Chapter 9. Port Forwarding and X Forwarding

One of SSH’s major benefits is transparency . A terminal session secured by SSH behaves like an ordinary, insecure one (e.g., created by telnet or rsh) once it has been established. Behind the scenes, however, SSH keeps the session secure with strong authentication, encryption, and integrity checking.

In some situations, however, transparency is hard to achieve. A network firewall might be in the way, interfering with certain network traffic you need. Corporate security policies might prohibit you from storing SSH keys on certain machines. Or you might need to use insecure network applications in a secure environment.

In this chapter, we’ll discuss an important feature of SSH, called forwarding or tunneling, that addresses several concerns about transparency:

Securing other TCP/IP applications

SSH can transparently encrypt another application’s data stream. This is called port forwarding .

Securing X Window applications

Using SSH, you can invoke X programs on a remote machine and have them appear, securely, on your local display. (This feature of X is insecure ordinarily.) This is called X forwarding , a special case of port forwarding for which SSH has extra support.

SSH forwarding isn’t completely transparent, since it occurs at the application level, not the network level. Applications must be configured to participate in forwarding, and a few protocols are problematic to forward (FTP data channels are a notable example). But in most common ...

Get SSH, The Secure Shell: The Definitive Guide, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.