SSH Tunneling
ZenvilaNew to SSH? Check out my intro blog:
SSH Blog : https://hashnode.com/edit/cm7vvn7eg000209l1fr88hp1o
What is SSH Tunneling?
SSH Tunneling is like building a secure underground pipe between two computers. Imagine two laptops — one in Lahore and the other in Karachi — and we want to connect them even if they are on different networks or behind NAT/firewalls. With SSH tunneling, you can securely forward a port from one machine to another over the internet without exposing ports directly to the world.
Why SSH Tunneling Instead of Simple SSH Port Forwarding?
Traditional SSH Port Forwarding only works if the other device is on the same network or has a public IP. But often:
You're on different Wi-Fi or ISPs (like college vs home)
The remote device is behind NAT or firewall
You don’t know the public IP of the other device
That’s where SSH tunneling with third-party jump servers like serveo.net comes in — no public IP needed!
What is Serveo.net?
Serveo.net is a free reverse SSH tunneling service that acts like a middleman. It gives you a public-facing URL or port and forwards all the traffic to your local machine over SSH.
No need to install anything — just use regular ssh command!
Scenario: Haris (Client) ⬅️➡️ Dawood (Host)
We have two laptops:
💻 Dawood’s Laptop — the one we want to connect to (host)
💻 Haris’s Laptop — the one we connect from (client)
We’ll build a tunnel so Haris can SSH into Dawood’s laptop, even if they’re on completely different networks.
🛠️ Step-by-Step Guide
🔍 Step 1: Check SSH is Enabled on Dawood’s Laptop
On Dawood's laptop, run:
sudo systemctl status ssh
If not active, start it:
sudo systemctl start ssh
You can also check if port 22 is listening:
sudo netstat -tuln | grep :22
If it doesn’t show anything, install OpenSSH:
sudo pacman -Syu openssh-server
Step 2: Know Your IP (Optional)
If you want to check your public IP manually:
ifconfig
But remember: Serveo removes the need to know public IPs altogether. This is just for knowledge.
Step 3: Create SSH Tunnel from Dawood’s Laptop to Serveo
Now, on Dawood's laptop, run this:
ssh -R 5678:localhost:22 serveo.net
Explanation:
-R 5678:localhost:22→ This means: any connection made toserveo.net:5678should be forwarded tolocalhost:22on Dawood’s machine.serveo.net→ The middleman server doing the tunneling.
Output should look like:
Forwarding TCP connections from serveo.net:5678
Keep this terminal open — the tunnel is now active.
What Just Happened?
We told Serveo:
“Hey, when anyone connects to port
5678on your server, forward that request toDawood’s port 22on his local machine.”
So now the world has access to Dawood’s SSH (securely) — only through this tunnel.
Step 4: Connect from Haris’s Laptop
Now, on Haris’s laptop, run this:
ssh -p 5678 dawood@serveo.net
It will ask for Dawood’s Linux password (the username must match his system).
You are now connected remotely to Dawood’s machine via SSH, using the tunnel!
Now using rsync Over Tunnel (File Transfer) :
To copy files from Haris to Dawood:
rsync -avz -e "ssh -p 5678" ~/my_folder dawood@serveo.net:~/destination_folder
To pull files from Dawood to Haris:
rsync -avz -e "ssh -p 5678" dawood@serveo.net:~/remote_folder ~/local_folder
Warnings
Tunnel breaks if Dawood closes terminal
No authentication system on serveo.net, so only use for temporary or trusted access
Use strong passwords or even better, set up SSH key authentication
Note: It’s not just serveo.net that you can use—there are many other services like ngrok and localXpose that help you bypass restrictions and create secure, encrypted connections. These tools are especially useful when dealing with NATs or firewalls, particularly if you need to connect across different types of network restrictions.
P.S.
If you spot any mistakes, please don't hesitate to point them out. We're all here to learn together! 😊
Haris
FAST (NUCES)
BS Computer Science | Class of 2027
📌 Portfolio: zenvila.github.io
📌 GitHub: github.com/Zenvila
📌 LinkedIn: linkedin.com/in/haris-shahzad-7b8746291
📌 Member: COLAB (Research Lab)
Subscribe to my newsletter
Read articles from Zenvila directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by
Zenvila
Zenvila
I'm Haris aka Zen, currently in my 4th semester of Computer Science at FAST-NUCES and a member of COLAB (Research Lab) in Tier 3. I'm currently exploring AI/ML in its early stages, and also focusing on improving my problem-solving techniques. 🐧 Proud user of Arch Linux | Command line is my playground. I'm interested in Automation & Robotics Automation enthusiast on a mission to innovate! 🚀 Passionate about turning manual tasks into automated brilliance.