ssh (SSH client) is a program for logging into a remote machine and provide secure encrypted communications between two untrusted hosts over an insecure network.

In some scenarios, you can't directly ssh to some devices/servers due to either server or network constrains. Tunneling can play a role to make sure you can have secure connection between device/server and you client.


Before get started, make sure you can ssh to ssh_server(use it in below examples), , you can setup ssh_server for ssh passprase free login, or setup multiple ssh keys on one client to different ssh servers/accounts, In addition to that, X11 connections and arbitrary TCP ports can be forwarded over the secure channel too.


ssh -L localport:remotehost:remotehostport user@ssh_server -N 

-L - port forwarding parameters
-N - do not execute a remote command, it's optional, no shell in this session

Basic connection diagarm

Suppose localport=8800 and remotehostport=8080

| SSH Client  |<-ssh port 22>-|ssh_server|<-Port 8080->| remote host  | 
+-------------+              +----------+            +--------------+
localhost:8800              <tunnel>      remotehost:8080


Suppose you have some devices have web access, but not https, then you probably want them get accessed via a secured connection, So config devices internal access only, then use ssh tunnel to access them.

ssh -L 8800: tunneluser@ssh_server

In example above, open your browser and go to http://localhost:8800 to access the device web interface.

1. Make sure ssh server has forwarding enabled

2. When using tunneling for device web access, also make sure X11forwarding enabled can use multiple -L for multiple ports, for example, use tunneling to access mail server(tunnel both SMTP and IMAP/POP)

More about tunneling(-L):

Specifies that the given port on the local (client) host is to be forwarded to the given host and port on the remote side.  This  works by allocating a socket to listen to port on the local side, and whenever a connection is made to this port, the connection is forwarded over the secure channel, and a connection is made to host port hostport from the remote machine.  Port forwardings can also be specified in the configuration file.

Comments powered by CComment