SSH Tunneling in Layman’s term


What exactly is SSH tunneling? What is the difference between the terms: SSH Tunneling and Port forwarding? What is the exact difference between different types of SSH tunneling methods?

Local port forwarding vs Reverse port forwarding vs Dynamic tunneling

What are the ideal scenarios where each type can be used?

Best Answer

  • In layman terms, Secure Shell or SSH is established between two computer programs :

    1. On the server side : A daemon (system service) that listens on a TCP/IP port and accepts connections. It receives encrypted packages of several types, which it executes.
    2. On the client side : A client which connects to the server and transfers commands.

    The connection between client and server uses encryption, so establishing in effect a secure channel over an insecure network. The term "Secure Shell" comes from the ability of the server to run a local shell on the server computer, allowing the client to execute commands and see their result. But SSH can also be used for many other purposes.

    Both server and client use a known protocol to communicate, which means a known format for their messages. However, SSH can also do tunneling, which means the transfer of messages-within-messages or protocol-within-protocol. The server in this case acts as a switch or agent, transferring messages back and forth between the client and its target, for example evading the local firewall :


    The messages from the inner protocol are in this way encrypted and encapsulated inside the SSH protocol.

    Below are detailed some, but by no means all, of the uses of SSH.

    Executing remote commands

    To run a command on a remote system without logging in, specify the command after the login information:

    $ ssh host command

    For example, to check remote disk space:

    $ ssh host df

    Another example for Linux is piping the microphone from one machine to the speakers of another:

    $ dd if=/dev/dsp | ssh -C user@host dd of=/dev/dsp

    Copying files with ssh

    For copying data and files over SSH, there are a few options.

    It's possible to copy with the command cat. If you're trying to copy the output of a process instead of a file, this is certainly a reasonable route :

    $ cat file | ssh -e none remote-host 'cat > file'

    If these are going to be large files, you may want to use the -C flag to enable compression.

    For copying files, the program scp works like cp, except it also accepts remote destinations :

    $ scp .bash_profile

    For an FTP-like interface for copying files, use the program sftp.

    Local port forwarding

    SSH allows secure port forwarding.

    For example, suppose you want to connect from client A to server B but route traffic securely through server C. This is useful for evading firewalls.

    From A, run:

    A$ ssh C -L localport:B:remoteport

    Then, to connect to B:remoteport, connect to localhost:localport.

    If you use add -g, then anyone that can reach A may connect to B:remoteport through A:localport.

    For example, suppose your work banned Run this:

    # ssh yourserver -L

    And, set the address of and to in /etc/hosts (you will also need to disable any local web server). Now, it will surreptitiously traffic to through your yourserver.

    If you do this frequently, you might want to add a special host:

    Host redditfw
    HostName yourserver
    LocalForward 80

    Remote port forwarding

    Alternatively, suppose you wanted to give remote machine B access to another machine, A, by passing securely through your local machine C.

    Then, on C, you can run:

    C$ ssh B -R remoteport:A:targetport

    At this point, local users on B can connect to A:targetport through localhost:remoteport.

    If you want to to allow nonlocal users to be able to connect A:targetport through localhost:remoteport, then set in the sshd_config file:

    GatewayPorts yes

    If you do this frequently, set up a special host in ~/.ssh/config:

    Host exportme
    HostName B
    RemoteForward remoteport A:targetport

    SSH as a filesystem: sshfs

    Using the FUSE project with sshfs, it's possible to mount a remote filesystem over SSH. On the Mac, use Fuse4x.

    Once it's installed, run:

    $ sshfs remote-host: local-mount-directory


  • Related Question