- How to Create SSH Tunneling or Port Forwarding in Linux
- Testing Environment:
- Local SSH Port Forwarding
- Remote SSH Port Forwarding
- Dynamic SSH Port Forwarding
- If You Appreciate What We Do Here On TecMint, You Should Consider:
- Important Port numbers for the Linux system administrator
- Linux Port numbers
- Q. What is a port?
- Q. What is hardware port?
- Q. What is a socket?
- Q. What is the range of ports or how many ports are there?
- Q. Why port numbers are just 65536?
- Q. What are the well-known ports or assigned ports or default ports?
- Q. What do you mean by default port?
- Q. Can we change default port for a service(example Apache, squid)?
- Q. What are the protocol numbers for TCP and UDP?
- Q. Is there any way I can see all the port information in Linux?
- Q. How can I see open ports in Linux?
- Well known ports
- How to change the ssh port on Linux or Unix server
- Procedure to change the SSH Port for Linux or Unix Server
- Locate sshd_config file by typing the following command
- Edit the file and set Port option
- A note about SELinux users
- Updating your firewall to accept the ssh port 2222 in Linux
- Restart the sshd service
- How to verify that TCP port 2222 opened
- How to use the new SSH port with command line
- Conclusion
How to Create SSH Tunneling or Port Forwarding in Linux
SSH tunneling (also referred to as SSH port forwarding) is simply routing the local network traffic through SSH to remote hosts. This implies that all your connections are secured using encryption. It provides an easy way of setting up a basic VPN (Virtual Private Network), useful for connecting to private networks over unsecure public networks like the Internet.
You may also be used to expose local servers behind NATs and firewalls to the Internet over secure tunnels, as implemented in ngrok.
SSH sessions permit tunneling network connections by default and there are three types of SSH port forwarding: local, remote and dynamic port forwarding.
In this article, we will demonstrate how to quickly and easily set up SSH tunneling or the different types of port forwarding in Linux.
Testing Environment:
For the purpose of this article, we are using the following setup:
- Local Host: 192.168.43.31
- Remote Host: Linode CentOS 7 VPS with hostname server1.example.com.
Usually, you can securely connect to a remote server using SSH as follows. In this example, I have configured passwordless SSH login between my local and remote hosts, so it has not asked for user admin’s password.
Connect Remote SSH Without Password
Local SSH Port Forwarding
This type of port forwarding lets you connect from your local computer to a remote server. Assuming you are behind a restrictive firewall or blocked by an outgoing firewall from accessing an application running on port 3000 on your remote server.
You can forward a local port (e.g 8080) which you can then use to access the application locally as follows. The -L flag defines the port forwarded to the remote host and remote port.
Adding the -N flag means do not execute a remote command, you will not get a shell in this case.
The -f switch instructs ssh to run in the background.
Now, on your local machine, open a browser, instead of accessing the remote application using the address server1.example.com:3000, you can simply use localhost:8080 or 192.168.43.31:8080 , as shown in the screenshot below.
Access a Remote App via Local SSH Port Forwarding
Remote SSH Port Forwarding
Remote port forwarding allows you to connect from your remote machine to the local computer. By default, SSH does not permit remote port forwarding. You can enable this using the GatewayPorts directive in your SSHD main configuration file /etc/ssh/sshd_config on the remote host.
Open the file for editing using your favorite command-line editor.
Look for the required directive, uncomment it, and set its value to yes , as shown in the screenshot.
Enable Remote SSH Port Forwarding
Save the changes and exit. Next, you need to restart sshd to apply the recent change you made.
Next run the following command to forward port 5000 on the remote machine to port 3000 on the local machine.
Once you understand this method of tunneling, you can easily and securely expose a local development server, especially behind NATs and firewalls to the Internet over secure tunnels. Tunnels such as Ngrok, pagekite, localtunnel, and many others work in a similar way.
Dynamic SSH Port Forwarding
This is the third type of port forwarding. Unlike local and remote port forwarding which allows communication with a single port, it makes possible, a full range of TCP communications across a range of ports. Dynamic port forwarding sets up your machine as a SOCKS proxy server that listens on port 1080, by default.
For starters, SOCKS is an Internet protocol that defines how a client can connect to a server via a proxy server (SSH in this case). You can enable dynamic port forwarding using the -D option.
The following command will start a SOCKS proxy on port 1080 allowing you to connect to the remote host.
From now on, you can make applications on your machine use this SSH proxy server by editing their settings and configuring them to use it, to connect to your remote server. Note that the SOCKS proxy will stop working after you close your SSH session.
