What is SSH Tunnel?

on this occasion I will convey some information about What is SSH Tunnel? This page describes what an SSH tunnel (also called SSH port forwarding) is, how it can be used to log into internal corporate networks from the Internet, and how to prevent SSH tunnels in firewalls. SSH tunneling is a powerful tool, but it can also be abused. Controlling tunneling is critical when moving services to Amazon AWS

What is SSH Tunnel

SSH tunneling is a method of transporting arbitrary network data over an encrypted SSH connection. It can be used to add encryption to applications and implement VPNs (Virtual Private Networks) and access intranet services across firewalls.

In computer networking, tunneling protocols allow network users to access or provide network services that are not supported or provided by the underlying network. One important use of tunneling protocols is to allow a foreign protocol to run on a network that does not support a particular protocol; for example run IPv6 over IPv4.

Also read: How to Create a Free TLS/TLS Premium SSH Account

Tunneling protocols work by using the data portion of a packet (the payload) to carry the packet that actually provides the service. Tunneling uses a layered protocol model such as the OSI packet suite or TCP/IP, but typically violates layering when using payloads to carry services that the network does not normally provide. Typically, the delivery protocol operates at the same or higher level in the layered model than the payload protocol.


What is SSH Tunnel?

What is SSH Tunnel?

SSH is the standard for secure remote login and file transfer over untrusted networks. It also provides a way to secure the data traffic of any given application by using port forwarding, essentially routing all ports TCP/IP to SSH. This means that application data traffic is directed to flow inside an encrypted SSH connection so that it cannot be eavesdropped or intercepted while in transit. SSH tunnels allow adding network security to legacy applications that don’t natively support encryption.


Secure apps with ssh tunneling/port forwarding

A secure connection over an untrusted network is established between the SSH client and the SSH server. These SSH connections are encrypted, protecting confidentiality and integrity, and authenticating communicating parties.

Also read: How to Create a Free Premium VPN Account

The SSH connection is used by the application to connect to the application server. With tunneling enabled, the application contacts the port on the local host requested by the SSH client. The SSH client then forwards the application through an encrypted tunnel to the server. The server then connects to the actual application server – usually on the same machine or in the same data center as the SSH server. Application communication is thus guaranteed, without having to modify the application or end-user workflow.

Disadvantages of SSH Tunnel

The downside is that any user who can log in to the server can enable port forwarding. This is widely used by internal IT people to log into their home machines or servers in the cloud, forwarding ports from the server back to the corporate intranet to their work machines or servers as appropriate. Hackers and malware can also use it to leave a backdoor into the internal network. It can also be used to hide the attacker’s path by attacking through multiple devices allowing uncontrolled tunnels.

To see how to configure an SSH tunnel, see this example. Tunneling is often used in conjunction with SSH key and public key authentication to fully automate the process

SSH Tunnel Security

While tunnels can be useful, as evidenced by how Aspera uses them, it should be clear that they also pose security concerns. By providing a channel that can effectively bypass normal firewall protection, it is easy for unscrupulous users to re-install unmonitored channels. Another thing to note: while the example shown uses localhost, tunnels can also be bound to public interfaces, providing another avenue of abuse.

Also read: How to Create a Free Premium SSH Account

Concepts to be used in SSH Tunnel

Loopback interface – virtual network card installed in the system with IP address 127.0.0.1. Only applications installed on the system have access to these addresses. Remote access is not possible. You can start a VPS on that interface and only have remote access from the same system or through a tunnel.

  • SMTP – application layer protocol that allows you to send e-mail. It is used to communicate between the email server and the communication between the server and the email client. SMTP uses port 25 TCP for unencrypted communication and port 587 TCP or 465 TCP (deprecated – not recommended) for encrypted (SSL) connections.
  • POP3 Protocol in the application layer is used to download new e-mail from the server to the local mail client. It is rarely used today as it has been superseded by IMAP. For unencrypted connections use port 110 TCP, for encrypted connections – port 995 TCP.
  • IMAP – a protocol similar to POP3, but with support for folders, labels, reading and managing messages and folders on the server without downloading them all to a local PC and deleting them from the server. IMAP uses port 143 TCP for unencrypted connections and port 993 TCP for encrypted connections.