SSH Tunneling: Practical Examples and Key Features

SSH tunnels are used to establish secure channels between a local machine and a remote server. They enable tasks such as file transfer and editing, running applications, and creating backups.

How Tunnels Work

SSH, or Secure Shell, is a secure network protocol for remote management. It encrypts traffic and is compatible with all major operating systems. SSH tunneling establishes a secure connection to a remote machine, involving port forwarding via SSH rather than protocol encapsulation. This technology involves transmitting TCP packets and translating IP headers, adhering to specific rules.

Creating a Tunnel

To identify the user, two SSH keys are needed: a private key stored on the local machine and a public key stored on the server. The process of establishing a secure connection varies by operating system.

Linux and macOS

Open a terminal and run:

ssh-keygen -t rsa

This command initiates a dialogue in the terminal:

Enter file in which to save the key (/home/user/.ssh/id_rsa):

By default, the private key is saved in the .ssh folder in the id_rsa file. You can specify a different path and filename if desired.

The system will prompt you to create a passphrase for additional key protection. This enhances security by preventing unauthorized use of the key if multiple users share the same machine. If a passphrase is not needed, leave the field empty and press Enter:

Enter passphrase (empty for no passphrase):

After successfully creating the key pair, you’ll see a message with the paths the keys have been saved to.

Copy the public key to the remote machine. You can either open the /home/user/.ssh/id_rsa.pub file with a text editor or display its contents in the terminal:

cat ~/.ssh/id_rsa.pub

Copy the key and add it to the server, ensuring there are no spaces or line breaks. Alternatively, use the command:

ssh-copy-id user@remoteserver

Replace user with your username and remoteserver with the host or IP address of the remote machine.

To connect via SSH, use:

ssh root@remoteserver

Replace remoteserver with the server's public IP address. If no passphrase was set, no further input is required. The system will verify the keys and establish a secure connection. The first connection will prompt you to trust the host:

Are you sure you want to continue connecting (yes/no)? yes

For enhanced security, avoid using a superuser account. Limit the connection between local and remote machines by specifying the -N parameter:

ssh -N -L -g 3389:192.168.0.105:3389 [email protected]

This prevents accidental command execution on the remote machine intended for the local computer.

Windows

On Windows, generate key pairs using PowerShell or PuTTygen (included with PuTTY).

Using PowerShell

Open the terminal and run:

ssh-keygen -t rsa

Protect the private key with a passphrase or leave the field empty and press Enter:

Enter passphrase (empty for no passphrase):

By default, the public key is saved in ~/.ssh/id_rsa.pub, and the private key in the same folder. Open the public key file with a text editor or use:

cat ~/.ssh/id_rsa.pub

Copy the public key and add it to the remote server.

Connect to the server:

ssh root@remoteserver

Replace remoteserver with the server's public IP address. If no passphrase was set, no further input is needed. Trust the host upon first connection:

Are you sure you want to continue connecting (yes/no)? yes

Using PuTTYgen

1. Click the Generate button and move the cursor until the progress bar fills.

2. Save the public and private keys.

3. Open the public key file, copy its contents, and add it to the remote server.

4. To connect using PuTTY, enter the host name or IP address in the Host Name field and click Open. Configure the SSH tunnel under Connection → SSH → Tunnels.

Using SSH Proxy

SSH Proxy allows access to a home or corporate system. Applications must support SOCKS-proxy. To tunnel through a proxy:

ssh -D 8888 user@remoteserver

This command starts a SOCKS proxy on port 8888 on localhost, but can be adjusted to listen on Ethernet and Wi-Fi, allowing applications to connect through Secure Shell.

For example, to launch Google Chrome with a SOCKS proxy:

google-chrome --proxy-server="socks5://192.168.1.10:8888"

Dynamic SSH Tunnels

A dynamic SSH tunnel opens a local TCP socket and uses it as a SOCKS4/SOCKS5 proxy, meeting all security requirements. To establish a dynamic tunnel:

ssh -D 1080 [email protected]

This sets up a SOCKS proxy on port 1080. No external ports are opened; all traffic is encrypted.

For Windows, configure the dynamic SSH tunnel in PuTTY under Connection → SSH → Tunnels.

SSH Tunnel Usage Examples

Port Forwarding

Port forwarding is common with SSH tunnels. Open a port on the local machine and connect it to a remote server port:

ssh -L 9999:127.0.0.1:80 user@remoteserver

This listens on port 9999 and forwards it to port 80.

Reverse SSH Tunnel

For reverse tunneling, connect a listening port to another local machine port:

ssh -v -R 0.0.0.0:1999:127.0.0.1:902 user@remoteserver

This connects from the remote server to port 1999, then to port 902 on the local machine.

Remote Command Execution

Execute commands on a remote machine via SSH:

ssh remoteserver "cat /var/log/nginx/access.log" | grep badstuff.php

This downloads a log and runs a grep command on the remote server.

Rsync via SSH

For regular backups, use rsync:

rsync -az /home/testuser/data proglibserver:backup/

Rsync compares differences and saves time by not copying unchanged files.

Running Applications

Launch GUI applications on a remote server through SSH:

ssh -X remoteserver vmware

The application runs on the remote server, but its interface is available locally.

Host Hopping

For segmented networks requiring multiple hops, use the -J parameter:

ssh -J host1,host2,host3 [email protected]

This establishes encrypted connections through each host.

Mounting Local Folder on Remote Machine

Use sshfs to mount a local directory to a remote server:

sshfs user@proglibserver:/media/data ~/data/

This is useful for file sharing and other operations.

Conclusion

SSH tunneling is a powerful tool for securely managing connections between local and remote systems. By using SSH tunnels, you can ensure encrypted data transfer, safely access remote resources, and perform various network tasks with enhanced security. Whether you're forwarding ports, setting up proxies, executing remote commands, or performing regular backups, SSH tunneling offers a versatile solution across different operating systems, including Linux, macOS, and Windows. 

With practice, the basic operations will become second nature, and for more complex scenarios, this guide provides a solid foundation to build upon. Secure your connections, streamline your workflows, and leverage the full potential of SSH tunneling to meet your network management needs.