Summary
In this article, we explained the various types of port forwarding from one machine to another, for tunneling traffic through the secure SSH connection. This is one of the very many uses of SSH. You can add your voice to this guide via the feedback form below.
Attention: SSH port forwarding has some considerable disadvantages, it can be abused: it can be used to bypass network monitoring and traffic filtering programs (or firewalls). Attackers can use it for malicious activities. In our next article, we will show how to disable SSH local port forwarding. Stay connected!
If You Appreciate What We Do Here On TecMint, You Should Consider:
TecMint is the fastest growing and most trusted community site for any kind of Linux Articles, Guides and Books on the web. Millions of people visit TecMint! to search or browse the thousands of published articles available FREELY to all.
If you like what you are reading, please consider buying us a coffee ( or 2 ) as a token of appreciation.
We are thankful for your never ending support.
Источник
Important Port numbers for the Linux system administrator
Linux Port numbers
This is bit important post on understanding the ports, their details and numbers.
Some FAQ related PORTS
Q. What is a port?
A port is piece of software which is used as docking point in your machine, where remote application can communicate. This is analogy to the physical ports for entering in to a country from different sea ports.
Q. What is hardware port?
This is a physical peripheral connecting point to a machine from a physical device.
Q. What is a socket?
Socket is combination of software Port and IP address.
Q. What is the range of ports or how many ports are there?
Port numbers can vary from 0 to 65535, so total we can get 65536 ports
Q. Why port numbers are just 65536?
This is because limitation in TCP/IP stack where the port number field is just 16bit size. So we get only 2^16(2 to the power of 16) ports which are equal to 65536 available ports
Q. What are the well-known ports or assigned ports or default ports?
Well known ports are from 0 to 1023(total 2^10=1024 ports)
Q. What do you mean by default port?
Default port is a designated port for particular well-known service such as web server, mail server, ftp server etc. By default FTP uses 21 port, DNS uses 53 and Apache uses 80 port.
Q. Can we change default port for a service(example Apache, squid)?
Yes, we can change. In Apache and DNS we can change this using listen configuration entry in httpd.conf and named.conf. Squid have port entry in it’s squid.conf file to mention port number.
Q. What are the protocol numbers for TCP and UDP?
Do not confuse this one with port numbers. TCP and UDP have their own numbers in TCP/IP stack.
TCP protocol number: 6
UDP protocol number: 17
Q. Is there any way I can see all the port information in Linux?
Yes, you can get that from /etc/services files.
Q. How can I see open ports in Linux?
Well known ports
20 – FTP Data (For transferring FTP data)
21 – FTP Control (For starting FTP connection)
22 – SSH (For secure remote administration which uses SSL to encrypt the transmission)
23 – Telnet (For insecure remote administration)
25 – SMTP (Mail Transfer Agent for e-mail server such as SEND mail)
53 – DNS (Special service which uses both TCP and UDP)
67 – Bootp
68 – DHCP
69 – TFTP (Trivial file transfer protocol uses udp protocol for connection less transmission of data)
80 – HTTP/WWW(Apache)
88 – Kerberos
110 – POP3 (Mail delivery Agent)
123 – NTP (Network time protocol used for time syncing uses UDP protocol)
137 – NetBIOS (nmbd)
139 – SMB-Samba (smbd)
143 – IMAP
161 – SNMP (For network monitoring)
389 – LDAP (For centralized administration)
443 – HTTPS (HTTP+SSL for secure web access)
514 – Syslogd (udp port)
636 – ldaps (both ctp and udp)
873 – rsync
989 – FTPS-data
990 – FTPS
995 – POP3s
2049 – NFS (nfsd, rpc.nfsd, rpc, portmap)
2401 – CVS server
3306 – MySql
6000-6063-X11
Note 1: If protocol(TCP or UDP) is not mention then the above port are solely for TCP. Some service use UDP as mention in above list.
Note 2: X11 use 6000 to 6063.. ports for connecting X11 from remote server.
Источник
How to change the ssh port on Linux or Unix server
I am a new Linux/Unix server admin. How do I change the SSH Port for my Linux or Unix server using command line option?
You can easily change the SSH Port for Your Linux or Unix server. The ssh port defined in sshd_config file. This file located in /etc/ssh/sshd_config location.
| Tutorial details | |
|---|---|
| Difficulty level | Easy |
| Root privileges | Yes |
| Requirements | OpenSSH on Linux or Unix OS |
| Est. reading time | 3 minutes |
Procedure to change the SSH Port for Linux or Unix Server
- Open the terminal application and connect to your server via SSH.
