Master SSH: From Basics to Advanced Port Forwarding and Remote Operations

What is SSH?

SSH is a network protocol used for encrypted login between computers. It was designed in 1995 by Finnish researcher Tatu Ylonen to replace plaintext communication, and it has become a standard security solution on Linux systems worldwide.

SSH Login Principle

SSH establishes a secure channel by exchanging cryptographic keys before any data transmission. The following diagram illustrates the handshake process.

Basic Usage

Typical syntax: ssh -p 22 user@host Parameters:

-p: specify port number (default 22 can be omitted)

user: login username

host: target host

Examples:

ssh user@host

ssh host

Remote Login Example

Two CentOS 6.5 virtual machines with IPs 192.168.13.135 and 192.168.13.138 are used. First, verify SSH service:

netstat -ntlp | grep ssh

Connect from the first machine to the second: ssh -p 22 [email protected] On first connection, the client asks to confirm the host key fingerprint; typing yes accepts it, then the password is entered to complete the login.

To exit, type exit.

SSH Port Forwarding

SSH can encrypt traffic and also forward TCP ports, useful when firewalls block certain ports but allow SSH.

Port forwarding types:

Local forwarding (client side)

Remote forwarding (server side)

Common options:

-C: compress data

-f: run in background (often with -N)

-N: do not execute remote command

-g: allow remote hosts to connect to forwarded port

-L: local_port:target_ip:target_port

-R: remote_port:target_ip:target_port

-D: dynamic forwarding (SOCKS proxy)

-T: no pseudo‑tty allocation

-q: quiet mode

Local Forwarding

Forward a local port to a remote service. Example: forward local port 3306 to a MySQL server on 192.168.13.142. ssh -L 3306:127.0.0.1:3306 [email protected] Data flow:

On the client, the application connects to 127.0.0.1:3306, SSH forwards the traffic to the remote MySQL server, which processes it and returns the response.

Remote Forwarding

Forward a port on the remote server back to the local network. Example with three machines (CentOS A, CentOS B, Windows 7):

ssh -R 127.0.0.1:80:10.18.78.135:80 [email protected]

This makes port 80 on CentOS B forward to the Windows 7 host.

Dynamic Forwarding

Creates a SOCKS proxy on the local machine:

ssh -D 1080 user@host

Remote Operations

Execute commands on a remote host: ssh [email protected] 'uname -a' Copy directories using a tar pipe:

tar -cz test | ssh [email protected] 'tar -xz'

Check if a remote port is listening:

ssh [email protected] 'netstat -tln | grep 1080'

Issues with SSH

If an attacker intercepts the connection and presents a forged host key, the user may be unable to verify authenticity because SSH lacks a centralized certificate authority, making it vulnerable to man‑in‑the‑middle attacks, especially on public Wi‑Fi.

Conclusion

The article covered SSH fundamentals, common commands, remote login, various port‑forwarding techniques, remote operations, and security considerations, providing a practical guide for Linux users while noting that deeper protocol analysis remains possible.