Imagine you are connected to public wireless network and want to check some admin panel that does not support HTTPS. Then you are in trouble and you need some simple trick to do the job. In this case you can create SSH tunnel to remote host and traffic to this host will be encrypted and there is nothing to worry about. Your real connection goes over SSH tunnel and its purpose is to allow traffic to pass securely through that tunnel to a remote host.

SSH tunneling is very handy in following situations:

  • Accessing sensitive web resources via encrypted channel;
  • Bypassing ISP/Corporate network restrictions. For example you can bypass some ports or hosts.

But first you need to check one setting in your SSH server configuration and if it is missing you have to add it. We are talking about PermitTunnel yes in file SSH daemon configuration file /etc/ssh/sshd_config.

Open sshd_config and add

PermitTunnel yes

then restart ssh daemon

sudo service ssh restart

If this option is present in your configuration file there is nothing to do. Just ignore above section.

Here are the steps to perform to achieve task:

  1. Open PuTTY.
  2. Navigate to Connection -> SSH -> Tunnels.
  3. In field Source port enter port to which to connect your program (in my test scenario it will be a browser).
  4. In field Destination enter destination host and port where you want to connect.
  5. Click Add button.

secure communication with putty

ssh putty tunneling

Then you need to return to main PuTTY window and to enter host to which you want to connect and actually to connect to it.

ssh secure tunneling

Next step is to login to that Linux host with your user name and password.

ssh secure communication

When you login you just open your browser and point to localhost:8080 and then you will see output from where it points - in our scenario to remote host Apache web server.

putty tunneling ssh

Basically what happens is that we connect to localhost and port which we specify in field Source port. Then connection goes from our computer to remote host which we connected and all traffic is encrypted (so nothing to worry about). Then SSH daemon redirects traffic to destination which we specify in corresponding field. This could be very useful to do VNC connections over SSH which I will write very soon.