Tunnelling of TCP traffic can be performed from the ssh command on Linux or with Putty on Windows, and can be thought of as a poor man’s VPN. A VPN is a virtual private network, or a method of using a public network such as the internet to securely transmit data via an encrypted “tunnel”.
VNC is a method of gaining access to a remote GUI on Linux and Windows machines. VNC is typically considered insecure and not recommended for use on the open internet. With an SSH tunnel, this doesn’t have to be an issue, as ssh provides security to an otherwise insecure protocol.
Here is an example of how to use VNC over an SSH tunnel:
Start VNC server on a Linux host ssh server to only listen to Loopback interface:
vncserver :1 -localhost
On client machine, start ssh with the following command line:
ssh -L 5901:localhost:5901 <server ip> [-l <login>]
The to access VNC via the SSH tunnel, use the following command on the client machine:
The ssh process on the client sets up a TCP port redirection on the loopback interface of port 5901, to the loopback interface on the server machine on TCP port 5901. The vncviewer command connects to the the redirected port on the local loopback interface, which then gets directed over the tunnel to the server machine’s loopback on port 5901, where the vncserver is listening.
This will allow vnc protocol to be securely tunnelled across the SSH connection.
The previous examples showed connecting to services running on the ssh server itself. Its also possible to use the SSH server to redirect traffic to other machines on the network behind it.
Sometimes we might have to access a Windows Machine behind an a linux SSH server that is connected to the internet (such as linux system performing firewalling for a home network). We can use SSH tunnelling to connect to Windows Remote Desktop as well. (I know this is a linux blog, but most of us out there still have to deal with Windows from time to time)
The following example assumes the following network layout:
Client PC –> Internet–>SSH Server on Firewall–>Private Network–> Windows XP
(ssh server can be behind firewall as long as its accessible from Internet)
1. Make sure Windows XP host is running RDP
2. On client PC, start SSH with tunnelling as follows: 4000:192.168.0.11:3389
On Putty this tunnel definition looks like this (click add after completing the boxes):
Which is exactly like the ssh command on Linux:
ssh -L 4000:192.168.0.11:3389 <server> -l <userid>
To connect to the RDP service on the internal Windows XP system, from a client Windows system connected to the internet via the ssh connection:
Use Remote Desktop Connection application that comes with XP, but use this as the address to connect to:
Like the previous example, this causes the program to connect to port # 4000 on the local loopback interface, which then is redirected to the 192.168.0.11 machine on port number 3389 at the other end of the ssh tunnel. Port # 4000 is used to avoid conflicting with port #3389 on the client as it could have its own RDP server running.
Any TCP based communications can be tunnelled this way over ssh, creating a secure connection for any unsecure protocol. This is also a mechanism for bypassing firewall rules. As long as the SSH server traffic is allowed (TCP port 22). It can be used to gain access to other ports that might not be allowed by a local firewall, simply by using a remote ssh server as a proxy for other traffic.