SSH Tunnelling

ssh tunnelling is an excellent way to tunnel insecure protocols through a secure communication channel. In this example, I'll tunnel POP3 traffic using ssh. Traditional POP3 traffic, including username and password information, travels clear-text across the network.

OpenSSH is used in the following examples.

To tunnel POP3 traffic using ssh:

1. Make sure an ssh client is installed on your machine and an ssh server is installed on the POP3 server.

2. Create a local ssh tunnel on your machine (port 1234 for this example) to the POP3 server's port 110. You will need to be the root user to bind to "privileged" ports:

3. Test the tunnel.

You should see the POP3 server's banner information.

4. Configure your mail client to access your mail via POP3 using mail server localhost and port 1234.

"Reverse" ssh tunnel

It is possible to create a "reverse" ssh tunnel. The reverse tunnel will allow you to create an ssh tunnel from your work computer to your home computer, for example, and then login to your work machine from your home machine even if your work firewall does not permit ssh traffic initiated from your home machine!

For this to work, an ssh server must be installed on your work and home computer, and ssh (TCP port 22) must be allowed outbound from your work computer to your home computer.

At home, you would then run ssh -p 2048 localhost to log into your work computer via ssh.

Here is a script I run every 5 minutes through the cron facility on my work system to make sure the reverse ssh tunnel to my home system is up and running. It is useful in case my_home_system is rebooted.

Client Configuration

Useful keywords in ~/.ssh/ssh_config

Compression - Compress network traffic (Default: no)

CompressionLevel - Level to compress to if using compression (Default: 6)

ForwardX11 - Forward X11 connection (Default: no)