TL;DR
This guide shows you how to securely connect to SSH servers and forward ports for various applications, avoiding direct exposure. We’ll cover basic connections, local port forwarding, remote port forwarding, and dynamic port forwarding (SOCKS proxy).
1. Basic SSH Connection
The simplest way to connect is using the ssh command:
ssh username@server_addressYou’ll be prompted for your password (unless you use SSH keys – see section 5).
2. Local Port Forwarding
Local port forwarding lets you access a service running on the remote server as if it were running locally. For example, to access a database on the remote server (listening on port 3306) through your local machine’s port 13306:
ssh -L 13306:localhost:3306 username@server_address- -L specifies local port forwarding.
- 13306 is the local port you’ll connect to.
- localhost refers to the remote server itself.
- 3306 is the port on the remote server where the service is running.
Now, you can connect to localhost:13306 on your local machine and it will be forwarded to the database on the remote server.
3. Remote Port Forwarding
Remote port forwarding allows someone connecting *to* the SSH server to access a service running on *your* local machine. This is useful if you’re behind a firewall and need to expose a service without opening ports directly.
ssh -R 8080:localhost:80 username@server_address- -R specifies remote port forwarding.
- 8080 is the port on the SSH server that will be forwarded.
- localhost refers to your local machine.
- 80 is the port on your local machine where the service is running (e.g., a web server).
Anyone connecting to server_address:8080 will be forwarded to your local web server.
4. Dynamic Port Forwarding (SOCKS Proxy)
Dynamic port forwarding creates a SOCKS proxy on your local machine, allowing you to route all your traffic through the SSH server. This is excellent for bypassing firewalls or accessing region-locked content.
ssh -D 1080 username@server_address- -D specifies dynamic port forwarding (SOCKS proxy).
- 1080 is the local port for the SOCKS proxy.
Configure your applications (e.g., web browser) to use a SOCKS5 proxy at localhost:1080.
5. Using SSH Keys
SSH keys are more secure than passwords. Here’s how to set them up:
- Generate a key pair:
ssh-keygen -t rsa -b 4096(Accept the defaults unless you have specific needs).
- Copy your public key to the server:
ssh-copy-id username@server_addressYou’ll be prompted for your password one last time.
- Now, you can connect without a password!
6. SSH Configuration File (~/.ssh/config)
Simplify connections by using the ~/.ssh/config file.
Host myserver
HostName server_address
User username
Port 22
IdentityFile ~/.ssh/id_rsa # If you use a non-default key
ForwardAgent yes
Now, connect with just
ssh myserver.