SSH Tunneling

From Hak5

This article (or section) may need to be wikified.
Please help improve this article, especially its introduction, section layout, and relevant internal links.
This article has been tagged since February 2007.

Tunneling, or port forwarding, is a way to forward otherwise insecure TCP traffic through SSH Secure Shelll for Workstations. You can secure for example POP3, SMTP and HTTP connections that would otherwise be insecure

The tunneling capability of SSH Secure Shell for Workstations is a feature that allows, for example, company employees to access their email, company intraweb pages and shared files securely by even when working from home or on the road.

Tunneling makes it possible to access email from any type of Internet service (whether accessed via modem, a DSL line or a cable connection, or a hotel Internet service). As long as the user has an IP connection to the Internet she can get her mail and access other resources from anywhere in the world securely.

This often is not the case with more traditional IPSec based VPN technologies because of issues with traversing networks that are implementing Network Address Translation (NAT) - this is especially the case in hotels. NAT breaks an IPSec connection unless special protocols such as NAT-Traversal are implemented on the client and gateway.

The client-server applications using the tunnel will carry out their own authentication procedures, if any, the same way they would without the encrypted tunnel.

The protocol/application might only be able to connect to a fixed port number ( e.g. IMAP 143). Otherwise any available port can be chosen for port forwarding.

Retrieved from "http://wiki.hak5.org/wiki/SSH_Tunneling"

Categories: All pages needing to be wikified | Wikify from February 2007 | Glossary