SSH, also known as Secure Shell, is a widely known network protocol. It caters heavily to a network’s security. This includes authentication and encryption, among other services.
Regarding SSH Port Forwarding, It is highly likely that one finds the concept rather complex. Well, the procedure is pretty straightforward if one is willing. Wish to learn more? This comprehensive guide for SSH Port Forwarding will guide you all through it.
But before we jump into the intricacies of the procedure, let us first start at the bottom and work our way up.
What is SSH anyway?
Simply put, Secure Shell, commonly known as SSH, is a network security protocol based on a client-server architecture. Here the SSH client is in direct connection to an SSH server.
Developed in 1995, SSH was meant to be a replacement for Telnet. Telnet, among other protocols, did not guarantee encrypted data transfer and confidentiality.
The SSH protocol served as a highly secure solution for general purpose protocols that allowed communication between servers and users. With SSH, a user can easily set up a secure connection for data transference even over an unsecured network.
But how does SSH work?
The SSH network protocol uses asymmetric cryptography to authenticate communication between a client and a server in an unsecured network. This particular form of cryptography uses public-key pairs.
If you were to send a message without using the SSH protocol, anyone could intercept the message. Instead, we choose a more secure way. With SSH, the message can not be read by anyone as you alone possess the key for encryption. The receiver receives this message, puts another lock over it, and sends it back. You remove your lock using your key. The receiver then removes their lock after receiving the message. This completes our secure transmission.
Implementations of SSH – OpenSSH and PuTTY.
The open source network security protocol, SSH, has many prominent implementations. OpenSSH is one of the most commonly used besides PuTTY. It is supported on Linux, Unix, macOS, and Windows.
OpenSSH and PuTTY are based on the Secure Shell network protocol (SSH). The open-source implementations of the SSH protocols are used for secure data transference in an unsecured network.
But then what is SSH Port Forwarding?
SSH Port Forwarding, also known as SSH tunneling, allows users to create pathways for data transference within an SSH tunnel. This link establishes an encrypted connection between a local and remote client-server structure.
With SSH Port Forwarding, you can direct network traffic to specific IPs, access a server behind NAT, connect to geo-restricted servers and let data in via encrypted streams without getting blocked by the firewall.
Types of SSH Port Forwarding
Now that you know the basics of SSH protocol and SSH Port Forwarding, let us dive a little deeper. Let us take a look at the various types of SSH Port Forwarding options available.
All three options are explained briefly here:
Local Port Forwarding – A connection is forwarded from the SSH client via an SSH server to a destination machine.
Remote Port Forwarding – A connection is forwarded from the SSH server via an SSH client to a destination machine.
Dynamic Port Forwarding – A socket is created on the SSH client as a SOCKS proxy server. Connection is forwarded to the SSH server and then to the dynamic port of the destination.
SSH – Local Port Forwarding
We generally utilize SSH local port forwarding to connect to an internal network that hosts a remote service. The connection is forwarded from an SSH client machine to a server which then connects to the destination host.
In OpenSSH, we can use this particular feature by invoking the -L flag. The general instruction for SSH local Port Forwarding can be granted as follows:
ssh -L [LOCAL_IP:]LOCAL_PORT:DESTINATION:DESTINATION_PORT [USER@]SSH_SERVER
Here the [LOCAL_IP:]LOCAL_PORT signifies the local IP address of the system and the port number, respectively. Moving towards the left, DESTINATION: DESTINATION_PORT signifies the host machine’s IP/name and specific port number. Lastly, [USER@]SSH_SERVER is used to specify the remote SSH user and server’s IP.
E.g. ssh -L 3325:db01.host:3308 user@pubh01.host
SSH – Remote Port Forwarding
Now we move on to the other end of the spectrum with SSH remote Port Forwarding. The connection is forwarded from an SSH server machine to a client, which then connects to the destination host.
In OpenSSH, we can use this particular feature by invoking the -R flag. The general instruction for SSH remote Port Forwarding can be granted as follows:
ssh -R [REMOTE:]REMOTE_PORT:DESTINATION:DESTINATION_PORT [USER@]SSH_SERVER
Here the [REMOTE:]REMOTE_PORT signifies the IP address of the system and the port number, respectively, for the remote server. Moving towards the left, DESTINATION: DESTINATION_PORT signifies the destination host machine’s IP/name and specific port number. Lastly, [USER@]SSH_SERVER is used to specify the remote SSH user and server’s IP.
E.g. ssh -R 82:127.0.0.1:3020 user@<remoteserver_ip>
SSH – Dynamic Port Forwarding
With Dynamic SSH Port Forwarding, we help create a socket. This socket, on the SSH client, serves as a SOCKS proxy server.
In OpenSSH, we can use this particular feature by invoking the -D flag. The general instruction for SSH dynamic Port Forwarding can be granted as follows.
ssh -D [LOCAL_IP:]LOCAL_PORT [USER@]SSH_SERVER
Here the [LOCAL_IP:]LOCAL_PORT signifies the local IP address of the system and the port number, respectively. [USER@]SSH_SERVER is used to specify the remote SSH user and server’s IP.
E.g. ssh -R 82:127.0.0.1:3020 user@<remoteserver_ip>
Set UP SSH Port Forwarding for Windows
If you wish to forward ports for SSH tunneling on Windows, that can be easily managed using the other SSH implementation – PuTTY. It is the other open-source implementation of SSH that supports other network protocols as well. Follow the simple steps given below:
- Start by launching PuTTY.
- In the IP/Hostname field, type in your SSH server IP.
- Select tunnels via Connection (menu) > SSH > Tunnels.
- Select the Port Forwarding type, i.e., Local, Remote or Dynamic.
- Now, click on the Add button.
- Type in the session name on the sessions page in the Save Session field.
- Click on the Save button. This will save your settings.
- Now click the saved session and select Open.
- Enter your username and password to log into the server.
From basic information to tunneling instructions, it looks like you know all there is to learn about SSH Port Forwarding!