Did you know that you can actually bypass firewalls with SSH Tunneling? Today, I am going to give you a smooth introduction to SSH Tunnelling and we shall later see its other use cases and client applications out there.
SSH is basically a client-server based protocol for making server requests.
🔹 SSH Tunnelling
SSH tunnelling, or SSH port forwarding, is a method of transporting arbitrary data over an encrypted SSH connection. SSH tunnels allow connections made to a local port (that is, to a port
Secure Shell, or SSH, is used to create a secure channel between a local and remote computer.
SSH uses port 22 by default to enable data encryption of payloads being transmitted over a public network (such as the Internet) connection, thereby providing VPN functionality.
IPsec has an end-to-end Transport Mode, but can also operate in a tunnelling mode through a trusted security gateway.
🔹 SSH Vs SSH Tunnelling
The SSH connection is used by the application to connect to the application server. With tunnelling enabled, the application contacts a port on the local host that the SSH client listens on.
The SSH client then forwards the application over its encrypted tunnel to the server.
🔹 SSH Vs VPN
The main difference between both technologies is that the SSH connects to a particular computer while a VPN connects to a network. Each of them provides an additional layer of security when browsing online.
Another key difference between VPN and SSH tunnelling is that VPN runs on the transport layer while SSH runs on the application layer of a network.
SSH tunnels provide a means to bypass firewalls that prohibit certain Internet services – so long as a site allows outgoing connections.
For example, an organization may prohibit a user from accessing Internet web pages (port 80) directly without passing through the organization's proxy filter (which provides the organization with a means of monitoring and controlling what the user sees through the web). But users may not wish to have their web traffic monitored or blocked by the organization's proxy filter.
If users can connect to an external SSH server, they can create an SSH tunnel to forward a given port on their local machine to port 80 on a remote web server. To access the remote web server, users would point their browser to the local port at localhost
🔹 SSH Clients for Windows
Apart from Linux distros that come with SSH by default, I believe Windows 10 has a built-in SSH client that you can use in Windows Terminal which is an optional setting that you can actually toggle.
What if you wanted something else than the native SSH?
🔸 OpenSSH
OpenSSH (also known as OpenBSD Secure Shell) is a suite of secure networking utilities based on the Secure Shell (SSH) protocol, which provides a secure channel over an unsecured network in a client-server architecture.
🔸 PuTTy
It is probably the SSH client used the most on Windows. It’s a portable free tool that supports not only SSH but Telnet, Xterm as well.
🔸 Bitvise
Bitviseoffers both SSH Server and SSH Client for Windows Servers and workstations. The SSH Client is free with a graphical interface as well as command-line
🔸 SmarTTY
Unlike PuTTy or Bitvise, SmarTTY is a free multi-tabbed SSH client that also supports copying files and directories with SCP on-the-fly and editing files in place.
🔸 KiTTY
It is a free and open-source remote shell client. It is commonly used on Windows.
KiTTY is actually a fork of PuTTY and it has an impressive collection of one of the most requested features that are missing from PuTTY.
Get it from FossHub
For installation and usage, there are many resources out there that can guide you on to use each one of them.
🔹 SSH Keys
Just like how web 3.0 wallets work, SSH keys also come in pairs, and every pair is made up of a private key and a public key.
The private key is secret, known only to the user, and should be encrypted and stored safely. The public key can be shared freely with any SSH server to which the user wishes to connect.
The server uses the public key to encrypt a message and send it to the client. If the client has the correct private key, they can decrypt the message
🔹 Use-Cases
SSH tunnelling is mostly used in scenarios when you need to connect to a remote computer behind the firewall.
🔸Local TCP forwarding is a local port forwarding to a remote server.
🔸Remote TCP forwarding is a remote port forwarding to a local computer.
🔸Double SSH tunnel connects computers without any dedicated public IP addresses behind a NAT.
🔸Transfer unencrypted traffic over a network through an encrypted channel.
🔸You can create a basic VPN.
Personally, the main use-case I use SSH is secure FTP over a remote server.
🔹 Windows Native SSH
If you are using Windows 10 and have enabled Windows Subsystem Bash and are running Ubuntu distro natively on your computer, you have the ability to SSH in without other tools by using OpenSSH
You can alternatively enable SSH if not enabled and can be started by typing ssh in the terminal.
I will be writing a Python implementation on how to connect to Mongo DB usingsshtunnel which is purely written in Python.
That's it for today!
🔹 Conclusion
Once again, hope you learned something today from my little closet.
Please consider subscribing or following me for related content, especially about Tech, Python & General Programming.
You can show extra love by buying me a coffee to support this free content and I am also open to partnerships, technical writing roles, collaborations and Python-related training or roles.
📢 You can also follow me on Twitter : ♥ ♥ Waiting for you! 🙂