Prerequisites
Before starting the steps of this tutorial, the following steps will be required to complete.
A. Enable the SSH service on Ubuntu if it is not enabled before.
B. Generate the SSH Key pairs to execute the commands in the remote server. Run the following command to create the public key and the private key. The private key will be stored in the remote server, and the public keys will be stored in the client securely.
C. Run the following command to open the sshd_config file using nano editor to add some necessary configurations.
Add the following lines in the file to enable the root login and password-based authentication.
PermitRootLogin yes
D. Run the following command to restart the SSH service.
Local Port Forwarding
It is used to forward a port from the client machine to a port of the server machine, and next, that will be forwarded to the destination machine. The client machine listens on a given port and tunnels the connection from that port to the particular port of the server machine in this type of forwarding. Here, the destination machine can be any remote server or another machine. This forwarding is mainly used on the internal network such as VNC (Virtual Network Computing) server.
Remote Port Forwarding
The opposite of the local port forwarding is remote port forwarding. It is used to forward a port from the server machine to a port of the client machine, and next, that will be forwarded to the destination machine. The server machine listens on a given port and tunnels the connection from that port to the particular port of the client machine in this type of forwarding. Here, the destination machine can be any local machine or another machine.
Dynamic Port Forwarding
It is used to create a socket on the client machine that will work as a SOCKS proxy server, and when a client connects to the port, the connection will be forwarded to the server machine. Next, it will forward to the dynamic port of the destination machine. The applications using SOCKS proxy will connect to the server machine that will forward the traffics to the destination machine.
Examples of SSH tunneling or port forwarding
The SSH tunneling and port forwarding examples have been shown here using two local server accounts. You can follow the same process for the remote server. Here, the username of the server machine is ‘fahmida,’ and the username of the client machine is ‘Yasmin. Three types of SSH port forwarding have been shown here by three examples.
A. Access remote resources from the client machine
The resources of the remote machine can be accessed from the client machine by using local port forwarding. It will normally connect to the SSH server, but in this case, you have to use the -L option with ssh command by defining the local port, remote address, and remote port. The syntax of the local port forwarding is given below.
Suppose the local port number is 8080, the IP address of the remote server is 10.0.2.15, and the remote port number is 80. Run the following command to connect with the server machine by local port forwarding. Here, the hostname of the remote machine is ‘fahmida.com.bd.’
After connecting with the remote machine, the user of the client machine will be able to access any content from the remote machine that has been shown here. A text file named log.txt exists in the remote machine. Now, run the following command from the client machine to read the file’s content after login into the remote machine.
Run the following commands to log out from the remote machine.
The following similar output will appear after executing the above commands. The output shows the content of the text file from the remote machine and the next log out from the remote machine.
B. Access local resources from the server machine
The resources of the local machine can be accessed from the server machine by using remote port forwarding. It will normally connect to the SSH server, but in this case, you have to use the -R option with ssh command by defining the remote port, local address, and local port. The syntax of the remote port forwarding is given below.
Suppose the remote port number is 22, the hostname of the local server is localhost, and the local port number is 2345. Run the following command to connect with the server machine by remote port forwarding. Here, the hostname of the remote machine is ‘fahmida.com.bd.’
After connecting with the remote machine, the remote machine user will access any content from the remote machine shown here. A text file named products.txt exists in the home directory of the client machine. Now, run the following command after connecting with the remote machine to read the content of the local file.
Run the following commands to log out from the remote machine.
[cc lang="text" width="100%" height="100%" escaped="true" theme="blackboard" nowrap="0"]
$ exit
The following similar output will appear after executing the above commands. The output shows the content of the text file from the client machine and the next log out from the remote machine.
C. Using SSH server as a proxy server
Dynamic port forwarding is mainly used to access the particular application of the internal network by using a SOCKS proxy. The -D option is used with ssh command for dynamic port forwarding. The syntax of the dynamic port forwarding is given below.
Suppose the local port number is 5050. Run the following command to open a SOCKS proxy at the 5050 port. Now, the user can configure any browser or application to use the local IP address and the 5050 port for redirecting all traffic through the tunnel.
Conclusion
Three different ways of SSH port forwarding have been described in this tutorial for helping the readers to understand the concept of SSH tunneling or port forwarding.
