How to set up SSH tunneling (port forwarding)

Server 2019-08-13 10:31:19 views: null

SSH SSH tunnels or port forwarding is a method of creating an encrypted SSH connection between the client and the server machines, the service can be relayed via the connection port.

SSH forwarded for transmission using unencrypted protocols (such as VNC or FTP), geographic access restricted content or to bypass the firewall service center network data is very useful. Basically, you can forward any TCP port and connects through a secure transmission tunnel traffic SSH.

SSH port forwarding There are three types:

  • Local port forwarding. - forwarding the connection from the client host to the SSH server host, and then forwarded to the destination host port.
  • Remote port forwarding. - port forwarding from the server host to the client host, and then forwarded to the destination host port.
  • Dynamic port forwarding. - Create a SOCKS proxy server, allowing for communication across a range of ports.

In this article, we will discuss how to set up local, remote and dynamic encrypted SSH tunnel.

Local port forwarding

Local port forwarding allows you to forward a port on the local (ssh client) computer to the port on the remote computer (ssh server), and then forwards it to the port on the target computer.

In this type of forwarding, SSH client listens for a given port, and connection to any port connected to the tunnel to the specified port on the remote SSH server, and the port connected to the port on the target computer. Target computer can be remote SSH server or any other computer.

Local port forwarding service is mainly used for remote connection on the internal network (such as a database or VNC server).

Create a local port forwarding to pass options to ssh -L client in Linux, macOS and other Unix systems:

ssh -L [LOCAL_IP:]LOCAL_PORT:DESTINATION:DESTINATION_PORT [USER@]SSH_SERVER

Use the options are as follows:

  • [LOCAL_IP:] LOCAL_PORT - ip and port number of the local machine. When the SSH client LOCAL_IP omitted the local host is connected.
  • DESTINATION: DESTINATION_PORT - IP or hostname of the target computer and port.
  • [USER @] SERVER_IP - remote SSH client and server IP address.

LOCAL_PORT can use any port number greater than 1024. Privileged port number less than 1024 ports, can only be used by the root user. Port (default value) other than 22 if your SSH server is listening, please use the -p [PORT_NUMBER] option.

Target host name must be resolvable from the SSH server.

Let's say you run on your computer db001.host on the internal (private) network MySQL database server can be accessed from your computer on port 3306, and you want to use the mysql client on the local computer pub001.host connect to the database server. To do this, you can forward the connection as follows:

ssh -L 3336:db001.host:3306 [email protected]

After running this command, you will be prompted to enter the remote SSH user password. Once entered, you will be logged remote server and set up SSH tunnels. Establish a connection to the server to verify the identity of key-based SSH without entering a password is a better choice.

Now, if your local computer database client to 127.0.0.1:3336, the connection will be forwarded db001.host:3306 by pub001.host will serve as an intermediate server computer to the MySQL server.

You can forward multiple ports to multiple destinations in a single ssh command. For example, you run the MySQL database server on another computer, db002.host and you want to connect from a local client that you will run into two servers:

ssh -L 3336:db001.host:3306 3337:db002.host:3306 [email protected]

To connect to a second server 127.0.0.1:3337 you will use.

SSH server host and target are the same, instead of specifying the target host IP or hostname localhost can use.

Suppose you need to connect via VNC running on the same server to a remote computer, and you can not access it from the outside. Command you will use is:

ssh -L 5901:127.0.0.1:5901 -N -f [email protected]

The -f option tells the ssh command run in the background rather than -N remote command execution. We are using, localhost as VNC and SSH server running on the same host.

If you experience problems when setting up a tunnel, check the remote SSH server configuration and make sure AllowTcpForwarding is not set to no. By default, allow forwarding.

Remote port forwarding

Local and remote port forwarding port forwarding opposite. It allows you to forward a port on the remote (ssh server) computer to the port on the local computer (ssh client), and then forwards it to the port on the target computer.

In this type of forwarding, SSH server listens on a given port, and connection to any port connected to the tunnel to the specified port on the local SSH client, then the port is connected to a port on the target computer. Target computer can be a local computer or any other computer.

Create a remote port forwarding to pass the -R option to the ssh client in Linux, macOS and other Unix systems:

ssh -R [REMOTE:]REMOTE_PORT:DESTINATION:DESTINATION_PORT [USER@]SSH_SERVER

Use the options are as follows:

  • [REMOTE:] REMOTE_PORT - IP and port number on the remote SSH server. Empty REMOTE indicates that the remote SSH server to bind on all interfaces.
  • DESTINATION: DESTINATION_PORT - IP or hostname of the target computer and port.
  • [USER @] SERVER_IP - remote SSH client and server IP address.