- Locate sshd_config file by typing the find command.
- Edit the sshd server file and set Port option.
- Save and close the file
- Restart the sshd service to change the ssh port in Linux.
Locate sshd_config file by typing the following command
$ find / -name «sshd_config» 2>/dev/null
Sample outputs:
The find command try to locate sshd server config file named sshd_config. I added the 2>/dev/null at the end to hide find command permission denied messages warning/spam.
Edit the file and set Port option
Type the following command:
$ sudo vi /etc/ssh/sshd_config
Locate line that read as follows:
Port 22
OR
#Port 22
To set the port to 2222, enter:
Port 2222
Save and close the file. Please note that port numbers 0-1023 are reserved for various system services. Hence, I recommend choosing port numbers between 1024 and 65535. Here is a common list of privileged services and designated as well-known ports:
| Port | Protocol | Service |
|---|---|---|
| 20 | tcp | ftp-data |
| 21 | tcp | ftp server |
| 22 | tcp | ssh server |
| 23 | tcp | telnet server |
| 25 | tcp | email server |
| 53 | tcp/udp | Domain name server |
| 69 | udp | tftp server |
| 80 | tcp | HTTP server |
| 110 | tcp/udp | POP3 server |
| 123 | tcp/udp | NTP server |
| 443 | tcp | HTTPS server |
Use the cat command/grep command/egrep command to see internet network services list:
cat /etc/services
less /etc/services
more /etc/services
grep -w ’22/tcp’ /etc/services
grep SSH /etc/services
grep -w ’80/tcp’ /etc/services
egrep -w ‘(80|443|110|53)/tcp’ /etc/services
- No ads and tracking
- In-depth guides for developers and sysadmins at Opensourceflare✨
- Join my Patreon to support independent content creators and start reading latest guides:
- How to set up Redis sentinel cluster on Ubuntu or Debian Linux
- How To Set Up SSH Keys With YubiKey as two-factor authentication (U2F/FIDO2)
- How to set up Mariadb Galera cluster on Ubuntu or Debian Linux
- A podman tutorial for beginners – part I (run Linux containers without Docker and in daemonless mode)
- How to protect Linux against rogue USB devices using USBGuard
Join Patreon ➔
Viewing or choosing a new SSH port number in Linux
A note about SELinux users
You must type the following command to change port to 2222:
# semanage port -a -t ssh_port_t -p tcp 2222
Updating your firewall to accept the ssh port 2222 in Linux
If you are using UFW on a Ubuntu/Debian Linux, type:
$ sudo ufw allow 2222/tcp
The syntax for iptables is as follows
$ sudo /sbin/iptables -A INPUT -m state —state NEW -m tcp -p tcp —dport 2222 -j ACCEPT
The syntax for pf firewall is as follows (FreeBSD/OpenBSD/NetBSD Unix) in your pf.conf:
pass log on $ext_if proto tcp to any port 2222 keep state
To open the new port run the following commands on Fedora/CentOS/RHEL/Oracle Linux using FirewallD
$ sudo firewall-cmd —permanent —zone=public —add-port=2222/tcp
$ sudo firewall-cmd —reload
Warning: You must update your firewall settings to accept new port. Otherwise the following command will lock down your ssh access.
Restart the sshd service
Type the following command on a CentOS/RHEL/Fedora Linux:
$ sudo service sshd restart
OR if you are using CentOS/RHEL/Fedora Linux with systemd:
$ sudo systemctl restart sshd
OR if you are using Ubuntu/Debian/Mint Linux:
$ sudo service ssh restart
OR if you are using Ubuntu/Debian/Mint Linux with systemd:
$ sudo systemctl restart ssh
Or if you are using FreeBSD Unix, enter:
$ sudo service sshd restart
How to verify that TCP port 2222 opened
Use the netstat command or ss command:
ss -tulpn | grep 2222
netstat -tulpn | grep 2222
How to use the new SSH port with command line
The syntax is:
ssh -p
sftp -P
scp -P
scp -P
For example:
ssh -p 2222 vivek@server1.cyberciti.biz
Conclusion
This page explained how to change the SSH port on both Linux and Unix-like systems including ssh command line option for connecting the server. For further information please see the following resources:
🐧 Get the latest tutorials on Linux, Open Source & DevOps via
Источник
