How to use SSH tunneling for secure access

· Category: Linux

Short answer

SSH tunneling forwards network ports through an encrypted SSH connection for secure access to remote services.

Steps

  1. Local forward (access remote service locally):
ssh -L 8080:internal-server:80 user@bastion
  1. Remote forward (expose local service remotely):
ssh -R 9090:localhost:3000 user@remote-server
  1. Dynamic SOCKS proxy:
ssh -D 1080 user@remote-server

Tips

  • Use -N to create a tunnel without executing remote commands.
  • -f backgrounds the SSH process after authentication.
  • Combine with autossh for persistent tunnels.

Common issues

  • GatewayPorts must be enabled on the server for remote forwards to be accessible externally.
  • Firewalls may block the SSH port; use alternate ports if needed.