Local port forwarding mainly used to provide access to internal services from external to someone.

Suppose you are developing a Web application on the local computer, and you want to display a preview to other developers. You do not have a public IP, so other developers can not access the application via the Internet.

If you have access to a remote SSH server, you can set up a remote port forwarding as follows:

ssh -L 8080:127.0.0.1:3000 -N -f [email protected]

The above command will enable ssh server listening on port 8080 and 3000 transmission tunnel all traffic from the port to the local computer ports.

Now your developers can enter the_ssh_server_ip: 8080 his / her browser and preview your application.

If you are having trouble setting up remote port forwarding, ensure GatewayPorts is set to yes in a remote SSH server configuration.

Dynamic Port Forwarding

Dynamic port forwarding allows you to create a socket on the act as a SOCKS proxy server's local (ssh client) computer. When a client connects to this port, the connection is forwarded to the remote (ssh server) computer, and then forwarded to the dynamic port on the target computer.

In this way, all applications that use the SOCKS proxy to connect to the SSH server, the server forwards all traffic to its actual destination.

Creating dynamic port forwarding (SOCKS) in Linux, macOS and other Unix systems will deliver the -D option to the ssh client:

ssh -R [LOCAL_IP:]LOCAL_PORT [USER@]SSH_SERVER

Use the options are as follows:

  • [LOCAL_IP:] LOCAL_PORT - ip and port number of the local machine. When the SSH client LOCAL_IP incorporated omitted the local host.
  • [USER @] SERVER_IP - remote SSH client and server IP address.

Typical examples of dynamic port forwarding is to transmit Web browser traffic through SSH tunnel server.

The following command creates a SOCKS tunnel on port 9090:

ssh -D 9090 -N -f [email protected]

After the establishment of the tunnel, you can configure the application to use it. This article describes how to configure Firefox and Google Chrome browser to use SOCKS proxy.

Each application must be tunneled to which you want to configure the port forwarding individual.

Setting SSH tunnel in Windows

Windows users can create SSH tunnel PuTTY SSH client. Here you can download PuTTY.

  1. Putty start of the SSH server and the IP address Host name (or IP address) field.

  2. In the Connection menu, expand SSH and select Tunnels. Check the Local radio button to set the Local, Remote Dynamic remote and dynamic port forwarding.

    • If local forwarding, in the Source Port Destination field enter the local port forwarding, and then enter the target host and IP, for example localhost: 5901.
    • For remote port forwarding, please enter the Source Port Destination field remote SSH server port forwarding, and then enter the target host and IP, for example localhost: 3000.
    • If you set up dynamic forwards, only enter a local SOCKS port Source Port field.

  3. Click the Add button, as shown below.

  4. Returns the Session page to save your settings so that you do not need to enter them every time. Input session in the Saved Session name field and click the Save button.

  5. Select the saved session, and then click the Open button to login to the remote server.

    A new window will appear asking for your user name and password. After entering a user name and password, you will be logged into the server and start SSH tunnel.

    Setting Public Key Authentication will allow you to connect to the server without entering a password.

to sum up

We've shown you how to set up SSH tunnel to forward traffic and connected through a secure SSH. For ease of use, you can SSH configuration file definition SSH tunnel SSH tunnel or create a set of Bash alias .

If you encounter problems or have feedback, please leave a message below.

Guess you like

Origin www.linuxidc.com/Linux/2019-08/159950.htm
Recommended
Ranking
Empire cms smart tag calls four first-level recommended articles, starting from the fourth article
Linux environment installation and configuration Elasticsearch7.17
Big Data processing architecture and Lambda Kappa architecture
Explore the top of the AI large model platform - Wenxin Qianfan
Beijing car PK10 lucky airship Guanya size and value of the odd and even tips
W3B x Sui Hacker House|In-depth understanding of Sui and Move language
Know almost Ko Chan: Chinese what any decent open source software products? (Finishing from my original answer)
Comprehensively improve AD domain security authentication | Zhuyun IDaaS
Android Update Engine Analysis (24) What happened when making the downgrade package?
Spark Architecture and Operating Mechanism (1) - System Architecture
Daily
More
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)

Code World

© 2018 codetd.com