSH to go into the background.
- -N tells SSH not to execute any commands. If you do not include this it will drop you into a shell as normal.
- The login is the normal login you would use to log into the server.
- -L 3865:some-server.com:22 sets up the tunnel. Importantly it tells SSH to listen on port 3865 and forward the data to port 22 on the host given - in this case some-server.com.
With this example if the server you set up the tunnel on was called myserver.com you could connect to some-server.com using the following command:
ssh user@myserver.com -p 3865
Note: Although you are pointing SSH at myserver.com the SSH tunnel forwards the connection to some-server.com so the user name and password should match that server and not myserver.com. This confuses SSH a bit because it believes the identity of the server has changed.
Comments