Mastering SSH: Remote Login, Port Forwarding, and Advanced Usage

What is SSH?

SSH (Secure Shell) is a network protocol that provides encrypted login between computers. Before SSH, network communication was plain text and vulnerable to interception. Designed in 1995 by Tatu Ylonen, SSH encrypts all login information and has become the standard remote access method on Linux systems.

SSH Login Principle

When a client initiates a connection, the server presents its public key fingerprint. The client must verify the host's authenticity before proceeding.

Basic SSH Usage

The basic syntax is: ssh -p 22 user@host Parameters:

-p : specify the port number (default 22, can be omitted).

user : login username.

host : target host.

If the local username matches the remote username, both the username and the port can be omitted:

ssh host

Remote Login Example

Two CentOS 6.5 virtual machines with IPs 192.168.13.135 and 192.168.13.138 are used. To log in from the second machine to the first: ssh -p 22 [email protected] On first connection the client will ask to confirm the host fingerprint (type yes) and then prompt for the password.

SSH Port Forwarding

SSH can forward TCP ports, allowing traffic to be encrypted while being redirected to another host. This is useful when firewalls block certain ports but allow SSH.

Forwarding Parameters

-C  : compress data
-f  : run in background (often used with -N)
-N  : do not execute remote commands
-g  : allow remote hosts to connect to forwarded ports
-L  : local port forwarding (local:target)
-D  : dynamic port forwarding (SOCKS proxy)
-R  : remote port forwarding
-T  : no pseudo‑tty allocation
-q  : quiet mode

Local Port Forwarding

Format:

ssh -L [local_address:]local_port:target_address:target_port user@target_address

Example: forward local port 3306 to a MySQL server on a remote machine that only accepts connections from 127.0.0.1: ssh -L 3306:127.0.0.1:3306 [email protected] If the local username matches the remote one, the command can be shortened:

ssh -L 3306:127.0.0.1:3306 192.168.13.142

Remote Port Forwarding

Format:

ssh -R [remote_address:]remote_port:target_address:target_port user@remote_address

Example: a Windows 7 host (10.18.78.135) cannot reach a CentOS B machine directly, but both can reach CentOS A. By executing on CentOS A:

ssh -R 127.0.0.1:80:10.18.78.135:80 [email protected]

CentOS B now forwards its port 80 traffic through CentOS A, allowing the Windows host to communicate with CentOS B via the tunnel.

Dynamic Port Forwarding

Creates a SOCKS proxy that forwards any TCP traffic through the SSH tunnel:

ssh -D [local_address:]local_port user@remote_address

All traffic sent to the local port is proxied to the remote side, which then makes the actual connections.

SSH Remote Operations

Run a single command on a remote host without opening an interactive shell: ssh user@host 'command' Examples:

Check remote OS type: ssh [email protected] 'uname -a' Copy a directory: tar -cz test | ssh [email protected] 'tar -xz' Test if a remote port is listening:

ssh [email protected] 'netstat -tln | grep 1080'

Common Issues

If an attacker intercepts the connection and presents a forged public key, the user may be unable to verify the host’s authenticity because SSH does not use a public certificate authority. This opens the possibility of a man‑in‑the‑middle attack, especially on insecure networks such as public Wi‑Fi.

Conclusion

The article covered the basic concepts of SSH, practical commands for remote login, local/remote/dynamic port forwarding, and common pitfalls. It does not delve into low‑level protocol internals, which can be explored further for deeper understanding.