SSH Tunnels

SSH Tunnels Explained

When you open an ssh session to a server you also have an option of forwarding TCP traffic from a local port to a port on the server. For example, if the server is running a web app, you might be able to access it insecurely via the web on port 80. By creating a tunnel which forward traffic from a local port (say 8080) to the remote port 80 you can access the web app over a secure ssh connection. This is also useful for servers which have services such as web apps or SMTP or whatever that are only available on its local network or from the server itself. An ssh tunnel can forward from any port on your PC to a port on the server.

Examples:

web001 is running a web server on port 8034. I want to browse this as if it were on my local PC at home. I don't have direct access to web001, but I do have ssh on fs001 which can see web001. I need two tunnels, one from fs001 to web001 and one from my PC to fs001.

First I configure PuTTY on my PC by loading my entry for fs001, browsing to Connection -> SSH -> Tunnels in the left pane, and entering 8034 as the source port and fs001:8034 as the destination. Click Add to add the tunnel, then go back to Session in the left pane and click Save. This forwards anything to local port 8034 to the same port on fs001. Note that these don't have to be the same.

On fs001:

ssh -L 8034:web001:8034 web001

This means forward local port 8034 (on fs001) to port 8034 on web001 and open an ssh session to web001. The tunnels are only available while the sessions are active.