Signup/Sign In

How to Setup SSH Tunneling in Mac OS (or Ubuntu)

Posted in Internet Security   LAST UPDATED: MAY 18, 2023

    If you want to set up an SSH tunnel with your remote server using your Macbook, you can easily do so using the default Terminal application available in the Mac OS. Yes, we do not have to install any other application to do so, as we do in Windows.

    You can easily setup SSH on Mac without doing any extra work. If you are a Windows user, I would recommend using the Mobaxterm application for doing this. So let's get started!

    SSH on mac

    What is SSH Tunneling in Mac?

    An SSH tunnel or SSH port forwarding is a mechanism to establish a secure connection between a client machine and a server.

    Let's take a simple example to understand this. If we have a database server, let's say MySQL is running on a remote server with some IP address XXX.XXX.XXX.XXX and for which the port number 3306 which is the default port for MySQL is only available on the local network of the remote server.

    In this case, if you want to access the DB server from your local machine(connected to the internet), you won't be able to do it. In such a scenario, we set up an SSH tunnel with the remote server, to securely connect to the local network of the remote server to access the 3306 port on the remote server.

    Let's take another example If we are using AWS service and we have two servers one is a DB server and another is the SSH server on which the Web Server is running. On the SSH server, because we are running the Web server, port 80 would be open to all, because then only the website or the web application hosted on that server will be available to its users. But, for security, the DB server is never exposed to the internet and is kept on the local network, which will be accessible via the SSH server, as the SSH server is on the same local network.

    Now, if you want to check something or do something on the DB server. or want to connect your local SQL client with the remote database, you won't be able to do it directly. But because the DB server is accessible via the SSH server, we can set up an SSH tunnel with the SSH server to reach the DB server.

    I hope the two examples are clear, and now you know, why SSH tunneling is needed. So let's see how we can do this.

    Using MacOS/Ubuntu Terminal

    We can use the ssh command to set up an SSH tunnel with a remote server, considering the SSH port which is port number 22 is open for the remote server.

    • If our remote server name is my-remote-server.host and the SSH user is st-user, and on the same server a DB service let's say MySQL is installed which is accessible via localhost:3306 on the remote server.

    setup ssh tunnel in macos

    • Then to connect to the DB server, we can run the following command to setup an SSH tunnel:
    ssh -L 8888:127.0.0.1:3306 st-user@my-remote-server.host
    • Here, 8888: This is the local port that we will open for the SSH tunnel on the local machine. Here you can give any port number after 1024, because until 1024 port number, all ports are privileged ports.
    • 127.0.0.1: This is the IP for the localhost running on the remote server, this is also the destination we aim to reach via the SSH server.
    • 3306: This is the destination port, assigned to the MySQL server on the remote SSH server.
    • and then st-user@my-remote-server.host is the username and the IP address/URI for the SSH server.

    Once you do this, you will be prompted to enter the password for the user st-user, so enter the password and hit Enter, and the SSH tunnel will be created. Now, you will be able to access the MySQL server using 127.0.0.1:8888 address from your local machine.

    Using a .pem file

    If your remote server is an EC2 instance on AWS and you have a .pem file as the SSH key, run the following command for the above scenario:

    ssh -L 8888:127.0.0.1:3306 -i <path-of-pem-file> st-user@my-remote-server.host

    In this case, you will not be asked for the password, as authentication will be done using your SSH key.

    This was the scenario where the DB server was running on the localhost of the remote server. Next, let's see how to connect to a separate DB server via a remote server.

    Connect to Destination server via Remote Server:

    If our DB server is my-db-server.host on which port 3306 is available for connection on the private network access to the remote SSH server my-remote-server.host, as shown in the picture below.

    setup ssh tunnel in macos or ubuntu

    Then we can run the following command:

    ssh -L 8888:my-db-server.host:3306 st-user@my-remote-server.host

    Note: If SSH connection is enabled on a different port other than port number 22, then we can specify the port number in the above command using -p [PORT_NUMBER] argument. So, for example, we have 2200 port for SSH enabled on our remote server, then the command would be:

    ssh -L 8888:my-db-server.host:3306 -p 2200 st-user@my-remote-server.host

    Conclusion:

    I hope this article helped you in understanding what SSH tunneling is and how we can set up an SSH tunnel using the Terminal in MacOS and in Ubuntu or other Linux-based operating systems. If you were not able to do this or faced any issues running the above command, do share in the comments below and we will help you out.

    Frequently Asked Questions(FAQs)

    1. What exactly is SSH Tunneling, and why would you want to use it?

    SSH Tunneling is a network security method that creates an encrypted conduit between two devices over an insecure network, such as the Internet. It can be used to protect distant connections, gain access to limited resources, and circumvent firewalls and other security measures.

    2. How does SSH Tunneling work in Mac OS (or Ubuntu)?

    In Mac OS (or Ubuntu), use the "ssh" command with the "-L" option to select the local port and destination, and the "-N" mark to execute the SSH connection in the background. For example, the command "ssh -L 8080:localhost:80 user@remote.host -N" would establish an SSH tunnel from port 8080 on your local computer to port 8080 on the distant machine.

    3. What are some of the benefits of using SSH Tunneling?

    By encrypting network data, SSH Tunneling adds an extra layer of security, making it more difficult for intruders to eavesdrop or take private information. It also enables you to gain access to resources that are limited or inaccessible via your local networks, such as distant servers or databases.

    4. What are some SSH Tunneling recommended practices?

    It is critical to correctly protect your SSH keys and passwords when using SSH Tunneling and limit access to your local and distant computers. You should also watch your network data and SSH logs for any suspicious behavior on a frequent basis, and keep your software and security measures up to current to avoid vulnerabilities.

    You may also like:

    About the author:
    I like writing content about C/C++, DBMS, Java, Docker, general How-tos, Linux, PHP, Java, Go lang, Cloud, and Web development. I have 10 years of diverse experience in software development. Founder @ Studytonight
    Tags:macOSX
    IF YOU LIKE IT, THEN SHARE IT
     

    RELATED POSTS