The ssh system has a lot of magic to offer: ssh-key authentication, ssh-agent, and one of the lesser-known tricks — port forwarding. With ssh, port forwarding creates encrypted tunnels between local computers and remote machines such that various services can be relayed. With this connection, you can then send useful information (that would normally be unencrypted) through an encrypted connection.

Port forwarding can also be used to gain access to a server that wouldn’t normally be accessible. This makes it possible to reach a remote machine with a bit more security, or to grant a temporary, encrypted tunnel to your machine from another. One added bonus of using port forwarding is, thanks to the encryption of the tunnels, you can bypass sniffers or even badly configured routers.

Types of port forwarding

There are three types of SSH port forwarding:

  • Local port forwarding – connections from an SSH client are forwarded, via the SSH server, to a destination server.
  • Remote port forwarding – connections from an SSH server are forwarded, via the SSH client, to a destination server
  • Dynamic port forwarding – connections from various programs are forwarded, via the SSH client to an SSH server, and finally to several destination servers.

I want to show you how to use the first two types of port forwarding. I will assume you have the necessary SSH tools installed on both local and remote machine and that you have access (via ssh) to the third party machine in question.

Local port forwarding

I’m going to make this very easy to understand. Let’s say, for instance, you want to reach the Slashdot website, but you want to do so over an encrypted connection (for whatever reason). You can do that using SSH port forwarding. This is made possible, thanks to local port forwarding. What this will do is create an SSH tunnel from your client to the slashdot.org website, such that you can point your browser to http://localhost:8080 and have it redirected to the destination.

Open up a terminal window on your client and issue the command:

ssh -L 8080:www.slashdot.org:80 localhost

You will be prompted to enter your user password for the client machine. Essentially, you are connecting, via SSH, back to your client machine, but creating the necessary SSH tunnel to the destination. After you’ve successfully authenticated against your local account, open up a browser and point it to http://localhost:8080. Your browser should automatically redirect you to Slashdot.

When you’re done with the connection, make sure to type the command exit back in your client terminal window. This will shut down the tunnel and you can no longer reach the destination via the http://localhost:8080 address.

That’s basic local port forwarding in action–using a local SSH connection to create an encrypted tunnel to a remote machine.

Remote port forwarding

This type of port forwarding works in reverse. Say you need to give someone VNC access to your client machine and you want to do so over an encrypted tunnel; with SSH remote port forwarding this is possible.

Before you do this, however, you need to add an option to the /etc/ssh/sshd_config file. Open that file in your editor of choice and add the following line at the bottom:

GatewayPorts yes

Restart the SSH daemon with the command:

sudo systemctl restart sshd

To make this connection happen, you would need to have ssh access to the third-party’s machine. Let’s assume that machine is at IP address 192.168.1.192. To give them an encrypted tunnel for VNC access, you would issue the command:

ssh -R 5900:localhost:5900 USERNAME@192.168.1.192

Where USERNAME is a username you have access to on their machine. You must then authenticate with the USERNAME password on the remote machine. For the duration of the SSH session, the third party would have an encrypted VNC tunnel to your machine, via localhost at port 5900.

And that’s the basics to using local and remote port forwarding with SSH. We’re only scratching the surface as to what port forwarding can do, but this gives you an idea. Port forwarding is an incredibly handy feature that can get you out of some tricky situations. Remember to give the ssh manpage a read (man ssh) to find out more of what SSH can do for you.

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday