Your browser does not allow storing cookies. We recommend enabling them.

SSH Tectia

SOCKS Tunneling

SOCKS tunneling is a mechanism available for tunneling applications that support the SOCKS4 or SOCKS5 client protocol.

Instead of configuring tunneling (a.k.a port forwarding) from specific ports on the local host to specific ports on the remote server, you can specify a SOCKS server which can be used by the user's applications. Each application is configured in the regular way except that it is configured to use a SOCKS server on a localhost port. The Secure Shell client application, SSH Tectia ConnectSecure, opens a port in the localhost and mimics a SOCKS4 and SOCKS5 server for any SOCKS client applications.

When the applications connect to services such as IMAP4, POP3, SMTP, and HTTP, they provide the necessary information to the SOCKS server, which is actually SSH Tectia ConnectSecure mimicking a SOCKS server. SSH Tectia ConnectSecure will use this information in creating a tunnel to the Secure Shell server and relaying the traffic back and forth securely.

With sshg3 on the command line, the syntax of the SOCKS tunneling command is as follows:

client$ sshg3 -L socks/[listen-address:]listen-port username@sshserver


  • [listen-address:] defines which interface on the client will be listened to (optional argument)

  • listen-port is the number of the port on the client

  • sshserver is the IP address or the host name of the Secure Shell server.

For example, the following command will set up a local tunnel from port 1234 on the client to sshserver. The applications are set to use a SOCKS server at port 1234 on the client. From the server, the connections are forwarded unsecured to the destination hosts requested by the applications.

sshclient$ sshg3 -L socks/1234 username@sshserver

SOCKS tunnels can also be defined for connection profiles in the Connection Broker configuration file. The following is an example from a ssh-broker-config.xml file:

<profile id="id1" host="">
    <local-tunnel type="socks"
                  allow-relay="no" />


Highlights from the SSH.COM blog:

  • Cryptomining with the SSH protocol: what big enterprises need to know about it

    Cryptomining malware is primarily thought of as targeting desktops and laptops and is used to hijack system resources to mine cryptocurrency.
    Read more
  • SLAM the door shut on traditional privileged access management

    Did you know that something as trivial-sounding as granting access for your developers or third parties to a product development environment can throw a gorilla-sized monkey wrench into your operations and productivity?
    Read more
  • We broke the IT security perimeter

    Everyone understands the concept of a security perimeter. You only gain access if you are identified and authorized to do so.
    Read more