Search

Home >> Knowledgebase >> TCP/IP >> Port forwarding using SSH

Port forwarding using SSH

What is SSH port forwarding

SSH port forwarding is a technique used in networking where the network traffic belongs to an insecure TCP/IP protocol is secured by sending and receiving the insecure network traffic within an SSH tunnel. SSH port forwarding is also called as SSH tunneling.

The network traffic belongs to SSH is encrypted and authenticated so that the traffic is protected from the prying eyes of malicious users.

Protocols which are insecure, (for example TELNET, FTP, or SMTP) can use secure protocol SSH to create a secure tunnel through insecure public network (like internet) to make network traffic much more secure. Click the following link to know why some network protocols are insecure; why TELNET is not a secure protocol.

ssh-port-forwarding.gif

SSH Jump Servers

Before discussing deeper, let us discuss a term called "SSH Jump Server". A "SSH Jump Server" is normally a hardened Linux/Unix machine with SSH services installed.

A Jump server’s acts as an intermediate SSH device between a local server and a remote SSH client. Security of internal servers can be improved much better, because only the Jump Server is exposed directly to the public internet. Of course, if the Jump Server is compromised, internal servers can also be easily compromised.

ssh-jump-server.gif

There are three types of port forwarding in SSH.

  • SSH Local port forwarding
  • SSH Remote port forwarding
  • SSH Default port forwarding

SSH Local port forwarding

SSH local port forwarding allows you to tunnel the network traffic belongs to an insecure protocol to a remote SSH server, securely. At the remote server, the SSH server daemon will handover the secured network traffic to corresponding insecure protocol and will carry back response from insecure protocol back to SSH client.

The command syntax for using ssh local port forwarding is as below. 


ssh -L local_IP_Address:local_port:remote_ip_address:remote_port login_id_at_remote_server@remote_ip_address

SSS local port forwarding command is explained below.

  • ssh : SSH client program.

  • -L : Local port forwarding.

  • local_IP_Address : IP address of the local computers interface you want SSH client to listen.

  • local_port : Local port you want SSH client to listen. Try to avoid well-known ports.

  • remote_ip_address : IP address of the remote SSH server you want to connect securely.

  • remote_port : Port at remote server the insecure protocol is listening.

  • login_id_at_remote_server@remote_ip_address : Login id of the user and IP address of the remote SSH server. Remember to use @ character between login id and IP address.

SSH Remote port forwarding

The concept of SSH remote port forwarding is the opposite of SSH local port forwarding. SSH remote forwarding allows a remote SSH connection to access resources on your local machine on your network. The syntax of SSH remote port forwarding is as shown below. 


ssh -R remote_port:local_IP_Address:local_port login_id@remote_ip_address

SSS remote port forwarding command is explained below.

  • ssh : SSH client program.

  • -R : Remote port forwarding.

  • local_IP_Address : Remote port from incoming connection.

  • local_port : Local port on which internal protocol is listening.

  • remote_ip_address : IP address of the remote SSH server you want to connect securely.

  • remote_port : Port at remote server the insecure protocol is listening.

  • login_id@remote_ip_address : Login id with IP address of remote computer.

SSH Dynamic port forwarding

SSH Dynamic port forwarding is the third type of SSH port forwarding. SSH Dynamic port forwarding allows your computer to act similar to a SOCKS proxy server. Once the command is run, the SSH client creates a SOCKS proxy at the specified port on your local computer. Any traffic sent to the chosen port will be sent to the destination SSH server via secure encrypted SSH tunnel.

Please note that you may need to manually configure the programs running in your computer to use the SOCKS proxy, for this to work.


ssh –D local_port login_id@remote_ip_address

  • ssh : SSH client program.

  • -D : SSH Dynamic port forwarding.

  • local_port : Local port used for SSH Dynamic port forwarding.

  • login_id@remote_ip_address : Login id with IP address of remote SSH server.

<< How to install OpenSSH client in Windows 10
How to configure SSH port forwarding >>
Related Tutorials
What is SSH (Secure Shell)
History of SSH protocol
What SSH can do
Versions of SSH Protocol
RFCs related with SSH protocol
SSH Protocols and Products
SSH Client and SSH Server
SSH Components
SSH Packet Format
SSH Encryption Algorithms
Hash values, MAC and HMAC in SSH
What is SSH host key
How SSH works
How to install OpenSSH server in Windows Server
How to start OpenSSH Service in Windows Server
How to install OpenSSH Server in Windows Server using PowerShell
How to configure SSH server in Cisco Router
PuTTY login to Cisco Router using SSH protocol
How to install OpenSSH client in Windows 10
How to configure SSH port forwarding