Ssh tunneling allows to route traffic via ssh tunnel. For example, in the following topology I would like to to access 172.217.171.228 on port 80 via 101.1.1.1. But on local port on 192.168.0.10 I would like to go to port 5050.
In that case my command that I”ll issue on 192.168.0.10 will be:
ssh -L 5050:172.217.171.228:80 [email protected]
This command will open ssh to 101.1.1.1 from 192.168.0.10, and will hold local port 5050 on the Client open. Every connection that is made to localhost:5050 on the Client will be forwarded to the SSH session and from the “SSH tunnel intermediate” will open session to 172.217.171.228:80
There also another option for ssh tunnel, where the Server connects to client, and then on the client machine user can open connection to some local port and the session ends up in the server.
The following command will make this happen:
ssh -R 5050:localhost:80 [email protected]
In that case the Server will open ssh session to the Client. Every connection made on the client to port localhost:5050 will be forwarded to 172.217.171.228
With the same topology described above, I want to access any server from any port. In that case, the command will be used:
ssh -D 5050 [email protected]
This will act as a SOCKS server. Meaning, after ssh established to 101.1.1.1 from 192.168.0.10, every connection that is made to localhost:5050 will be forwarded to outside world with random port from 101.1.1.1. This is useful if some proxy is used to firewall your connections to the internet. The initiator of the connection needs to work with SOCKS4 or SOCKS5 protocol. Firefox can be this initiator.
To configure SOCKS in firefox, in address on top write and go to about:preferences. Search for proxy in search field. Click on settings and write localhost in address and port number 5050 under “SOCKs host”
Obviously the ssh server needs to support ssh tunneling. My ubuntu did not support this by default. To enable this in the file /etc/ssh/sshd_config this configuration should be applyed:
AllowTcpForwarding yes
GatewayPorts yesAfter this configuration changed, ssh service should be restarted
service ssh restart