OS: Debian 11 (Bullseye)

You have seen my tutorial of Local Port Forwarding and should have a basic understanding of how SSH Tunneling work. If you have not seen the tutorial you can go to the link below on how to setup local port forwarding.

There are alot of use cases for SSH tunneling and it is a common technique that cyber criminal use to gain unauthorized access to the victim network. However SSH can also be consider a “poor” man VPN when you only have a few application that you would want to access without opening the firewall port or setting up a full fledge VPN.

In this tutorial I am going to show you how to quickly configure remote SSH port forwarding. The commands are quite straight forward. However it is important to know which where do you initiate the command and what are the server or services that you want to allow access from outside your lab or test network. Here is the quick summary of the things to take note.

  1. The SSH command is issue from the internal host that you want to access from the Internet.
  2. Make sure you open the firewall port at the SSH Server (Debian DemoServer) and configure /etc/ssh/sshd_config GatewayPort to Yes
  3. You initiate the RDP connection from any client to the public address of the SSH Server.

You use the following command to establish a remote port forwarding from the internal host. In most cases the internal host may not have public ip address mapped and therefore is not reachable from the public internet. The following example uses username and password login.

ssh -R [SSH ServerIP]:[SSH Port]:[Internal Host IP]:[Internal Application Port] <user>@[SSH Server IP]

  • [SSH Server IP] – This is the ip address of the SSH Server if it is not specified it is bind to all interfaces.
  • [SSH Port] – This is the port that you want to allow access from the internet. For security reason you can change this port so that the attacker cannot easily determine what is the service associated with this port although a thorough scan may still reveal the service expose.
  • [Internal Host IP] – This is the IP address of the internal host. Usually you would use 127.0.0.1 for the local host.
  • [Internal Application Port] – This is the Port of the Application that you are allowing access through the SSH Tunnel.
  • <user> – A valid SSH account on the SSH Server.

The following command users Key Based Login

ssh -R [SSH ServerIP]:[SSH Port]:[Internal Host IP]:[Internal Application Port] -i [Private key of User] <user>@[SSH Server IP]

  • [Private Key of User] This is the private key of the user you are using to login to the SSH Server

Additional options that you can use to hide your ssh tunnel from the terminal.

Option. Description
-fRequests ssh to go to background just before command execution.  This is useful if ssh is going to ask for passwords or passphrases, but the user wants it in the background.
-NDo not execute a remote command. This is useful just for just forwarding ports.