SSH Tunneling Explained

One of the beautiful features of SSH (Secure Shell) is the ability to use its encryption for other protocols. Although the primary function of SSH is to give the user access to a dedicated server’s command line shell, while also maintaining a secure connection, SSH can also function as a “tunnel” for remote management, server proxy, mail transport, virtualization, and many other remote connections.

SSH allows you to send data through an encrypted channel over the Internet. Using tunneling, you can also send unencrypted data over the encrypted SSH protocol.

For example, let’s say you have created a remote management application for your server. It runs on your computer, but connects to the server via a standard TCP port. The problem is that this connection is unsecured. SSH tunneling would allow you to connect to the server via SSH and force all traffic from that TCP port through the SSH tunnel connection, making all transported data securely encrypted.

Because SSH tunneling also allows for port forwarding, you can conceivably open a port connection on your local machine and connect to a different port on the remote machine through the secure SSH tunnel. This is useful when using a non-standard port on the server or when there is a need to circumvent a local firewall or proxy without exposing the default port.