Native SSH Port Forwarding (Tunneling) on Windows 10

In this article, we will show you how to use the OpenSSH server built into Windows 10 to forward ports through an SSH tunnel. The SSH Port Forwarding feature allows application ports to be tunneled (redirected) from a local computer to a remote server and vice versa. Previously, SSH tunneling was only used in Linux/Unix environments, but now it can also be used in Windows 10/Windows Server 2016. Here is an example of using an RDP connection through an SSH tunnel (TCP port 22) on Windows.

SSH tunneling is typically used in scenarios where you need to connect to a remote computer behind a firewall. You have z. For example, a Windows server with only the SSH port (TCP 22) open. All other ports are blocked by the hardware firewall or the Windows firewall. Your job is to connect to a Windows server with an RDP client. This seems impossible because port 3389 for the remote office is blocked by the firewall. However, you can use the port forwarding technique via SSH tunnel.

Typical SSH tunneling scenarios are as follows:

  • Local TCP redirection is the redirection of a local port to a remote server;
  • Remote TCP redirection is a remote port redirection to the local computer;
  • A double SSH tunnel connects computers without their own public IP address behind the NAT via an SSH server.

RDP access via SSH tunnel (local TCP transfer)

In this mode, you create a local TCP port on your computer. All connections to this port are routed through the SSH tunnel to the specified port on the remote server. In this example, we create a local port 8888 and the connection from this port is forwarded to the RDP port 3389 on the remote Windows computer. The general wiring diagram is shown below.

To create an SSH tunnel using the built-in Windows 10 SSH client (part of Windows 10 1809 and later and Windows Server 2019 and later), run this command:

ssh -L 8888: [protected via email] To run the SSH tunnel in the background, add the -f parameter.

To connect to a computer’s remote desktop through an SSH tunnel, you must use the RDP client (mstsc.exe) to connect to your computer’s local port 8888 :

Connect to the remote computer and work securely in an RDP session (but remember that port 3389 is always covered by the firewall). You can use the TCPView tool to verify that the RDP connection is local (the RDP connection is initiated by the SSH server running locally).

Note that if you forward unencrypted application traffic, it will be encrypted and sent over public networks. This traffic is encrypted on one side of your SSH connection and decrypted on the other.

Other computers on your local network can also use this mode to connect to the RDP server, even if a direct connection is not allowed (via SSH or RDP). To do this, they must connect to port 8888 on your computer via an RDP client, creating the SSH tunnel:

mstsc.exe /v

Remote TCP Redirection to Local Host

There is another case of using an SSH tunnel: remote TCP redirection. You can use an SSH tunnel to give a remote server access to a local port on your computer or a port on another computer on your local network. You want z. For example, let a remote server ( access your intranet site (not published on the Internet). To create a reverse SSH tunnel, use this command:

ssh -R 8080:internalwwww:80 [email protected]

To access the internwww site from a remote SSH server, type this address into your browser: http://localhost:8080In All versions of Windows can create port forwarding rules using the portproxy command from the netsh interface.

SSH tunnels can be used to set up port routing chains. To enable or disable SSH tunneling, add one of the following directives to the OpenSSH configuration file (%programdata%sshsshd_config) :

AllowStreamLocalForwarding yes
AllowTcpForwarding remote

Related Tags:

ssh tunnel windows 10 command linedynamic port forwarding windowsssh tunnel windows command linewindows ssh tunnel powershellwindows ssh tunnel managerputty ssh tunnelssh tunnel windows downloadssh tunneling tutorial

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *