SSH tunneling is a powerful feature that creates encrypted pathways between machines. PuTTY implements three distinct tunneling methods, each serving different network scenarios:

This creates a tunnel where connections to your local machine are forwarded to a remote server through SSH.

PuTTY Configuration:

Source port: 8080
Destination: remote-server:80
Connection type: Local

Equivalent command line:

plink.exe -L 8080:remote-server:80 user@ssh-gateway

Use case: Accessing internal web servers behind a firewall by browsing to localhost:8080

Reverse tunneling where connections to the remote server are forwarded back to your local machine.

PuTTY Configuration:

Source port: 2222
Destination: localhost:22
Connection type: Remote

Equivalent command line:

plink.exe -R 2222:localhost:22 user@ssh-gateway

Use case: Giving external access to your local development environment by connecting to gateway:2222

Creates a SOCKS proxy that can handle multiple connections dynamically.

PuTTY Configuration:

Source port: 1080
Destination: (leave empty)
Connection type: Dynamic

Equivalent command line:

plink.exe -D 1080 user@ssh-gateway

Use case: Secure web browsing through corporate firewall by configuring browser to use localhost:1080 as SOCKS proxy

Multi-hop tunneling:

plink.exe -L 3306:db-server:3306 user@bastion-host

Persistent tunnels with autossh:

autossh -M 0 -f -N -L 5432:postgres-server:5432 user@gateway

• Always use SSH key authentication instead of passwords
• Restrict forwarded ports using GatewayPorts no in sshd_config
• Consider using -N flag for tunnels that don't need shell access

If connections fail:

1. Verify the SSH server allows TCP forwarding (AllowTcpForwarding yes)
2. Check for port conflicts with netstat -ano | findstr 8080
3. Test basic SSH connectivity first

---

SSH tunneling (port forwarding) is a powerful feature that creates encrypted tunnels between local and remote machines. In PuTTY, you'll find three distinct tunneling options under Connection → SSH → Tunnels:

This forwards a local port to a remote destination. Syntax in PuTTY's configuration:

L8080:localhost:80

Example use case: Accessing a remote web server running on port 80 through local port 8080.
After establishing the connection, you can access the remote service via:

http://localhost:8080

This does the opposite - forwards a remote port to a local machine. Syntax:

R2222:localhost:22

Practical scenario: Making your local SSH server (port 22) available on the remote machine's port 2222. Users on the remote network could then SSH to your local machine using:

ssh user@remotehost -p 2222

Creates a SOCKS proxy server on your local machine. Syntax:

D1080

This sets up a SOCKS proxy on port 1080. Configure your browser to use localhost:1080 as a SOCKS proxy, and all traffic will be routed through the SSH server.

Command-line equivalents for each type:

# Local forwarding
ssh -L 8080:localhost:80 user@remotehost

# Remote forwarding  
ssh -R 2222:localhost:22 user@remotehost

# Dynamic forwarding
ssh -D 1080 user@remotehost

For production environments, consider these additional parameters:

ssh -N -T -f -L 8080:localhost:80 user@remotehost

Where:
-N: No remote command
-T: Disable pseudo-terminal allocation
-f: Fork to background

If connections are refused:

1. Verify the SSH server's GatewayPorts setting for remote forwarding
2. Check local firewall rules
3. Confirm the target service is running