User Tools

Site Tools


unix:putty_tunnels

SSH Tunnels with Putty

SSH Tunnel to Unix machine (C) behind a firewall and DMZ-ed server (B)

+----------+:22000      :22001+----------+:22001         :22+----------+
|    PC    |----------------->|  server  |----------------->|   unix   |
|    (A)   |                  |    (B)   |                  |    (C)   |
+----------+                  +----------+                  +----------+
  • Establish a tunnel from localhost:22000 to server:22001 like this:

or like this

ssh -L 22000:localhost:22001 user@server.B.cz
  • Establish an SSH-connection to the Unix machine using the shell on the server (B)
ssh -L 22001:localhost:22 user@unix.C.cz
  • finished :) You can easily connect to localhost:22 and you will be in fact connected to unix.C.cz!

Proxy SOCKSv4 Server

This describes how to make a proxy from a desktop (desktop.B.cz) behind a server (server.B.cz). First, make a tunnel from your machine:9001 to a given port (e.g. 22001) on the server.B.cz:

ssh -L 9001:localhost:22001 user@server.B.cz

Then, login on the server.B.cz and make a dynamic SOCKS proxy from your distant desktop desktop.B.cz where you really want to have proxy on:

ssh -D 22001 user@desktop.B.cz

The proxy is on your machine's localhost at port 9001.

X-Window through VNC client/server

This feature is useful if we want to connect from a Windows machine to a remote Unix server, and we'd like to use a secure connection. A typical usage is when we wan to connect to X Window system via VNC (Virtual Network Connection), and we don't want all to see our communication.

The configuration is rather easy. We start a connection to a remote Unix server as usual. But before a confirming of the connection using the Open button, we must set up port forwarding in Connection/SSS/Tunnels section:

Putty SSH Tunnel settings

  • The Source port is a port on your local Windows machine you want to forward. For VNC, use 5900 for example.
  • The Destination is the other end of your tunnel. Usually, it will be on the machine you connect to via SSH. In that case, use “localhost” and desired port after a colon, like in the example above. However, connection to a different machine (in a secured private network, for instance) is possible too, just replace “localhost” with some IP address or DNS name.
  • Don't forget to click the Add button. You should see something like this

Port forwarding set

Finally, click on the Open button, and log on your Unix server as usual.

If you want to proceed with the VNC connection, follow these steps:

  • set up an VNC password with vncpasswd on the Unix machine.
  • start the VNC server there using vncserver. You can specify additional options like
vncserver -geometry 800x600 -depth 16
  • start a VNC Viewer on your Windows computer. Connect to localhost:5900:

  • fill the specified password and enjoy your X Window desktop :)
unix/putty_tunnels.txt · Last modified: 2013/10/02 16:30 by bajeluk