SSH tunnel, also known as SSH port forwarding, is a method of transporting arbitrary network data over an encrypted SSH connection. SSH tunneling is the process by which a TCP / IP connection is tunneled inside a secure SSH tunnel.
It can be used to add encryption to legacy applications. It can also be used to implement VPNs, i.e. virtual private networks, and access intranet services through firewalls.
It protects the tunneled connection from network attacks.
Application data traffic is directed to flow inside an encrypted SSH connection so that it cannot be listened to or intercepted while in transit. The SSH tunnel is used to add network security to legacy applications that do not natively support encryption.
The SSH connection is used by the application to connect to the application server. When tunneling is enabled, the application contacts a port on the localhost on which the SSH client is listening. The SSH client then transfers the application through its encrypted tunnel to the server.
The server then connects to the actual application server – usually on the same machine or in the same data center as the SSH server.
Who Uses SSH Tunneling ?
Any user able to connect to a server can enable port forwarding.
Hackers and malware can also use it to leave a backdoor in the internal network.
It can also be used to hide traces of attackers by bouncing an attack across multiple devices that allow uncontrolled tunneling.