SSH tunneling (SSH tunnel)

botond published March 2019, 01, Thu - 03:12 time

SSH tunneling is one tunneling technology that SSH protocol to establish a secure channel between two machines. Users can create SSH tunnels to send encrypted traffic over otherwise unencrypted channels. For example, SSH tunneling allows Windows-based machines to share files encrypted using the Server Message Block (SMB) protocol, which is not an encrypted protocol. For example, if we remotely mount a Microsoft Windows SMB file system over the Internet, its data traffic can be intercepted, so that the files sent and received are accessible to anyone listening to the channel. If, on the other hand, the file system is attached via an SSH tunnel, the connection is secure. Or, for example, if a FTP connection, then it will be secure, even though the FTP protocol itself is not encrypted.

Another important role of SSH tunnels, in addition to establishing encrypted channels, is the forwarding of ports, such as traffic. When the SSH connection is established, the tunnel listens to the ports of the machines at both ends (local machine, remote machine). Connections associated with this are forwarded to the address and port specified by the opposing server. In practice, this can be used, for example, to make your home or work machine accessible from anywhere on the Internet behind a router or firewall, or from a NAT network member. Another use example is when certain websites are not accessible from a network (for example, they are blocked in a corporate network) but it is possible to connect to an external server via SSH, using the SSH tunnel between the local machine and the external server. blocked websites, computers, etc. from the network become accessible.

The SSH tunnel essentially provides a private channel between two independent networks. VPNs also work on this principle.