Cybersecurity professional analyzing network data

SSH Tunneling Techniques

Master the art of SSH tunneling for secure communication, port forwarding, and bypassing network restrictions.

SSH Tunneling Techniques

Comprehensive guide to creating and using SSH tunnels for port forwarding, proxying, and secure communication

Hacker accessing global network through SSH tunnels
Local Port Forwarding
Forward a local port to a remote server through an SSH connection

Basic Local Port Forwarding:

ssh -L 8080:target-server:80 user@ssh-server

This command forwards local port 8080 to port 80 on target-server through ssh-server. You can access the target server by connecting to localhost:8080.

Multiple Port Forwarding:

ssh -L 8080:target-server-1:80 -L 8443:target-server-2:443 user@ssh-server

This command forwards local port 8080 to port 80 on target-server-1 and local port 8443 to port 443 on target-server-2 through ssh-server.

Binding to Specific Interface:

ssh -L 192.168.1.10:8080:target-server:80 user@ssh-server

This command binds the local port forwarding to a specific interface (192.168.1.10) instead of all interfaces.

Background Process:

ssh -fN -L 8080:target-server:80 user@ssh-server

This command runs the SSH tunnel in the background (-f) and does not execute a remote command (-N).

Security control room with multiple monitors

Advanced SSH Tunneling

SSH tunneling is a powerful technique for secure communication and bypassing network restrictions. Learn how to create and use SSH tunnels for various purposes.

Remote Port Forwarding
Forward a remote port to a local server through an SSH connection

Basic Remote Port Forwarding:

ssh -R 8080:localhost:80 user@ssh-server

This command forwards remote port 8080 on ssh-server to port 80 on localhost. Users on ssh-server can access your local server by connecting to localhost:8080.

Multiple Port Forwarding:

ssh -R 8080:localhost:80 -R 8443:localhost:443 user@ssh-server

This command forwards remote port 8080 to port 80 on localhost and remote port 8443 to port 443 on localhost.

Binding to All Interfaces:

ssh -R 0.0.0.0:8080:localhost:80 user@ssh-server

This command binds the remote port forwarding to all interfaces on ssh-server, allowing external connections. Note that this requires GatewayPorts yes in the SSH server configuration.

Dynamic Port Forwarding
Create a SOCKS proxy through an SSH connection

Basic Dynamic Port Forwarding:

ssh -D 8080 user@ssh-server

This command creates a SOCKS proxy on local port 8080 through ssh-server. You can configure your applications to use this proxy to access resources through ssh-server.

Binding to Specific Interface:

ssh -D 192.168.1.10:8080 user@ssh-server

This command binds the SOCKS proxy to a specific interface (192.168.1.10) instead of all interfaces.

Security Considerations
Security considerations for SSH tunneling

Restrict GatewayPorts:

# Edit /etc/ssh/sshd_config GatewayPorts no

This setting prevents remote port forwards from binding to non-loopback addresses, which could expose services to the internet.

Use SSH Keys:

# Generate SSH key ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519 # Copy SSH key to server ssh-copy-id -i ~/.ssh/id_ed25519.pub user@ssh-server # Edit /etc/ssh/sshd_config PasswordAuthentication no

Using SSH keys instead of passwords improves security by requiring possession of the private key to authenticate.

Related SSH Resources

SSH Hardening Guide

Learn how to secure your SSH servers against common attacks

Learn more

SSH Exploitation Techniques

Understanding common SSH exploitation methods and how to defend against them

Learn more

SSH Penetration Testing Tools

Overview of tools used for SSH reconnaissance, scanning, and exploitation

Learn more