Tunneling is a way to forward otherwise unsecured TCP traffic
through Secure Shell. Tunneling can provide secure application
connectivity, for example, to POP3-, SMTP-, and HTTP-based applications
that would otherwise be unsecured.
The Secure Shell v2 connection protocol provides channels that can be
used for a wide range of purposes. All of these channels are
multiplexed into a single encrypted tunnel and can be used for tunneling
(forwarding) arbitrary TCP/IP ports.
The client-server applications using the tunnel will carry out their own
authentication procedures, if any, the same way they would without the encrypted
The protocol/application might only be able to connect to a fixed
port number (e.g. IMAP 143). Otherwise any available port can be chosen
for tunneling. For remote (incoming) tunnels, the ports under 1024 (the
well-known service ports) are not allowed for the regular users, but are
available only for system administrators (root privileges).
There are two basic kinds of tunnels: local and remote. They are also
called outgoing and incoming tunnels, respectively. Agent forwarding is
a special cases of a remote tunnel.
SSH Tectia Client and all versions of SSH Tectia Server provide the basic tunneling
functionality. SSH Tectia Connector and SSH Tectia Server for IBM z/OS used together provide dynamic secure
application tunneling that is transparent to the end user (secure