PuTTy SSH Tunneling: A Step-by-Step Guide

retro mechanical terminal

SSH tunneling with PuTTY is a useful tool for encrypting your network traffic or accessing services on other networks securely. Using this software, you can relay network traffic securely from one network site to another, guarding your information against hacking and eavesdropping. This also allows you to connect to things that may be blocked locally, that your remote server has access to.

In this article, we’ll walk you through the process of creating an SSH tunnel with PuTTY. When you’ve finished following along, you’ll be able to begin using SSH tunneling, gaining a useful tool for your IT toolbox.

What is an SSH Tunnel?

An SSH Tunnel provides an encrypted connection between a local computer and remote server using the SSH protocol. SSH tunneling, also known as SSH port forwarding, maps a local IP and port to a remotely accessible resource, allowing local applications to make remote connections in a secure manner. This is useful for applications like MySQL where remote server access is necessary, but the application’s default means of remote access is less secure than SSH.

This article will describe one kind of static SSH tunneling, in which every communication that passes through the tunnel is forwarded to a certain destination host. Under this approach, all other traffic would proceed normally, and in order to use the tunnel, you would need to directly connect to the tunnel’s local IP address and port. In a future article, we will go through how to use Putty to establish a socks proxy as another sort of tunneling.

To use SSH tunneling with PuTTY, you will need to have a working installation of PuTTY on your computer. You will also need the hostname or IP address of the remote SSH server, as well as the username and password (or other authentication method) for an account on that server.

Follow these steps to set up an SSH tunnel with PuTTY::

  1. Open up the PuTTy program.
  2. For “Host Name”, enter the hostname / domain or IP of the server you want to connect to.
  3. Click through “Connection” > “SSH” > “Tunnels” from the “Category” panel.
  4. Under “Source port” put down the local port number you want to connect to for forwarded traffic. A popular option is port “8080”.
  5. Next fill in the “Destination” field, enter the destination hostname or IP, followed by the destination port number. For example, you might enter “www.example.com:80” if you’d like your tunnel to send its traffic to the http port on the host www.example.com.
  6. Under “Forwarded ports” select “Local”, and then click “Add”
  7. Click the “Session” option in the “Category” panel to go back to the first screen again. From here, enter a name for the session under “Saved Sessions”, and then click “Save” so that you can easily load these options again later.
  8. Almost there! Just click “open” to connect via SSH, and enter your username and password when prompted.

Once the tunnel is established, you can use your local port (e.g. 8080) as if it were the remote port on the destination host (e.g. www.example.com:80). Any traffic sent to the local IP and port will be forwarded through the secure SSH tunnel to the destination host and port.

Usage and limitations:

If you are using a web browser to get to www.example.com, you can now browse to it via the tunnel when entering the URL http://127.0.0.1:8080 . However, the website at that address would usually link to the full domain name at http://www.example.com and so clicking on anything would lead to loading the website directly instead of through the tunnel. Due to these limitations, this type of tunnel setup is usually better for traffic other than website traffic, such as telling an email client what server IP and port to connect to.

However, there is a way around this limitation, but it requires a bit of effort, and needs to be done for each website you want to access. To get this started, you want to have the “Source Port” be port 80 (for http websites), or port 443 (for https websites), in the PuTTy settings. You’d then update your /etc/hosts file to point www.example.com to 127.0.0.1. This allows you to put http://www.example.com or https://www.example.com into your browser’s address bar, and the browser would then believe these websites are hosted at IP address 127.0.0.1, and so the traffic would go via your tunnel. In a future article we will explain how to edit /etc/hosts in Windows and Linux for this purpose.

Why would you want to do this?

There are many situations in which SSH tunneling can be useful. For example, you might use this technique if you need to securely access services on a remote network, but the network does not have a VPN. In this case, you can use SSH tunneling to create a secure connection to the remote network, and then access the services you need as if you were on the network directly.

One way this type of tunneling can be useful, is when you need to encrypt network traffic that would otherwise be sent in in the clear. For example, if you are using an unencrypted protocol like pop3 mail, and accessing this over an untrusted network such as on public wifi, this type of tunnel can help you avoid others eavesdropping on your emails. Although many things are encrypted by default these days, this strategy can be useful if you find yourself using a program or protocol that isn’t.

That’s it!

Well done for investing the time to learn about PuTTY SSH tunneling! You now have the knowledge and abilities necessary to set up an SSH tunnel and begin securing your network traffic after following the instructions in this guide.

We sincerely hope that this article has given you the knowledge necessary to utilize SSH tunneling efficiently. It can be an extremely effective tool for protecting your data and gaining access to remote services. SSH tunneling can be a useful tool in your toolbox, whether you’re an expert or a novice at network security.

Do you love servers?

We do! If you’re concerned about server security, or just want a home for your website or tunnel, IOFLOOD can help. Our dedicated servers provide a secure and reliable environment for your applications, and our team is always happy to help with whatever questions you might have.

To learn more about our dedicated servers and how we can help you with your specific needs, contact us at sales[at]ioflood.com or visit our website at https://ioflood.com. Our team is ready to answer your questions and help you find the best server for your needs.