If you want to create an encrypted tunnel between two Linux instances, the best option is to use the SSH port**.
Translated from Linux: Create Encrypted Tunnels with SSH Port Forwarding by Jack Wallen is the result of Gen X thinking merging with the ridicule of the moment. Jack is a writer who seeks truth and writes with a quantum mechanical pencil and incongruous voice and soul rhythm. Secure Shell (SSH) has several really cool tricks, each of which offers a handy feature (wrapped in a secure layer of protection) that can make your life a little easier. Last week, we talked about using SSH for key authentication; This week we're going to talk about ports**, which can be used to access servers that you may not have direct access to.
Access remote machines with greater security.
A temporary, encrypted channel is granted from the local machine to the remote machine.
There are three different types of SSH ports. They are local (the client's connection to the remote host via ssh), remote (the connection of the remote server to another machine via ssh), and dynamic (the connection of different applications to multiple servers via ssh).
There are many examples of ports, some of which can get quite complex. So we'll only deal with the first two ports here (local and remote). This is also the type of SSH port you use most often.
The SSH port** is built into SSH by default, so as soon as SSH is installed, you should have everything you need to use this feature.
With that said, let me show you how the SSH port works.
Your Linux distribution may already have SSH installed. However, in order to port, you'll also need to add an SSH server. On Ubuntu-based distributions, the command to install the SSH server is as follows:
sudo apt-get install openssh-server -yOn RHEL-based distributions, the command is:
sudo dnf install openssh-server -yOnce the installation is complete, start and enable the SSH server on the Ubuntu distribution with the following command:
sudo systemctl enable --now sshOn RHEL-based distributions, launch the Enable command as follows:
sudo systemctl enable --now sshdThe first port type we'll be dealing with is local. Let's say you're developing a new site and you want to be able to access it over an encrypted connection. This new site may be on a local network or on a remote server. In any case, you can connect to the remote SSH server using the local port, enabling a connection from the local port to the remote port.
Let's say you want to use local port 8080 and connect ** to IP address 192 via SSH168.1.Port 11 of 80. To do this, the command is as follows:
ssh -l 8080:192.168.1.11:80 localhostYou will be prompted to enter your local SSH user password and you will be returned to the command prompt. To verify that the tunnel was successful, open a web browser and point to:
Remote site (at 192.)168.1.11) should appear in the web browser and be tunneled via SSH encryption.
As long as you remain "logged in" in the terminal window, you can continue to use the encrypted tunnel. To close the encrypted tunnel, go back to the terminal window and type:
This type of port** may be more practical because it allows you to provide access to a remote machine through an encrypted tunnel. Let's say you have someone on your LAN who needs VNC access to a server with a GUI, and you want to make sure that the connection is encrypted for security reasons. Of course, this requires you to set up the VNC correctly on the server and install the VNC viewer on the client machine. In this example, we will continue to use the remote machine's IP address of 192168.1.11, while the customer machine is located in 192168.1.21。You must also have SSH access to the client's machine.
But before you can do that, you have to deal with a simple SSH configuration. Use the following command to open the ssh server configuration file:
sudo nano /etc/ssh/sshd_configAdd the following line at the bottom of the file:
Save and close the file. To restart ssh, you can use one of the following commands:
sudo systemctl restart sshOr.
sudo systemctl restart sshdNow, let's create a remote tunnel. In order to create a tunnel for the VNC (running on port 5900), on the remote server (in our case it is 192.)168.1.11) Run the following command:
ssh -r 5900:localhost:5900 [email protected]where username is the username to which you have access on the client machine. Once the user is verified, the SSH remote tunnel is up and running. Other users can then connect to the server using the VNC client, using localhost and port 5900.
Note that even if the remote user disconnects their VNC, the tunnel is still up and running. To close the tunnel, go back to the remote server's terminal and type exit.
If you want to create encrypted tunnels for a variety of purposes, SSH is an excellent choice. Once you get the hang of how to create these tunnels, you'll find them useful in many different types of scenarios.