SSH Tunneling

appsbymuss - Aug 31 - - Dev Community

(This Blog post is part of a collaborative work between Me and Youssef El Idrissi, Consult his devTo page for more information: https://dev.to/0xw3ston)

What is SSH Tunneling

SSH tunneling, also known as SSH port forwarding, is a method of securely routing network traffic from one network to another through an encrypted SSH (Secure Shell) connection. This technique allows you to forward traffic for various types of network services through the SSH connection, effectively bypassing firewalls or securing communications over an untrusted network, such as the internet.
There are 3 types of SSH Tunneling: Local, Remote and Dynamic

Local Port Forwarding

This forwards traffic from a specific port on the local machine to a port on a remote machine through the SSH server. It's commonly used to access services behind a firewall or NAT that aren't directly accessible from the client machine.

Image description

  • Example: You have a MySQL server that is running a remote machine but you don't want to directly expose its port publicly, we can use a MySQL Client Tool (such as MySQL-Workbench) through a Local SSH Tunnel to access the DB without ever exposing said database publicly.

  • command to execute: ssh -L [local_port]:[remote_host]:[remote_port] [user]@[ssh_server]
    example: ssh -L 3008:remote.example.com:3306 user@ssh-server.com

Remote Port Forwarding

This forwards traffic from a specific port on the SSH server to a port on a machine accessible to the client. It's used to expose a local service to the internet or a remote network.

Image description

  • Example: You have an Apache web server that you want to be exposed only to a single remote machine (or network) to maybe automate tests or something of the sort.

  • command to execute: ssh -R [remote_port]:[local_host]:[local_port] [user]@[ssh_server]
    example: ssh -R 8080:localhost:80 user@ssh-server.com

Dynamic Port Forwarding

This turns the SSH client into a SOCKS proxy server, allowing it to dynamically forward traffic through the SSH server. It's useful for routing traffic from multiple applications through the SSH connection.

Image description

  • Example: There are geographical restrictions on some website you want to visit, therefor we use the Remote machine to act as a SOCKS Proxy and essentially forward requests to the Internet on our behalf (in this case it's HTTP Requests)

  • command to execute: ssh -D [local_port] [user]@[ssh_server]
    example: ssh -D 1080 user@ssh-server.com

. . .