Introduction To SSH Tunneling

Introduction To SSH Tunneling

Did you know that you can actually bypass firewalls with SSH Tunneling? Today, I am going to give you a smooth introduction to SSH Tunnelling and we shall later see its other use cases and client applications out there.


SSH is basically a client-server based protocol for making server requests.

SSH Tunnelling

SSH tunnelling, or SSH port forwarding, is a method of transporting arbitrary data over an encrypted SSH connection. SSH tunnels allow connections made to a local port (that is, to a port

Secure Shell, or SSH, is used to create a secure channel between a local and remote computer.


SSH uses port 22 by default to enable data encryption of payloads being transmitted over a public network (such as the Internet) connection, thereby providing VPN functionality.

IPsec has an end-to-end Transport Mode, but can also operate in a tunnelling mode through a trusted security gateway.

SSH Vs SSH Tunnelling

The SSH connection is used by the application to connect to the application server. With tunnelling enabled, the application contacts a port on the local host that the SSH client listens on.


The SSH client then forwards the application over its encrypted tunnel to the server.


The main difference between both technologies is that the SSH connects to a particular computer while a VPN connects to a network. Each of them provides an additional layer of security when browsing online.

Another key difference between VPN and SSH tunnelling is that VPN runs on the transport layer while SSH runs on the application layer of a network.


SSH tunnels provide a means to bypass firewalls that prohibit certain Internet services so long as a site allows outgoing connections.

For example, an organization may prohibit a user from accessing Internet web pages (port 80) directly without passing through the organization's proxy filter (which provides the organization with a means of monitoring and controlling what the user sees through the web). But users may not wish to have their web traffic monitored or blocked by the organization's proxy filter.


If users can connect to an external SSH server, they can create an SSH tunnel to forward a given port on their local machine to port 80 on a remote web server. To access the remote web server, users would point their browser to the local port at localhost

SSH Clients for Windows

Apart from Linux distros that come with SSH by default, I believe Windows 10 has a built-in SSH client that you can use in Windows Terminal which is an optional setting that you can actually toggle.

What if you wanted something else than the native SSH?

OpenSSH (also known as OpenBSD Secure Shell) is a suite of secure networking utilities based on the Secure Shell (SSH) protocol, which provides a secure channel over an unsecured network in a client-server architecture.

It is probably the SSH client used the most on Windows. Its a portable free tool that supports not only SSH but Telnet, Xterm as well.

Bitviseoffers both SSH Server and SSH Client for Windows Servers and workstations. The SSH Client is free with a graphical interface as well as command-line

Unlike PuTTy or Bitvise, SmarTTY is a free multi-tabbed SSH client that also supports copying files and directories with SCP on-the-fly and editing files in place.

It is a free and open-source remote shell client. It is commonly used on Windows. KiTTY is actually a fork of PuTTY and it has an impressive collection of one of the most requested features that are missing from PuTTY.

Get it from FossHub

For installation and usage, there are many resources out there that can guide you on to use each one of them.

SSH Keys

Just like how web 3.0 wallets work, SSH keys also come in pairs, and every pair is made up of a private key and a public key.

The private key is secret, known only to the user, and should be encrypted and stored safely. The public key can be shared freely with any SSH server to which the user wishes to connect.


The server uses the public key to encrypt a message and send it to the client. If the client has the correct private key, they can decrypt the message


SSH tunnelling is mostly used in scenarios when you need to connect to a remote computer behind the firewall.

碌ocal TCP forwarding is a local port forwarding to a remote server.
祺emote TCP forwarding is a remote port forwarding to a local computer.
睥ouble SSH tunnel connects computers without any dedicated public IP addresses behind a NAT.
禁ransfer unencrypted traffic over a network through an encrypted channel.
稠ou can create a basic VPN.

Personally, the main use-case I use SSH is secure FTP over a remote server.

Windows Native SSH

If you are using Windows 10 and have enabled Windows Subsystem Bash and are running Ubuntu distro natively on your computer, you have the ability to SSH in without other tools by using OpenSSH

You can alternatively enable SSH if not enabled and can be started by typing ssh in the terminal.


I will be writing a Python implementation on how to connect to Mongo DB using
sshtunnel which is purely written in Python.

That's it for today!


Once again, hope you learned something today from my little closet.

Please consider subscribing or following me for related content, especially about Tech, Python & General Programming.

You can show extra love by buying me a coffee to support this free content and I am also open to partnerships, technical writing roles, collaborations and Python-related training or roles.

Buy Ronnie A Coffee You can also follow me on Twitter : Waiting for you!