This articles is published 369 days ago and last updated 369 days ago, some information may be out of date.

SSH Tunneling



SSH tunneling is a method of transporting arbitrary networking data over an encrypted SSH connection. It can be used for secure communications or to bypass firewalls.

Mode of Port Forwarding

  • Local Port Forwarding
  • Remote Port Forwarding
  • Dynamic Port Forwarding

SSH Useful Arguments

-NThis option tells SSH not to execute a remote command after establishing the connection. Instead, it just sets up the connection and then waits for further instructions. This can be useful for setting up port forwarding or other types of connections where no remote command needs to be executed.
-fThis option runs the SSH client in the background after authentication. This allows the user to continue using the terminal while the SSH session is running in the background. This can be useful for long-running sessions or when multiple sessions need to be established simultaneously.

Sample Scenarios

Note: All diagrams from Ivan Velichko
  1. Local Port Forwarding:

    This is the most common type of SSH tunneling, forwarding a local port to a remote one.

ssh -L local_port:remote_host:remote_port user@ssh_server


ssh -N -L 8443: [email protected]
-LLocal port forwarding configuration
8443: connections to port 8443 on the local machine to port 8006 on the remote machine
[email protected]Username and hostname of the remote server
Note:, which means listening on all available network interfaces.


The service running on port 8443 can be accessed from the server area server by localhost.



ssh -N -L 5201:localhost:5201 user@ssh_server


A port `5201' test was successfully conducted on localhost after binding the port.

  1. Remote Port Forwarding:

    This allows you to forward a remote port to a local one.

For security reasons, Remote Port Forwarding is only bound to the localhost of the SSH Server by default. To enable external connections, the configuration file of the SSH Server needs to be amended
sudo sh -c 'echo "GatewayPorts yes" >> /etc/ssh/sshd_config.d/GatewayPorts.conf'
sudo service sshd restart

Restart the SSH daemon for the modifications to take effect.


ssh -N -R remote_port:local_host:local_port user@ssh_server
ssh -N -R 8080:localhost:8000 [email protected]
-RRemote port forwarding configuration
8080:localhost:8000Forward connections to port 8080 on the remote server to port 8000 on the local machine, binding to localhost
[email protected]Hostname or IP address of the remote server


A simple HTTP server has been set up on localhost with port 8000.


The remote client (10.2.2.x) can access the HTTP server running on port 8080.


ssh -N -R 8443: user@ssh_server
-RRemote port forwarding configuration
8443: connections to port 8443 on the remote server to port 443 on the machine with IP address
user@ssh_serverUsername and hostname of the SSH server


The SSH server is forwarding traffic from port 443 on the local area PC with IP address to port 8443 on the SSH server.


The service on port 8443 can be accessed from the server area PC.

  1. Dynamic Port Forwarding:

    This can be used to create a SOCKS proxy which can be used with applications configured to use SOCKS.

ssh -D local_port user@ssh_server
ssh -N -D 8244 user@ssh_server
-DLocal SOCKS proxy port configuration
8244Local SOCKS proxy port to use
user@ssh_serverUsername and hostname of the SSH server

i. The method of routing browser traffic through a SOCKS5 proxy using a plug-in(SwitchyOmega).



ii. The method of Linux terminal traffic through socks5 proxy

export http_proxy=socks5:// 
export https_proxy=socks5://

This tells applications that use the HTTP(s) protocol to use the specified SOCKS5 proxy server for their connections.

export ALL_PROXY=socks5://

This tells all applications to use the specified SOCKS5 proxy server for their connections, regardless of the protocol.


SSH tunneling provides a powerful and flexible way to securely transfer data over an unsecured network. By using SSH tunneling, we can access remote resources securely and efficiently, without having to worry about eavesdropping or other security threats.


-A Visual Guide to SSH Tunnels: Local and Remote Port Forwarding
-SSH Tunnel 通道打造加密 Proxy,透過外部 Linux 伺服器上網
-SSH Tunneling (Port Forwarding) 詳解