Your browser does not allow storing cookies. We recommend enabling them.

SSH Tectia

Defining Automatic Tunnels

On the Automatic Tunnels page, you can create listeners for local tunnels that are started automatically when the Connection Broker starts up. The actual tunnel is formed the first time a connection is made to the listener port. If the connection to the server is not open at that time, it will be opened automatically as well.

Defining automatic tunnels

Figure 4.39. Defining automatic tunnels

When the Connection Broker starts, the list of the automatic tunnels is read, and the connection initiating applications will be matched to the rules defined here. The first setting that matches the connection will be used. The rules are evaluated from top down, and you can use the arrow buttons to organize the list.

Select Automatic Tunnels in the tree menu and click Add... to open the Automatic Tunnel dialog box.

Adding a new automatic tunnel

Figure 4.40. Adding a new automatic tunnel

  • Type: Select the type of the tunnel from the drop-down list. Valid choices are TCP and FTP.

  • Listen port: This is the number of the local port that the tunnel listens to, or captures. Do not use a reserved port number.


    The protocol or application that you wish to create the tunnel for may have a fixed port number (for example 143 for IMAP) that it needs to use to connect successfully. Other protocols or applications may require an offset (for example 5900 for VNC) that you will have to take into an account.

  • Allow local connections only: Leave a check mark in this box if you want to allow only local connections to be made. This means that other computers will not be able to use the tunnel created by you. By default, only local connections are allowed. This is the right choice for most situations. You should carefully consider the security implications if you decide to also allow outside connections.

  • Destination host: This field defines the destination host for the port forwarding. The default value is localhost.


    The value of localhost is resolved by the Secure Shell server, so here localhost refers to the Secure Shell host you are connecting to.

  • Destination port: The destination port defines the port that is used for the forwarded connection on the destination host.

  • Tunnel using profile: Select the server to use for the tunnel.

To edit a automatic tunnel, select a tunnel from the list and click Edit.

To delete a automatic tunnel, select a tunnel from the list and click Delete.

For more information on tunneling, see Local Tunnels.


Highlights from the SSH.COM blog:

  • Cryptomining with the SSH protocol: what big enterprises need to know about it

    Cryptomining malware is primarily thought of as targeting desktops and laptops and is used to hijack system resources to mine cryptocurrency.
    Read more
  • SLAM the door shut on traditional privileged access management

    Did you know that something as trivial-sounding as granting access for your developers or third parties to a product development environment can throw a gorilla-sized monkey wrench into your operations and productivity?
    Read more
  • We broke the IT security perimeter

    Everyone understands the concept of a security perimeter. You only gain access if you are identified and authorized to do so.
    Read more