Scribd
Upload
77 views

SSH Port Forwarding Example PDF

SSH supports two types of port forwarding: local forwarding and remote forwarding. Local forwarding redirects selected application traffic from unsecured TCP connections to secure SSH tunnels by having the SSH client listen on selected ports and grab all traffic on those ports to send through the tunnel. Remote forwarding uses the SSH client to act on behalf of the server by receiving traffic, placing it on the correct port, and sending it to the chosen destination to allow access from restricted networks.

Uploaded by

F Jarman
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
77 views

SSH Port Forwarding Example PDF

SSH supports two types of port forwarding: local forwarding and remote forwarding. Local forwarding redirects selected application traffic from unsecured TCP connections to secure SSH tunnels by having the SSH client listen on selected ports and grab all traffic on those ports to send through the tunnel. Remote forwarding uses the SSH client to act on behalf of the server by receiving traffic, placing it on the correct port, and sending it to the chosen destination to allow access from restricted networks.

Uploaded by

F Jarman
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

SSH supports two types of port forwarding: local forwarding and remote forwarding:

Local forwarding allows the client to set up a “hijacker” process. This will intercept selected application-
level traffic and redirect it from an unsecured TCP connection to a secure SSH tunnel. SSH is configured
to listen on selected ports.

SSH grabs all traffic using a selected port and sends it through an SSH tunnel. On the other end, the SSH
server sends the incoming traffic to the destination port dictated by the client application.

The following example should help clarify local forwarding. Suppose you have an e-mail client on your
desktop and use it to get e-mail from your mail server via the Post Office Protocol (POP).The assigned
port number for POP3 is port 110.

We can secure this traffic in the following way:


1. The SSH client sets up a connection to the remote server.
2. Select an unused local port number, say 9999, and configure SSH to accept traffic from this port
destined for port 110 on the server.
3. The SSH client informs the SSH server to create a connection to the destination, in this case
mailserver port 110.
4. The client takes any bits sent to local port 9999 and sends them to the server inside the encrypted SSH
session.The SSH server decrypts the incoming bits and sends the plaintext to port 110.
5. In the other direction, the SSH server takes any bits received on port 110 and sends them inside the
SSH session back to the client, who decrypts and sends them to the process connected to port 9999.

With remote forwarding, the user’s SSH client acts on the server’s behalf.

The client receives traffic with a given destination port number, places the traffic on the correct port and
sends it to the destination the user chooses. A typical example of remote forwarding is the following.

You wish to access a server at work from your home computer. Because the work server is behind a
firewall, it will not accept an SSH request from your home computer. However, from work you can set up
an SSH tunnel using remote forwarding.

This involves the following steps.


1. From the work computer, set up an SSH connection to your home computer. The firewall will allow this,
because it is a protected outgoing connection.
2. Configure the SSH server to listen on a local port, say 22, and to deliver data across the SSH
connection addressed to remote port, say 2222.
3. You can now go to your home computer, and configure SSH to accept traffic on port 2222.
4. You now have an SSH tunnel that can be used for remote logon to the work server.

You might also like