SSH tunneling is very useful when the network access to a remote network is restricted. Thus, to gain remote network access you can use a tunnel to a remote host which would act as an intermediary.
Here’s an example. Imagine, there’s a remote host which runs a Tomcat app servlet on TCP port 8080. The only connectivity you have to this remote host is SSH, i.e. TCP 22. At the same time you wish to test the Tomcat and you need to connect to TCP 8080. This can be easily done with SSH tunneling.
You should know that SSH tunneling does not depend on the local OS and in this example I’ll use it with Windows and Putty.
First, make sure tunneling is allowed on the remote server in the SSH daemon configuration. The setting is called PermitTunnel and by default, in most configurations such as in CentOS, tunneling is allowed.
Once you make sure tunneling is not forbidden, you can configure Putty by going to Tunnels tab in Putty’s configuration as seen below.
In the above example, the tunnel will be from the local TCP port 8080 to the remote TCP 8080 on localhost. If you need to connect to a different server through the remote host, you can specify it in place of localhost.
Don’t forget to click on the Add button before establishing the connection. Otherwise, the setting will be lost.
Now you are ready to test your connection. Just open http://localhost:8080 in your local browser and you will be connected to the remote server on TCP port 8080 via the SSH tunnel.
With a Linux local box you can use simimlarly tunneling. In the ssh console command simply specify ssh -L 8080:localhost:8080 when connecting to the remote host. This will have the same effect as in the Putty.
Using tunneling is good for security because the connection is encrypted and you don’t have to expose services to the outside. Thus it can replace the need for a VPN in a way.