How To Set Up Simple SSH Tunneling

January 26, 2010

By far the easiest way to set up a simple connection proxy is to use the SSH tunneling feature of either PuTTY on Windows or SSH on Linux. This lets you establish connections to servers and ports that you might not be able to access (e.g. from work), as long as you can connect to your server’s SSH service (e.g. myserver.com port 22). This might be for privacy reasons, to connect to MSN from work, to browse a blocked website, et cetera.

Update: To do this without an OpenSSH server, see Senka.

On Windows Machines

  1. Download and open PuTTY
  2. In the fields ‘Address’ and ‘Port’, enter the address and port for your SSH server
  3. Go to ‘Connection’ -> ‘SSH’ -> ‘Tunnels’ on the left-hand side
  4. In ‘Source port’, enter 31337, then click the button ‘Dynamic’ and then ‘Add’
  5. Go back to the main ‘Session’ screen
  6. In the ‘Saved Sessions’ text box, enter e.g. “My Shell” and click ‘Save’
  7. Double-click “My Shell” to establish a connection, then log in to your shell
  8. In any application that supports connecting through a proxy, set the following settings:
    • Proxy type: SOCKS 5
    • Proxy server: 127.0.0.1
    • Proxy port: 31337

You can also set these as your global proxy settings in Windows (via ‘Control Panel’ -> ‘Internet Properties’ -> ‘Connections’ -> ‘LAN settings’ -> “Use a proxy server for your LAN” -> ‘Advanced’ -> ‘Socks’: 127.0.0.1:31337. This will cause most applications to connect through the SSH tunnel to your server.

In the future, just open PuTTY and double-click “My Shell” to open your shell and activate the SSH tunneling.

On Linux Machines

  1. Open a terminal
  2. Enter e.g.: ssh -D31337 [email protected] -N
  3. Log in to your shell
  4. In any application that supports connecting through a proxy, set the following settings:
    • Proxy type: SOCKS 5
    • Proxy server: 127.0.0.1
    • Proxy port: 31337

Alternatively, enter e.g.: ssh -L 31337:patrickmylund.com:80 [email protected] -N. Here, you specify the target host and port before-hand; the result is that all connections to 127.0.0.1 port 31337 will be tunneled through your server, myserver.com, using your username, myuser, to the target machine, patrickmylund.com, port 80.

The SSH tunnel will stay active until you close the terminal window or hit CTRL+C (Linux), or close PuTTY (Windows).