Your browser does not allow storing cookies. We recommend enabling them.

SSH Tectia

Remote Tunnels

A remote (incoming) tunnel forwards traffic coming to a remote port to a specified local port.

With sshg3 on the command line, the syntax of the remote tunneling command is the following:

client$ sshg3 -R [protocol/][listen-address:]listen-port:dst-host:dst-port server

Setting up remote tunneling allocates a listener port on the remote server. Whenever a connection is made to this listener, the connection is tunneled over Secure Shell to the local client and another connection is made from the client to a specified destination host and port. The connection from the client onwards will not be secure, it is a normal TCP connection.

Figure 8.4 shows the different hosts and ports involved in remote port forwarding.

Remote tunneling terminology

Figure 8.4. Remote tunneling terminology

For example, if you issue the following command, all traffic which comes to port 1234 on the server will be forwarded to port 23 on the client. See Figure 8.5.

sshclient$ sshg3 -R 1234:localhost:23 username@sshserver

The forwarding address in the command is resolved at the (local) end point of the tunnel. In this case localhost refers to the client host.

Remote tunnel

Figure 8.5. Remote tunnel

Tunnels can also be defined for connection profiles in the Connection Broker configuration file. The defined tunnels are opened automatically when a connection with the profile is made.

The following is an example from a ssh-broker-config.xml file:

<profile id="id1" host="sshserver.example.com">
 ...
   <tunnels>
      <remote-tunnel type="tcp"
                     listen-port="1234"
                     dst-host="localhost"
                     dst-port="23" />
   ...              
   </tunnels>  
</profile>

When using SSH Tectia Client with the Windows GUI, the tunneling settings can be made under Profile Settings → Tunneling. See Defining Tunneling (SSH Tectia Client).


 

 
Highlights from the SSH.COM blog:

  • Cryptomining with the SSH protocol: what big enterprises need to know about it

    Cryptomining malware is primarily thought of as targeting desktops and laptops and is used to hijack system resources to mine cryptocurrency.
    Read more
  • SLAM the door shut on traditional privileged access management

    Did you know that something as trivial-sounding as granting access for your developers or third parties to a product development environment can throw a gorilla-sized monkey wrench into your operations and productivity?
    Read more
  • We broke the IT security perimeter

    Everyone understands the concept of a security perimeter. You only gain access if you are identified and authorized to do so.
    Read more