Knowledgebase:
How to create an SSH tunnel using putty.exe
Posted by rbTech Staff on 23 December 2013 10:17 AM

There are a number of reasons you may want to tunnel a connection to a remote server over SSH.  You may be accessing an unencrypted resource and want to ensure that the information is transmitted in an encrypted form over untrusted networks, or you may been do access something that's behind a firewall.  This technique is useful when you have SSH access to a device that can communicate with both the external system (you) and the internal system (the resource or site you need access to), but can't connect directly (e.g. there's a firewall restricting access to the internal website etc.).

We often need access to sensitive systems or ports on client networks.  We don't want to open those ports or systems up to the public Internet, and SSH tunnelling provides a secure and robust way for us to connect to those systems.  It's also very easy to do on an as needed basis, which usually can't be said for modifying firewall rules.

When logging in from a Windows system, we typically use Putty for SSH tunnelling as it has good, and easy to use, support for SSH tunnels.

  • Launch putty, then create a profile (Type something in the "Saved Sessions" space).
  • Enter the target system you want to log in to - keep in mind that the SSH server does NOT have to be the same system that you're accessing, e.g.: you can access a website on internalhost2.somedomain.com at port 8443 from any system that has access to that port - it could be the firewall or an internal server, whatever.  For this example I'm going to access a website on an internal server from the firewall on the network edge, so the Firewall will forward the traffic back to me, and the internal host will see web traffic from the firewall.
  • In putty, click the + next to "SSH, under the Connection heading.
  • Click Tunnels
    When adding a tunnel, you need to specify a local port on your system that you want Putty to 'Listen' on for traffic.  8080 and 8443 are reasonable choices for most workstations, as you're typically not running proxied webservers on a workstation.
  • In the Source port, enter the port ON YOUR SYSTEM that you want to connect to
  • In the Destination, enter the internal host and port that you want to connect to (e.g. intranet.somedomain.org:8080).
  • Click "Add"
  • Scroll back up to the top of the Category pane in Putty, and click "Session"
  • If you intend to re-use the tunnel, make sure you hit "Save" before you open the connection.
  • Click "Open" to connect.

Once you've authenticated to the remote server, point your browser to "http://localhost:8080" and the website on the remote server should load!

This same technique can be used for other things, like connecting to SQL hosts and the like as well.  Good luck and happy hacking!

(0 vote(s))
Helpful
Not helpful

Comments (0)
Post a new comment
 
 
Full Name:
Email:
Comments:
CAPTCHA Verification 
 
Please enter the text you see in the image into the textbox below (we use this to prevent automated submissions).