Let us consider a particular use of SSH as follows:
Assuming the connection is successful, we have the usual functionality of SSH, plus the forwarding of a port:
Confusing? Let’s consider an example.
Let’s say that Jack’s home has a LAN. Jack sets up the router to forward port 22 to 192.168.5.20, one of the hosts on the LAN that is a relatively weak machine. Jack’s desktop machine (more resources) is 192.168.5.3 on the LAN, but the router does not forward any ports to it for security reasons.
Before Jack leaves for work, he starts x11vnc on his desktop machine (192.168.5.3), and configures x11vnc to listen to port 5901. Although VNC is not a secure protocol, Jack trusts all the hosts on his LAN, and the router does not forward any port 5901 traffic from outside. This set up is quite secure.
When Jack gets to his office, he wants to use his desktop machine at home. He already has registered the domain name somehost, purchased a static IP from his ISP, and set up DNS entries so that somehost maps to the static IP of his home.
Jack will need to install a VNC client on his office computer. If it is a Debian Linux box, xtightvncviewer is a good choice. However, there is no direct path using port 5901 from his office computer to his home computer. This is a good thing. Otherwise, everyone on the internet can try to connect to Jack’s home desktop computer via VNC.
What Jack needs to do now is exactly what we did before. On his office computer, he has to run SSH as follows:
As a secure protocol, Jack connects his office computer via his home router to the machine known as 192.168.5.20 in the LAN. This step is done by port forwarding of the router. At this point, nothing happens.
Next, Jack runs another command on his office machine while the SSH connection is active:
This command starts up a VNC client, use the hex encoding method (lossless, yet efficient), and try to connect to a VNC server at port 5905 of the office machine.
Port 5905 of the office machine is “stolen” by the SSH client. In other words, the SSH client listens to this port, and forwards everything to the other side of the SSH connection (192.168.5.20 of Jack’s home LAN). However, the attempt to connect to this port is further forwarded from 192.168.5.20 of Jack’s home LAN to 192.168.5.3:5901, which is Jack’s home desktop computer with x11vnc already listening to port 5901.
As a result, a connection is made from Jack’s office machine to his home desktop computer. The “hops” are listed as follows: