SSH 3 (Port Forwarding)

SSH Port Forwarding or SSH tunneling allow to establish SSH session (secured connection) , And then making TCP connection (unsecured connection) inside the tunnel or through it .
it's used for securing unsecured connection.

  • Local Port Forwarding :

To understand port forwarding let's see examples
when i want to access my mail client via pop (post office protocol) port : 110 , so , to secure this connection , i should first establish SSH session , and then make a normal TCP connection through this channel
1- establish SSH session
ssh -L 10000:localhost:110 user@mailserver.com
after authentication with any method (password or public key) we established SSH session
let's describe this command
-L : local forwarding
10000 : local port or local socket that connection will out to server , here SSH bind 10000 to loopback (
110 : remote port
mailserver.com: server that ssh connect with

2- making TCP connection through SSH channel
 in a separate shell window apply
telnet localhost 10000

we making SSH session and and bind port 10000 to loopback, now to make a connection through SSH channel by command telnet localhost 10000 , it's normal and unsecured ,but it's inside a secure channel
client send a message through port 10000 inside SSH channel and server deliver it to port 110

Another example:

when i have on my server telnet service , and to improve telnet security , I disabled to receive connections from any computer (just loopback)
by editing /etc/xinetd.d/telnet , And add bind =
when i try to connect to telnet from remote computer telnet 23
telnet: connect to address Connection refused
telnet: Unable to connect to remote host: Connection refused

we here can access telnet via SSH tunnel from client
ssh -L 9999:

and from client again and in a separate shell window
telnet localhost 9999

it will connect ,now i make a secure connection between client and server (telnet) although ,telnet is not a secure connection.
it's can also apply on any unsecured connection such as FTP

FTP connection will be secured inside SSH channel

  • Remote Port Forwarding :

In Local Port Forwarding i started the session from client to server , but in Remote Port Forwarding is opposite , The session will start from the server and then go to the client.

Example :
when i want to connect SSH server (internal) IP192.168.0.20 but the server is behind a firewall ,so client (external) can't access .

To access we make revers Tunnel or Remote Port Forwarding ,
1- Establish the SSH session from the server by command
ssh -R 9999:localhost:22

2-Make SSH connection through SSH tunnel
ssh -p 9999 localhost

we here make the SSH session from the server to the client (revers) , and the client access via tunnel to SSH ,because client can't make the SSH session because of the firewall.

Hint 1: To see SSH Port Forwarding debug by useing -v option ,for example:
ssh -v -L 9999: 
Hint 2: When destination host in not localhost this mean the connection is not fully encrypted
for example :
ssh -L 9999:
this mean the connection between client and is encrypted , but between and will not encrypted

client connect to via SSH connection (encrypted) , and deliver the messages from client to through port 25 via telnet (not encrypted) and we have here another use of SSH Port Forwarding , You can connect to server that provide a service Via SSH server .

No comments:

Post a Comment