An SSH tunnel establishes a connection to a remote server - but via an intermediate station. For example, if the example.com page is blocked on your network, access an SSH server that connects to example.com and routes it to you. The whole thing is reversed via a reverse SSH tunnel. Sounds confusing, but with a little explanation and examples it's very easy.
What is an SSH tunnel?
You can read about exactly what SSH is here. In brief: With SSH (Secure Shell) you set up an encrypted connection to a remote computer (SSH server) and can then work there - as if you were sitting in front of this remote computer. Requirement number 1 for an SSH tunnel is therefore an SSH server. You can also use devices in your home network for testing. The whole thing only becomes really useful when you can use a server on the Internet; For example, many web space providers also offer an SSH option. Requirement number 2: The SSH server must also be configured in such a way that SSH tunnels are permitted.
Tunnel now means that data from a third computer, for example a website, is requested by the SSH server and then forwarded to your local computer via the SSH connection. For example, suppose your network administrator has blocked the example.com website. But you can access your SSH server "ssh.meinsshserver.de" - and this in turn also on "example.com". Then tell your SSH server to direct "example.com" to your local machine - and you can then view it in the browser. Best of all: SSH connections are encrypted as I said, meaning that nobody can see what data you are viewing, in this case the "example.com" website.
It looks similar with a reverse tunnel: Assuming you have a server running on your computer, such as a web server - or simply the Mediacenter Kodi, which can also be accessed via the browser. Now you want to access it from a third computer. Your Kodi computer at home is not equipped with its own IP address, so you cannot easily access it. You can, however, send Kodi's browser view to the third computer via the SSH server.
More precisely: Kodi's web interface can be found locally in the browser under "127.0.0.1:8080", or "localhost: 8080". The "127.0.0.1" just means the local computer and "8080" the port, a kind of house number under which the web interface can be found. This port 8080 is forwarded to (almost) any port on the SSH server. That means: What can be seen under "127.0.0.1:8080" can then also be seen under "ssh.meinsshserver.de:9000", for example. And since the SSH server can be reached normally via the Internet, you can ultimately still access your home from the third computer via the SSH detour.
It becomes easier with examples. And since not everyone has a properly configured SSH server, our example works in the home network. You would need: A Windows or Linux computer and another network device with an SSH server configured as standard. That would be, for example, a Raspberry Pi, a NAS, another computer - if necessary just a virtual machine with something like Ubuntu. The following devices are used in the example: "192.168.69" as SSH server, "192.168.178.75:8080" as NAS web interface for the tunnel and "127.0.0.1:8080" as Kodi interface for the reverse tunnel. The username on the SSH server is "linaro", the assigned port is "9000"..
Use the SSH tunnel in the terminal
The tools are available by default on Linux and also on Windows 10. Read more about SSH under Windows 10 here. Under Windows 7 and Windows 8 you would have to upgrade for the command line. This is possible, for example, with Git for Windows, which installs a Linux-like terminal.
First of all, it is a matter of accessing the Kodi interface on the third computer from the local computer via the SSH server. Enter the following command in the terminal:
ssh [email protected] -L 9000: 192.168.178.75: 8080
First a normal SSH connection is established with the user "linaro" to the SSH server. The option "L" then initiates the tunnel: First the local port "9000" follows, then the address of the NAS web interface "192.168.178.75:8080". The password query follows. Then you can enter "127.0.0.1:9000" in the browser on the local computer and you will see what can also be seen under "192.168.75: 8080". As long as the devices are all in one network, you can of course use any IP address. Of course, you can only access the Internet using the IP address of the SSH server.
Use SSH tunnel under Windows
The terminal is not the natural way for Windows users - here you do it with PuTTY. Open PuTTY and simply enter the IP address of the SSH server under " Host Name " in the start window , in this case "192.168.178.69". You can optionally give the session a name and save it. Now switch to " Connection / SSH / Tunnels ". Enter the freely selected port "9000" as the " Source Port " and the NAS web interface as the " Destination ", ie "192.168.178.75:8080".
Then establish the connection using the " Open " button and enter "127.0.0.1:8080" in the browser to open the NAS web interface. And again: The NAS web interface is fetched from the SSH server and forwarded to your local computer..
Use reverse SSH tunnel
In the second example, the local Kodi web interface is to be called up from the third computer via the SSH server. The command looks almost exactly the same:
ssh [email protected] -R 9000: 127.0.0.1: 8080
The first part with the SSH connection does not change. Then comes the option "R" for the reverse tunnel : Again the desired port for the SSH server is set to 9000, then what should be forwarded follows again, the Kodi web interface under "127.0.0.1:8080 ". As soon as the connection is established, you can access the Kodi web interface from the third computer via "192.169.178.69:9000". With PuTTY you can of course do that too, you only have to check the box for "Remote" under "Connection / SSH / Tunnels".
Basically, the SSH call is completely identical in both cases: You establish an SSH connection from your local computer to the SSH server. Then either a local tunnel (option L) or a reverse tunnel (option R) is established. This is followed by the port for retrieval via the SHH server. The conclusion is what you actually want to see, here NAS or Kodi web interface. Granted, that doesn't always sound trivial on paper, but once you've tried it at home, it'll be cleared up very quickly.
