SSH Tunnels

SHH tunnels are a cool tool and sometimes called the poor man’s VPN. I use SSH Tunnels all the time to get into networks remotely. It is super easy to do and can be very helpful!

Here is an example of how it works. I have a VMware ESXi server at a remote location. It is behind a firewall. But I put a raspberry pi on the same network. I opened an SSH port to that raspberry pi in the network firewall. Now when I need to get into that ESXi server or other resources on that remote network I can SSH into that raspberry pi. This builds a tunnel into the remote network through the raspberry pi’s SSH session.

Here is how to setup an SSH tunnel with PuTTY. Other SSH tools should be able to do the same thing.

1. After SSH (port 22) has already been forwarded on the remote router open putty and put in the hostname or IP address used to connect to the network from the internet.

2. Now in the category list find SSH and Tunnels and setup what the tunnel will connect to. Source port is the port on the computer you are currently on. The destination is the IP and port of what you want to connect to in the remote network. So here you can see I have setup a tunnel to connect my local port 443 to the remote IP and port 443 (port 443 is HTTPS). Then I setup another port for remote desktop. I use my local port 8888 to tunneled to the remote IP on port 3389.

3. Now go back to the Sessions window. The session window is at the top of the categories. Give a name for the session and save it.

4. Now you click open. It should connect to your SSH host. Log in and you’re done.

5. Now I can just go into my web browser and connect to my localhost ( with HTTPS (port 443) and it will be tunneled to the remote network. This way I can connect to my VMware ESXi server remotely without opening it up in the firewall or having lots of extra ports open on the firewall.

The same thing works for the remote desktop port as well.

That’s all there is to setting up an SSH tunnel. Super easy once you get the hang of it!

Leave a Reply

Your email address will not be published. Required fields are marked *