TCP/IP
protocols via port forwarding. When using this technique, the SSH server becomes an encrypted conduit to the SSH client.
Using reserved port numbers
localhost
, use a command in the following form:
ssh -L local-port:remote-hostname:remote-port username@hostname
mail.example.com
using POP3
through an encrypted connection, use the following command:
~]$ ssh -L 1100:mail.example.com:110 mail.example.com
1100
on the localhost
to check for new email. Any requests sent to port 1100
on the client system will be directed securely to the mail.example.com
server.
mail.example.com
is not running an SSH server, but another machine on the same network is, SSH can still be used to secure part of the connection. However, a slightly different command is necessary:
~]$ ssh -L 1100:mail.example.com:110 other.example.com
1100
on the client machine are forwarded through the SSH connection on port 22
to the SSH server, other.example.com
. Then, other.example.com
connects to port 110
on mail.example.com
to check for new email. Note that when using this technique, only the connection between the client system and other.example.com
SSH server is secure.
A connection is only as secure as a client system
No
parameter for the AllowTcpForwarding
line in /etc/ssh/sshd_config
and restarting the sshd
service.