Lot of us use Secure Shell (SSH) as a way to log into remote machines in a secure manner. SSH is also a robust way to forward network traffic from one machine to another connected machine. This process is called either SSH port forwarding or SSH tunneling. With port forwarding, you can securely transfer data between local and remote machines. Port forwarding often bypasses network restrictions and firewalls. In this article, let us learn about SSH port forwarding, why is it required, its types, and the instructions to set up.
SSH Port Forwarding: What is it?
At Unixmen, we always start with the basics of the topic we cover to help the users learn the concept thoroughly. Let us see what is port forwarding in SSH before we get into other aspects like the setup instructions.
SSH port forwarding is a process to create a secure connection between two systems over an SSH connection. With SSH port forwarding, data can be sent from one system through a secure, encrypted connection. This helps you protect your data and systems against network attacks, eavesdropping, and other malicious attacks.
Some Common Uses of SSH Port Forwarding
- Bypass firewall and network restriction: Forwarding network traffic through SSH allows you to connect to services on remote systems that cannot be accessed directly.
- Access internal services: Forwarding through SSH lets you access internal network services that are usually not exposed to public networks.
- Safer protocols: By routing through SSH tunnels, you can secure unencrypted services like FTP or RDP, which are usually not encrypted by default.
What are the Types of SSH Port Forwarding
These are the three types: local, remote, and dynamic.
Local
Local port forwarding lets you forward network traffic from one port on the local host to a port on a remote system. This setup is used when you want to access a remote service that is only available on the remote system’s local network. For example, if a remote server runs a web server on localhost:8080, you can forward by executing the command:
When this command is executed, SSH forwards the traffic from the local machine’s 8080 port to the remote machine’s 8080 port. This grants you access to the remote system’s web server.
Remote
Remote forwarding is just the opposite of local port forwarding. This is used when you want to forward the traffic from a port on the remote machine to a port on your local machine. Remote port forwarding is useful when you want to expose a service on your local machine to a remote system. For example, consider a situation where you would want to forward traffic traffic from port 8080 on a remote server to port 8080 on your local machine. In this case, execute this command:
Dynamic
Dynamic port forwarding is used to create a SOCKS proxy on your local machine. This allows you to funnel all traffic through the SSH connection. Dynamic port forwarding becomes useful in situations where you want all web traffic through an encrypted SSH tunnel, bypass firewall, or to mask IP addresses. To create a SOCKS proxy on your local machine at port XYZ, execute this command:
Once this command is executed, configure your web browser or other tools to use SOCKS proxy at localhost:8080. Once this is done, all traffic will be routed via the SSH tunnel.
Why SSH Port Forwarding is Essential
- To access remote services: The most common use of local port forwarding is to access internal services on a remote network that cannot be publicly exposed.
- To encrypt communication for unsecure services: Remote port forwarding can be used to fortify the communication of services like FTP. These services do not come with encryption in their default form.
- To proxy web traffic: Dynamic port forwarding is beneficial when you want to proxy web traffic through a secure connection. In cases where you work using unsecure networks like a public cafe WiFi, dynamic port forwarding will be helpful.
- To access remote databases: Local port forwarding is helpful to securely access a database that runs on a remote server. The advantage of this is you need not expose the database port directly to the internet.
Wrapping Up
SSH port forwarding is a useful tool to send data between remote machines in a secure manner. The main advantages include access to services behind firewalls, fortify unencrypted traffic, and bypass network restrictions and firewalls. These capabilities make it a powerful tool in the hands of SREs, SysAdmins, and developers to handle network data securely. We hope you understood the three types of SSH port forwarding to secure and optimize your network data.
Related Link
How to set up SSH dynamic port forwarding on Linux | Enable Sysadmin (redhat.com)