Windows OS Hub
  • Windows Server
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Group Policies
  • Windows Clients
    • Windows 10
    • Windows 8
    • Windows 7
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
  • PowerShell
  • Exchange
  • Home
  • About

Windows OS Hub

  • Windows Server
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Group Policies
  • Windows Clients
    • Windows 10
    • Windows 8
    • Windows 7
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
  • PowerShell
  • Exchange

 Windows OS Hub / Windows 10 / Native SSH Port Forwarding (Tunneling) on Windows 10

June 11, 2020 Windows 10Windows Server 2016

Native SSH Port Forwarding (Tunneling) on Windows 10

In this article we will show how to use the built-in Windows 10 OpenSSH server to forward ports via an SSH tunnel. SSH port forwarding allows you to tunnel (forward) app ports from a local computer to a remote server and vice versa. Earlier SSH tunneling was used in Linux/Unix environment only, but today you can use it in Windows 10/Windows Server 2016 as well. Here is a case study of how to use an RDP connection through the SSH tunnel (TCP port 22) on Windows.

SSH tunneling is mostly used in the scenarios when you need to connect to a remote computer behind the firewall. For example, you have a Windows Server with only SSH port open (TCP 22). All other ports are blocked by a hardware firewall or Windows Firewall. Your task is to connect to the Windows Server using the RDP client. It seems impossible since Remote Desktop port 3389 is blocked by the firewall. However, you can use the port forwarding technique through the SSH tunnel.

Here are the typical usage scenarios of SSH tunneling:

  • Local TCP forwarding is a local port forwarding to a remote server;
  • Remote TCP forwarding is a remote port forwarding to a local computer;
  • Double SSH tunnel connects computers without any dedicated pubic IP addresses behind NAT through an SSH server (if OpenVPN solution is not applicable).

RDP Access Through SSH Tunnel (Local TCP Forwarding)

In this mode, you create a local TCP port on your computer. All connections to this port are forwarded to the specified port on a remote server via the SSH tunnel. In this example, we will create a local Port 8888, and the connection to it will be forwarded to the RDP port 3389 on a remote Windows computer. The general connection scheme is shown below.

windows 10 ssh tunnel

To create an SSH tunnel using the built-in Windows 10 SSH client (is a part of Windows starting from Windows 10 1809 and Windows Server 2019), run this command:

ssh -L 8888:192.168.1.90:3389 root@192.168.1.90

To make the SSH tunnel work in the background, add the –f parameter.

windows 10 connect rsp via ssh tunneling

To connect to a remote computer desktop via the SSH tunnel, you need to connect to the local Port 8888 of your computer using the RDP client (mstsc.exe):

127.0.0.1:8888

mstsc rdp port forwarding

Login to the remote computer and work safely in the RDP session ( but you remember that port 3389 is still closed by the firewall). You can use the TCPView tool to make sure that the RDP connection is local (the RDP connection is initiated by the SSH server running locally).

tcpview

Please note that if you forward an unencrypted app traffic, it will be transmitted encrypted over the public networks. Such a traffic will be encrypted on the one end of your SSH connection and decrypted on the other one.

Other computers of your local network can also use this mode to connect to an RDP server even if the direct connection is not allowed (both via SSH and via RDP). To do it, they must connect via RDP client to port number 8888 on your computer with the SSH tunnel created:

mstsc.exe /v 10.10.1.220:8888

mstsc rdp port forwarding via ssh tunnel on windows 10

Remote TCP Forwarding to a Local Computer

There is another SSH tunnel use case — remote TCP forwarding. Using the SSH tunnel, you can allow the remote server to access a local port on your computer or a port on another computer in your local network. For example, you want an external server (200.168.1.90) access your Intranet site (not published in the Internet). To create a reverse SSH tunnel, use this command:

ssh -R 8080:internalwww:80 user@200.168.1.90

To get access to internalwwww site from a remote SSH server, it is enough to type this address in the browser: http://localhost:8080

In all Windows versions you can create port forwarding rules using the netsh interface portproxy command

Using SSH tunnels, you can build port forwarding chains. To enable or disable SSH tunneling, add one of the following directives in the OpenSSH config file (%programdata%\ssh\sshd_config):

AllowStreamLocalForwarding yes
AllowTcpForwarding remote

0 comment
4
Facebook Twitter Google + Pinterest
previous post
How to Clear RDP Connections History in Windows?
next post
How to Manage Services & Scripts Startup on CentOS/RHEL?

Related Reading

How to Disable NetBIOS and LLMNR Protocols in...

April 9, 2021

Enable Windows Lock Screen after Inactivity via GPO

April 8, 2021

How to Create and Manage Scheduled Tasks with...

April 7, 2021

Updating Windows VM Templates on VMWare with PowerShell

April 5, 2021

Running Multiple IIS Websites on the Same Port...

April 1, 2021

Leave a Comment Cancel Reply

Categories

  • Active Directory
  • Group Policies
  • Exchange
  • Windows 10
  • Windows 8
  • Windows 7
  • Windows Server 2016
  • Windows Server 2012 R2
  • Windows Server 2008 R2
  • PowerShell
  • VMWare
  • MS Office

Recent Posts

  • How to Disable NetBIOS and LLMNR Protocols in Windows Using GPO?

    April 9, 2021
  • Enable Windows Lock Screen after Inactivity via GPO

    April 8, 2021
  • How to Create and Manage Scheduled Tasks with PowerShell?

    April 7, 2021
  • Updating Windows VM Templates on VMWare with PowerShell

    April 5, 2021
  • Running Multiple IIS Websites on the Same Port or IP Address

    April 1, 2021
  • Can’t Copy and Paste via Remote Desktop (RDP) Clipboard

    March 31, 2021
  • UAC: This App Has Been Blocked for Your Protection on Windows 10

    March 30, 2021
  • How to Unlock a File Locked by Any Process or SYSTEM?

    March 29, 2021
  • Configuring a Domain Password Policy in the Active Directory

    March 26, 2021
  • Using Native Package Manager (WinGet) on Windows 10

    March 24, 2021

Follow us

woshub.com
  • Facebook
  • Twitter
  • RSS
Popular Posts
  • How to Allow Multiple RDP Sessions in Windows 10?
  • How to Repair EFI/GPT Bootloader on Windows 10?
  • How to Restore Deleted EFI System Partition in Windows 10?
  • Network Computers are not Showing Up in Windows 10
  • How to Run Program without Admin Privileges and to Bypass UAC Prompt?
  • Error Code: 0x80070035 “The Network Path was not found” after Windows 10 Update
  • How to Configure Google Chrome Using Group Policy ADMX Templates?
Footer Logo

@2014 - 2018 - Windows OS Hub. All about operating systems for sysadmins


Back To Top