From charlesreid1

SSH - secure shell - is the first and most important tool in your Unix toolbelt. SSH is a tool for establishing encrypted connections with remote computers. But SSH can also do some pretty amazing things!


A Simple Connection

Let's start by talking about a simple connection between you and a server (like...

(lost image: 500px)

Looking at your connection at this level, you connect to the server through the Internet - and it all happens rather mysteriously. You might connect to the server with SSH like this:

$ ssh

and your computer just "finds" the other computer, and the connection works, and it all happens rather mysteriously.


In reality, things are much more complicated. The server is connected to the Internet, as is your computer, and that's what makes it possible for them to connect. But the messages you send to the server (like, "Hi, I want to make an SSH connection") can only make it to their destination if they are carried by intermediaries - the backbone of the internet. Here's a diagram of what's actually happening:

(lost image: 500px)

Communication between you and the server actually passes through several intermediaries on the internet. The number of hops, the route that communications take, and the number of times a transmission is sent can vary, depending on the distance between the servers and the various timing settings on the servers between them.

For example, sending a packet from your computer to a datacenter in another part of your city will happen really fast, even if it is routed through further-off communications nodes, because everything doesn't physically travel that far. If you're sending a packet from your computer to a datacenter in Siberia, however, this will travel through many more relays, a very crowded trans-Atlantic or trans-Pacific cable, and through a whole lot more internet plumbing. Then it has to make it all the way back. If you're streaming a video, you have to request, and receive back, every piece in the right order. It's total chaos. But that's what TCP/IP is for.


If we look one level deeper at the connections between the client and the server, we'll actually see communication ports on both computers that are being used to send traffic back and forth. Different ports are used by different applications, or services, like SSH, HTTP and HTTPS, MySQL, Git, and others. Each service defines and understands its own protocols - so, while HTTP and SSH use the same packet switching protocols, and the same address system, and the same method of finding a remote server and establishing a session to obtain data from it, the data they use are totally different.

A computer equipped with a TCP/IP stack can allow programs to use any one of 10,000 duplex communications ports. It's like a giant wall of duplex jacks, that any computer can tie into and use to reach the outside world - or reach other services on the local computer!

(lost image: 500px)

If we include this big array of different ports available to each computer in the diagram of how the client connects to the server to communicate, it looks something like this:

(lost image: 500px)


Here's where our concept of Tunnels begins to make more sense, and we can see how we can use SSH tunnels to do interesting things. A client can maintain several connections to a given server, using multiple services. One of these services is SSH.

The SSH session between these two clients is our SSH tunnel.

(lost image: 500px)