🎁 New User? Get 20% off your first purchase with code NEWUSER20 Register Now →
Menu

Categories

Security & Hardening

SSH Tunneling and Port Forwarding: The Complete Masterclass

Dargslan Team | April 12, 2026 | 5 min read | 3 views
linux networking security ssh
SSH Tunneling and Port Forwarding: The Complete Masterclass

SSH tunnels let you access remote services securely without exposing them to the internet. Whether you need to reach a database behind a firewall or create a SOCKS proxy, SSH tunneling is an essential skill for every sysadmin.

Local Port Forwarding (-L)

Access a remote service through your local machine.

# Access remote PostgreSQL (port 5432) via localhost:5433
ssh -L 5433:localhost:5432 user@dbserver

# Access internal web app through jump host
ssh -L 8080:internal-app:80 user@bastion

# Then connect: psql -h localhost -p 5433
# Or browse: http://localhost:8080

Remote Port Forwarding (-R)

Expose your local service to a remote server.

# Make local dev server accessible on remote port 8080
ssh -R 8080:localhost:3000 user@remote-server

# Anyone accessing remote-server:8080 reaches your localhost:3000

Dynamic SOCKS Proxy (-D)

# Create SOCKS5 proxy on localhost:1080
ssh -D 1080 user@proxy-server

# Configure browser/apps to use SOCKS5 proxy: localhost:1080
# All traffic routed through the SSH tunnel

Jump Hosts / ProxyJump

# ProxyJump (SSH 7.3+)
ssh -J user@bastion user@internal-server

# Chain multiple jumps
ssh -J bastion1,bastion2 user@target

# In ~/.ssh/config
Host internal-*
    ProxyJump bastion
    User admin

Host bastion
    HostName bastion.example.com
    User jump-user
    IdentityFile ~/.ssh/bastion_key

Persistent Tunnels with autossh

# Install
sudo apt install autossh

# Persistent tunnel (auto-reconnect)
autossh -M 0 -f -N -L 5433:localhost:5432 user@dbserver

# As a systemd service
# /etc/systemd/system/ssh-tunnel.service
[Unit]
Description=SSH Tunnel to Database
After=network.target

[Service]
User=tunnel-user
ExecStart=/usr/bin/autossh -M 0 -N -L 5433:localhost:5432 user@dbserver
Restart=always
RestartSec=10

[Install]
WantedBy=multi-user.target

SSH Multiplexing (Speed)

# ~/.ssh/config
Host *
    ControlMaster auto
    ControlPath ~/.ssh/sockets/%r@%h-%p
    ControlPersist 600

# First connection establishes socket
# Subsequent connections reuse it (instant connect)

📥 SSH Cheat Sheet PDF

Download our comprehensive SSH cheat sheet with all tunnel types, config examples, and security hardening.

Download Free Cheat Sheets →

SSH tunnels are one of the most powerful tools in a sysadmin's arsenal. They provide encrypted access to services without VPNs, firewall changes, or exposing ports to the internet. Master the three tunnel types and you can securely access anything from anywhere.

Share this article:
Dargslan Editorial Team (Dargslan)
About the Author

Dargslan Editorial Team (Dargslan)

Collective of Software Developers, System Administrators, DevOps Engineers, and IT Authors

Dargslan is an independent technology publishing collective formed by experienced software developers, system administrators, and IT specialists.

The Dargslan editorial team works collaboratively to create practical, hands-on technology books focused on real-world use cases. Each publication is developed, reviewed, and...

Programming Languages Linux Administration Web Development Cybersecurity Networking
View all books

Related Articles

Stay Updated

Subscribe to our newsletter for the latest tutorials, tips, and exclusive offers.