Comprehensive guide to creating and using SSH tunnels for port forwarding, proxying, and secure communication
ssh -L 8080:target-server:80 user@ssh-serverThis command forwards local port 8080 to port 80 on target-server through ssh-server. You can access the target server by connecting to localhost:8080.
ssh -L 8080:target-server-1:80 -L 8443:target-server-2:443 user@ssh-serverThis command forwards local port 8080 to port 80 on target-server-1 and local port 8443 to port 443 on target-server-2 through ssh-server.
ssh -L 192.168.1.10:8080:target-server:80 user@ssh-serverThis command binds the local port forwarding to a specific interface (192.168.1.10) instead of all interfaces.
ssh -fN -L 8080:target-server:80 user@ssh-serverThis command runs the SSH tunnel in the background (-f) and does not execute a remote command (-N).
ssh -C -L 8080:target-server:80 user@ssh-serverThis command enables compression (-C) for the SSH tunnel, which can improve performance for certain types of data.
ssh -v -L 8080:target-server:80 user@ssh-serverThis command enables verbose output (-v) for the SSH tunnel, which can help with troubleshooting.
ssh -R 8080:localhost:80 user@ssh-serverThis command forwards remote port 8080 on ssh-server to port 80 on localhost. Users on ssh-server can access your local server by connecting to localhost:8080.
ssh -R 8080:localhost:80 -R 8443:localhost:443 user@ssh-serverThis command forwards remote port 8080 to port 80 on localhost and remote port 8443 to port 443 on localhost.
ssh -R 0.0.0.0:8080:localhost:80 user@ssh-serverThis command binds the remote port forwarding to all interfaces on ssh-server, allowing external connections. Note that this requires GatewayPorts yes in the SSH server configuration.
ssh -fN -R 8080:localhost:80 user@ssh-serverThis command runs the SSH tunnel in the background (-f) and does not execute a remote command (-N).
ssh -C -R 8080:localhost:80 user@ssh-serverThis command enables compression (-C) for the SSH tunnel, which can improve performance for certain types of data.
ssh -v -R 8080:localhost:80 user@ssh-serverThis command enables verbose output (-v) for the SSH tunnel, which can help with troubleshooting.
ssh -D 8080 user@ssh-serverThis command creates a SOCKS proxy on local port 8080 through ssh-server. You can configure your applications to use this proxy to access resources through ssh-server.
ssh -D 192.168.1.10:8080 user@ssh-serverThis command binds the SOCKS proxy to a specific interface (192.168.1.10) instead of all interfaces.
ssh -fN -D 8080 user@ssh-serverThis command runs the SSH tunnel in the background (-f) and does not execute a remote command (-N).
ssh -C -D 8080 user@ssh-serverThis command enables compression (-C) for the SSH tunnel, which can improve performance for certain types of data.
ssh -v -D 8080 user@ssh-serverThis command enables verbose output (-v) for the SSH tunnel, which can help with troubleshooting.
ssh -J user1@jump-host user2@target-serverThis command uses jump-host as an intermediate server to connect to target-server. This is useful when target-server is not directly accessible.
ssh -J user1@jump-host1,user2@jump-host2 user3@target-serverThis command uses multiple jump hosts to connect to target-server.
ssh -L 8080:target-server:80 -J user1@jump-host user2@ssh-serverThis command combines port forwarding with a jump host, allowing you to forward a local port to a target server through multiple SSH servers.
Host jump HostName jump-host User user1 Host target HostName target-server User user2 ProxyJump jump LocalForward 8080 localhost:80This SSH config file simplifies the command to ssh target, which will automatically set up the jump host and port forwarding.
autossh -M 0 -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -R 8080:localhost:80 user@ssh-serverThis command uses autossh to automatically restart the SSH tunnel if it fails. The -M 0 option disables autossh's monitoring port, and the ServerAlive options keep the connection alive.
# Edit /etc/ssh/sshd_config GatewayPorts noThis setting prevents remote port forwards from binding to non-loopback addresses, which could expose services to the internet.
# Edit /etc/ssh/sshd_config AllowTcpForwarding yes PermitOpen localhost:80 localhost:443These settings allow TCP forwarding but restrict which destinations can be forwarded to.
# Generate SSH key ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519 # Copy SSH key to server ssh-copy-id -i ~/.ssh/id_ed25519.pub user@ssh-server # Edit /etc/ssh/sshd_config PasswordAuthentication noUsing SSH keys instead of passwords improves security by requiring possession of the private key to authenticate.
# Edit /etc/ssh/sshd_config Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256Using strong encryption algorithms improves the security of SSH tunnels.
# Allow SSH from specific IP addresses iptables -A INPUT -p tcp -s 192.168.1.0/24 --dport 22 -j ACCEPT # Deny all other SSH connections iptables -A INPUT -p tcp --dport 22 -j DROPUsing firewall rules to restrict SSH access improves security by limiting who can connect to the SSH server.
Understanding common SSH exploitation methods and how to defend against them
Learn moreOverview of tools used for SSH reconnaissance, scanning, and exploitation
Learn more