SSH - Tunnel (Port Forwarding)


A Secure Shell (SSH) tunnel consists of an encrypted tunnel created through an SSH protocol connection. Users may set up SSH tunnels:

  • to transfer unencrypted traffic over a network through an encrypted channel.
  • to forward network traffic back or forth.


An SSH tunnel is a tunnel with two endpoints. You initiate it from your computer and the network is rerouted:

  • from the server with the -R option. It tells the tunnel to answer on the remote side (the SSH server).
  • or from your computer with -L option, It tells the tunnel to answer on the local side of the tunnel (the host running your client).


For example, Microsoft Windows machines can share files using the Server Message Block (SMB) protocol, a non-encrypted protocol. If one were to mount a Microsoft Windows file-system remotely through the Internet, someone snooping on the connection could see transferred files. To mount the Windows file-system securely, one can establish a SSH tunnel that routes all SMB traffic to the remote fileserver through an encrypted channel. Even though the SMB protocol itself contains no encryption, the encrypted SSH channel through which it travels offers security.

Type of Tunneling

Forward all server network traffic to client (R Option)

How to access a private service on a server with the help of SSH tunneling.

See Ssh - Tunnel - From server to local (Right Port Forwarding)

Reach a server through a SSH remote server (-L options)

When you need to make a SSH connection to connect to a server, you can create a left tunnel (a left port forwarding) to reach the server as of it was direct reachable.

See SSH - Left Tunnel (Left Port Forwarding) - Local to server

Documentation / Reference

Powered by ComboStrap