Mastering SSH: From Basics to Advanced Port Forwarding and Remote Execution

SSH (Secure Shell) is a network protocol that provides encrypted login between computers, originally designed in 1995 by Tatu Ylonen to replace plaintext communication. It is now a standard component of Linux systems.

SSH Login Principle

The protocol establishes a secure channel by exchanging encrypted keys, preventing eavesdropping.

Basic Usage

Typical syntax: ssh -p 22 user@host Parameters:

-p: specify port (default 22, can be omitted)

user: login username

host: target host

If the local username matches the remote one, the username can be omitted:

ssh host

Remote Login Example

Two CentOS 6.5 VMs (192.168.13.135 and 192.168.13.138) are used to demonstrate connecting from one host to another. Commands such as netstat -ntlp | grep ssh verify that the SSH service is running, and ssh -p 22 [email protected] initiates the connection. First‑time connections prompt to confirm the host key (type yes), then the password is entered.

SSH Port Forwarding

SSH can forward TCP traffic, useful when firewalls block certain ports but allow SSH. There are two main types: local forwarding and remote forwarding.

Forwarding Parameters

-C: compress data
-f: run in background (often with -N)
-N: do not execute remote command
-g: allow remote hosts to connect to forwarded ports
-L: local port forwarding (local:targetIP:targetPort)
-D: dynamic port forwarding (SOCKS proxy)
-R: remote port forwarding
-T: disable pseudo‑tty allocation
-q: quiet mode

Local Forwarding

Format:

ssh -L [localIP:]localPort:targetIP:targetPort user@targetHost

Example scenario: CentOS B runs MySQL bound to 127.0.0.1 only. To access it from CentOS A, use: ssh -L 3306:127.0.0.1:3306 [email protected] After the tunnel is established, connect locally with bin/mysql -h127.0.0.1 -uroot -p.

Remote Forwarding

Format:

ssh -R [remoteIP:]remotePort:targetIP:targetPort user@remoteHost

Example: a Windows 7 machine cannot reach CentOS B directly but can reach CentOS A, which can reach B. By running on CentOS A:

ssh -R 127.0.0.1:80:10.18.78.135:80 [email protected]

the Windows machine’s requests to port 80 are forwarded through A to B.

Dynamic Forwarding

Format: ssh -D [localIP:]localPort user@remoteHost This creates a SOCKS proxy, allowing any application configured to use the proxy to route its traffic through the SSH tunnel.

Remote Command Execution

Run a command on a remote host without an interactive session: ssh user@host 'command' Examples include checking the OS version, copying directories via a tar pipe, or testing if a port is listening.

Security Considerations

SSH is vulnerable to man‑in‑the‑middle attacks if an attacker can replace the host’s public key, because SSH keys lack a centralized certificate authority. Users must verify host fingerprints, especially on first connections, to mitigate this risk.

Conclusion

The article provides a practical overview of SSH concepts, basic commands, and various forwarding techniques, along with example scenarios and security warnings, serving as a useful reference for system administrators and developers working with Linux environments.