SSH tunneling

Ssh tunneling allows to route traffic via ssh tunnel. For example, in the following topology I would like to to access on port 80 via But on local port on I would like to go to port 5050.

In that case my command that I”ll issue on will be:

ssh -L 5050: [email protected]

This command will open ssh to from, and will hold local port 5050 on the Client open. Every connection that is made to localhost:5050 on the Client will be forwarded to the SSH session and from the “SSH tunnel intermediate” will open session to

There also another option for ssh tunnel, where the Server connects to client, and then on the client machine user can open connection to some local port and the session ends up in the server.

The following command will make this happen:

ssh -R 5050:localhost:80 [email protected]

In that case the Server will open ssh session to the Client. Every connection made on the client to port localhost:5050 will be forwarded to

With the same topology described above, I want to access any server from any port. In that case, the command will be used:

ssh -D 5050 [email protected]

This will act as a SOCKS server. Meaning, after ssh established to from, every connection that is made to localhost:5050 will be forwarded to outside world with random port from This is useful if some proxy is used to firewall your connections to the internet. The initiator of the connection needs to work with SOCKS4 or SOCKS5 protocol. Firefox can be this initiator.

To configure SOCKS in firefox, in address on top write and go to about:preferences. Search for proxy in search field. Click on settings and write localhost in address and port number 5050 under “SOCKs host”

Obviously the ssh server needs to support ssh tunneling. My ubuntu did not support this by default. To enable this in the file /etc/ssh/sshd_config this configuration should be applyed:

AllowTcpForwarding yes
GatewayPorts yes

After this configuration changed, ssh service should be restarted

service ssh restart