Connect to internal network through SSH tunnel

Share this post on:

Access to the private network is possible through credit servers. These servers have enough privileges and cryptographic requirements to pass the firewalls. Other network nodes are blocked. Authorized people, who have login credentials, may tunnel their traffic from these servers to transfer data. There are so many methods including VPN; we mostly prefer SSH. Which is lightweight, global, and almost zero-config.

Secure Shell (SSH) Protocol is a protocol for secure remote login and other secure network services over an insecure network.

RFC 4250, RFC 4251, RFC 4252, RFC 4253, RFC 4254

Client Machine

Based on your running OS, choose a guide below and set the proxy address for applications which traffic are about to tunnel.

You can test your connection by sending an HTTP request or navigating to on your web browser which should return the server’s IP address back.


It is possible to forward the server port on a local loop-back device and pass the traffic from defined port as a MITM proxy by the command below:

ssh -D <local_port> <username>@<server> -p <server_port> -fTNC

If you already have access to authorized SSH keys, you may not need to use sshpass tool to login to your account. It is not recommended at all, to store password in plain-text format on your device and we strongly recommend using encrypted keys. But in case of temporary guest usage, you may store following commands in an .sh file:

SSHPASS='<password>' sshpass -e ssh -o StrictHostKeyChecking=no -D <local_port> <username>@<server> -p <server_port> -fTNC

Note that, sshpass is a third-party tool which can be installed using apt install sshpass .


SSH clients mostly support port forwarding. Based on your SSH client, follow their guidelines. Then you may set your proxy address from Internet Options or from inside of the application’s settings.


To create a proxy user, administrators must disable their permissions and logins.

# Define user
useradd -r <username>

# Change their password
passwd <username>

# Disable their login
usermod -s /sbin/nologin <username>
Share this post on:

Author: tayyebi

Tayyebi works in the role of Director at Gordarg where he is the founder. He is passionate about people, technology, and arts. Mohammad believes in communications, each of us has the power to empower their people with knowledge. He can be seen writing codes, playing music, biking, and reading.

View all posts by tayyebi >