

In this case users can configure their applications to use their local SOCKS proxy server. To access the remote web server users would point their browser to Some SSH clients support dynamic port forwarding that allows the user to create a SOCKS 4/5 proxy. If users can connect to an external SSH server, they can create an SSH tunnel to forward a given port on their local machine to port 80 on a remote web server. But users may not wish to have their web traffic monitored or blocked by the organization’s proxy filter. For example, an organization may prohibit a user from accessing Internet web pages (port 80) directly without passing through the organization’s proxy filter (which provides the organization with a means of monitoring and controlling what the user sees through the web). SSH tunnels provide a means to bypass firewalls that prohibit certain Internet services so long as a site allows outgoing connections. The local port need not have the same port number as the remote port. Once the SSH tunnel has been established, the user can connect to the specified local port to access the network service. To set up an SSH tunnel, one configures an SSH client to forward a specified local port to a port on the remote machine.
COMMAND LINE SSH TUNNEL SOFTWARE
All you then need to do is configure your software (for example, your web browser) to run through a SOCKS proxy at ‘localhost’ or ‘127.0.0.1’ on port 8080.Īdditional information on SSH tunnelling is available from Wikipedia’s article on tunnelling protocols. When authentication is successful, ssh will act as a SOCKS proxy server on port 8080 as defined in the command.
COMMAND LINE SSH TUNNEL PASSWORD
Ssh -D 8080 connects to the computer at ‘’ and attempts to authenticate as ‘username’, asking for a password if necessary. One of the simplest methods to set-up an SSH tunnel, is the following command in a Linux terminal.

Dynamic port forwardings can also be specified in the configuration file. Currently the SOCKS4 and SOCKS5 protocols are supported, and ssh will act as a SOCKS server.

This works by allocating a socket to listen to port on the local side, and whenever a connection is made to this port, the connection is forwarded over the secure channel, and the application protocol is then used to determine where to connect to from the remote machine. Specifies a local “dynamic” application-level port forwarding. More details about the -D argument of ssh is shown below in the form of an extract from ssh’s man page. This causes ssh to act as a local SOCKS proxy server, routing any traffic pointed at this local proxy through the SSH tunnel. This argument allows you to specific a port upon which to listen locally. The general connection scheme is shown below.One of the most simple ways to set up an SSH Tunnel is to make use of the ssh command’s -D argument.

COMMAND LINE SSH TUNNEL WINDOWS
In this example, we will create a local Port 8888, and the connection to it will be forwarded to the RDP port 3389 on a remote Windows computer. All connections to this port are forwarded to the specified port on a remote server via the SSH tunnel. In this mode, you create a local TCP port on your computer. RDP Access Through SSH Tunnel (Local TCP Forwarding)
