Shulou(Shulou.com)06/01 Report--

This article focuses on "how to set up a SSH tunnel". Interested friends may wish to have a look. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn how to set up a SSH tunnel.

There are three types of SSH port forwarding: SSH forwarding is useful for transmitting network data that uses an unencrypted protocol such as VNC or FTP, accesses geographically restricted content, or bypasses intermediate firewalls. Basically, you can forward any TCP port and tunnel traffic over a secure SSH connection.

Local port forwarding. -forwards the connection from the client host to the SSH server host and then to the target host port.

Remote port forwarding. -forwards the port from the server host to the client host and then to the target host port.

Dynamic port forwarding. -create a SOCKS proxy server that allows communication across a series of ports.

In this article, we will discuss how to set up local, remote, and dynamically encrypted SSH tunnels.

Local port forwarding

Local port forwarding allows you to forward a port on a local (ssh client) computer to a port on a remote (ssh server) computer, and then forward it to a port on the target computer.

In this type of forwarding, the SSH client listens on a given port and connects any connection tunnel to that port to a designated port on the remote SSH server, which is then connected to a port on the target computer. The target computer can be a remote SSH server or any other computer.

Local port forwarding is mainly used to connect to remote services on an internal network, such as a database or VNC server.

Create local port forwarding in Linux, macOS, and other Unix systems to pass the-L option to the ssh client:

Ssh-L [LOCAL_IP:] LOCAL_PORT:DESTINATION:DESTINATION_PORT [USER@] SSH_SERVER

The options used are as follows:

[LOCAL_IP:] LOCAL_PORT-the ip and port number of the local machine. When the SSH client is omitted from LOCAL_IP, the local host is connected.

DESTINATION:DESTINATION_PORT-IP or hostname and port of the target computer.

[USER@] SERVER_IP-remote SSH user and server IP address.

LOCAL_PORT can use any port number greater than 1024. The port number is less than 1024 privileged port and can only be used by root users. If your SSH server is listening on a port other than 22 (the default), use the-p [PORT_NUMBER] option.

The target hostname must be resolvable from the SSH server.

Suppose you are running the MySQL database server on the computer db001.host on the internal (private) network, which is accessible from the computer on port 3306, and you want to connect to the database server using the mysql client on the local computer pub001.host. To do this, you can forward the connection as follows:

Ssh-L 3336:db001.host:3306 user@pub001.host

After running the command, you will be prompted for the remote SSH user password. After entering, you will log in to the remote server and establish a SSH tunnel. It is a better choice to establish authentication based on SSH keys to connect to the server without entering a password.

Now, if you point the local computer database client to 127.0.0.1 MySQL 3336, the connection forwards the db001.host:3306 to the MySQL server via pub001.host for the computer acting as the intermediary server.

You can forward multiple ports to multiple destinations in a single ssh command. For example, you are running another MySQL database server, db002.host, on your computer, and you want to connect to both servers from the local client you are running:

Ssh-L 3336:db001.host:3306 3337:db002.host:3306 user@pub001.host

To connect to the second server you will use, 127.0.0.1Suzhou 3337.

The target host is the same as the SSH server, rather than specifying the target host IP or hostname localhost that can be used.

Suppose you need to connect to a remote computer through a VNC running on the same server and cannot access it externally. The commands you will use are:

Ssh-L 5901-N-f user@remote.host 127.0.0.1

The-f option tells ssh that the command runs in the background and-N does not execute the remote command. We are using localhost because the VNC and SSH servers are running on the same host.

If you have problems setting up the tunnel, check the remote SSH server configuration and make sure that AllowTcpForwarding is not set to no. Forwarding is allowed by default.

Remote port forwarding

Remote port forwarding is the opposite of local port forwarding. It allows you to forward a port on a remote (ssh server) computer to a port on a local (ssh client) computer, and then forward it to a port on the target computer.

In this type of forwarding, the SSH server listens on a given port and connects any connection tunnel to that port to a designated port on the local SSH client, which is then connected to a port on the target computer. The target computer can be the local computer or any other computer.

Create remote port forwarding in Linux, macOS, and other Unix systems to pass the-R option to the ssh client:

Ssh-R [REMOTE:] REMOTE_PORT:DESTINATION:DESTINATION_PORT [USER@] SSH_SERVER

The options used are as follows:

[REMOTE:] REMOTE_PORT-IP and port number on the remote SSH server. An empty REMOTE indicates that the remote SSH server will be bound on all interfaces.

DESTINATION:DESTINATION_PORT-IP or hostname and port of the target computer.

[USER@] SERVER_IP-remote SSH user and server IP address.

Local port forwarding is mainly used to provide someone with access to internal services from the outside.

Suppose you are developing a Web application on your local computer and want to display a preview to other developers. You do not have a public IP, so other developers cannot access the application through Internet.

If you have access to the remote SSH server, you can set up remote port forwarding as follows:

Ssh-L 8080 127.0.0.1 ssh 3000-N-f user@remote.host

The above command causes the ssh server to listen on port 8080 and tunnel all traffic from that port to the local computer on the port 3000. Now your developer can enter the_ssh_server_ip:8080 into his / her browser and preview your application. If you have trouble setting up remote port forwarding, make sure that GatewayPorts is set to yes on the remote SSH server configuration.

Dynamic port forwarding

Dynamic port forwarding allows you to create sockets on a local (ssh client) computer that acts as a SOCKS proxy server. When a client connects to this port, the connection is forwarded to a remote (ssh server) computer and then forwarded to a dynamic port on the target computer.

In this way, all applications that use the SOCKS proxy connect to the SSH server, which forwards all traffic to its actual destination.

Create dynamic Port forwarding (SOCKS) in Linux, macOS, and other Unix systems to pass the-D option to ssh clients:

Ssh-R [LOCAL_IP:] LOCAL_PORT [USER@] SSH_SERVER

The options used are as follows:

[LOCAL_IP:] LOCAL_PORT-the ip and port number of the local machine. When LOCAL_IP omits the SSH client binds to the local host.

[USER@] SERVER_IP-remote SSH user and server IP address.

A typical example of dynamic port forwarding is the transport of Web browser traffic through a SSH server tunnel.

The following command creates a SOCKS tunnel 9090 on the port:

Ssh-D 9090-N-f user@remote.host

After the tunnel is established, you can configure the application to use it. This article describes how to configure Firefox and Google Chrome browsers to use the SOCKS proxy. Port forwarding must be configured separately for each application for which you want to tunnel.

Set up SSH tunnels in Windows

Windows users can use the PuTTY SSH client to create an SSH tunnel. You can download PuTTY here.

Start Putty and enter the SSH server IP address in the Host name (or IP address) field.

Under the Connection menu, expand SSH and select Tunnels. Check the Local radio button to set local, Remote remote, and Dynamic dynamic port forwarding.

If you set up local forwarding, enter the local forwarding port in the Source Port field Destination, and then enter the destination host and IP, such as localhost:5901.

For remote port forwarding, enter the remote SSH server forwarding port in the Source Port field Destination, and then enter the destination host and IP, such as localhost:3000.

If dynamic forwarding is set, only the local SOCKS port in the Source Port field is entered.

Click the Add button, as shown in the following figure.

Return to the Session page to save the settings so that you don't need to enter them each time. Enter the session name in the Saved Session field and click the Save button.

Select the saved session and click the Open button to log in to the remote server.

A new window appears asking for your user name and password. After entering the user name and password, you will log in to the server and start the SSH tunnel.

Setting public key authentication will allow you to connect to the server without entering a password.

At this point, I believe you have a deeper understanding of "how to set up the SSH tunnel". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.