What is SSH?
SSH (Secure Shell) is a common command-line interface protocol for remote access. When a secure SSH connection is established, a shell session is started, and users can modify the server by inputting commands on the client.
SSH is optimized for accessing Linux servers, but it can be used on any server running any operating system. It provides strong encryption and people can log in to another computer over the Internet through SSH to transfer files or execute commands.
How to use SSH port forwarding?
The process of using SSH to encrypt and decrypt TCP/IP transfers established by other applications on other TCP ports is called port forwarding, and most of its operations are transparent and very powerful. Port forwarding, sometimes called tunneling, can turn an insecure connection into a secure encrypted connection and is very effective for penetrating firewalls. In the next part, we’ll teach you how to create SSH port forwarding from the local, remote and dynamic aspects.
Local port forwarding
Local port forwarding allows you to send traffic from a local computer's port to an SSH server, which then sends it to a destination server.
Let’s look at an example. Now you wish to connect to a database server on your server that is listening on port 3376. To keep external attackers out, the database server's port is behind the firewall. And you have a Windows server only with SSH ports open. You can’t use RDP because post 3389 is blocked by the firewall. So, you can use SSH to do so.
Type the following on the local PC:
ssh -L 4000:192.168.0.63:3376 [email protected]
On your own PC, SSH will now bind to port 4000. Any traffic passing through this port is forwarded to the SSH server. The traffic is then sent to 192.168.0.63 port 3376, which is the server's port.
You are now able to connect to the database. Simply specify 192.168.0.63 as the host and 4000 as the port in the database client. Furthermore, you can use a single SSH command to forward numerous groups of ports:
ssh -L 5762:192.168.0.63:5762 -L 4000:192.168.0.63:3376 [email protected]
Apart from port forwarding the local port 5762 to 192.168.0.63:5762, we are also port forwarding the local port 4000 to 192.168.0.63:5762.
Remote port forwarding
Actually, remote port forwarding is totally opposite to local port forwarding. It sends communication from a server port to a local computer, which then sends it to a destination.
We say that you’re working on a web application that runs on your local computer's port 7756. Because you're behind a NAT network with no public IP, others can't access it directly. You'd like to demonstrate the application to a customer now. Fortunately, you can use remote forwarding to assist you with this.
ssh -R 7000:192.168.0.63:7756 [email protected]
When you run this command, the SSH server binds to 7000 port on example.com. Any messages received on this port is sent to your local computer's SSH client, which then sends it to 192.168.0.63 port 7756. Now the customer can utilize your application by going to http://example.com:7000 in a browser.
You can also use a different destination, just like with remote port forwarding. Suppose you want a friend to help you to install a router. Because they can't directly access your router, you can utilize remote port forwarding like this:
ssh -R 7653:192.168.63:7777 [email protected]
Dynamic port forwarding
So far, we've seen how to use SSH to forward local ports and remote ports. Although it gets close to serving as a proxy, it cannot be used in its current state. This is due to the fact that you'll have to specify separate ports for each destination and service you want to use, which is inconvenient.
Fortunately, "dynamic port forwarding," a sort of forwarding that can be utilized for this purpose, exists. Type the following command to enable dynamic port forwarding:
ssh -D 3679 [email protected]
The SSH client on your local computer starts a SOCKS proxy at port 3679. Any traffic sent to this port is sent to its proper destination via the SSH server.
After the detailed explanation, you must have known how to create SSH port forwarding from the local, remote and dynamic aspects accordingly, which is useful in our daily life. Of course, if you think it's too hard for you to create SSH port forwarding to remote access, we recommend a free third-party remote access software-- AnyViewer. Secured by Elliptic Curve Cryptography (ECC) encryption, AnyViewer can truly guarantee the safety of your remote connection.