Home / Articles

SSH tunneling

Written at 2017-02-18T13:08:00Z.

SSH client can be configured to act as a proxy to route traffic to another computer over SSH (SSH tunneling).

This article describes setting up SSH tunnel using OpenSSH and PuTTY.

Using PuTTY

PuTTY is a SSH client for Windows.

Once installed, launch PuTTY. In Session category, enter the hostname and port of the SSH server which will be connected to. Choose SSH for the connection type. For example, enter joe@example.com in Host Name and 22 in Port to connect to remote SSH server at example.com on port 22 as user joe.

PuTTY (main configuration).

Click Connection category, then click SSH category. The established SSH connection will not be used for interactive shell, so check "Don't start a shell or command at all" option.

PuTTY (SSH configuration).

Expand SSH category, click Tunnels category. Enter the port number which the proxy will be listening on. Check "Dynamic" for port forwarding. Click Add button to add a new forwarded port. For example, enter 8000 in Source Port, then the proxy will listen on port 8000 and forward traffic from that port to remote computer.

PuTTY (tunnels configuration).

Click Open button to open a new SSH connection.

Using OpenSSH

If you are using Windows and have Git installed, OpenSSH is installed by default and ready for use.

OpenSSH installed with Git for Windows.

Open Git Bash and run the following command to establish a new SSH connection:


ssh \
-N \
-D $LOCAL_SOCKS_PORT \
$USER@$HOST

The -N switch indicates not to execute remote command. The -D switch configures the proxy port.

Replace $LOCAL_SOCKS_PORT with the port number which the proxy will be listening on. Replace $USER with the username which will be used for login remote computer. Replace $HOST with the hostname or IP address of remote SSH server.

Configure application to use the proxy

Take Mozilla Firefox as an example. Open Connection Settings, check "Manual proxy configuration". Enter 127.0.0.1 in SOCKS Host and the port number of the proxy in Port. Check "SOCKS v5".

Mozilla Firefox connection settings page.

Now the proxy should route traffic from Firefox to remote computer over SSH. By visiting sites which tell you about your IP address, such as WhatIsMyIPAddress.com, the site should report the IP address of the connected remote computer, instead of the IP address of your own computer.

References