Documentation
Open Source Release Policy
Export Compliance
Using BouncyCastle
Installing the API
Enabling Logging
Per-Connection Logging
Third Party Dependencies
Generating SSH Keys
Using BouncyCastle
Using SSH Public Keys in Java
Supporting ED25519/Curve25519
Supporting Compression
Integrating Licensing into Maven Builds
Creating an SSH Client
Public Key Authentication
Keyboard Interactive Authentication
Public Key Authentication with sshagent
Executing Single Commands
Executing Commands within a Shell
Transferring Files
Connecting through Proxies
Display the Authentication Banner
Using the SFTP Client
Port Forwarding
Working Examples
Configuring Listening Interfaces
Configuring Host Keys
Password Authentication
Public Key Authentication
Challenge-Response Authentication
Configuring Port Forwarding
Configuring SFTP
Supporting SCP
Implementing your own File System
Creating an Interactive Terminal
Proxy Protocol Support
Configuring Port Forwarding on your Server
Port forwarding is a mechanism within the SSH protocol that allows a user to forward traffic from one application to another over the SSH connection. There are many reasons why a user might want to do this, for example, they may not be able to connect the application directly because it is not accessible from their current network. Or the application uses insecure or no security in its transport and so the user may want to leverage the security of the SSH connection to maintain privacy.
By default, the Maverick Synergy Java SSH Server does not enable port forwarding. If you want to allow users to use this service then you need to enable it on the users ForwardingPolicy:
server.getForwardingPolicy().allowForwarding();Code language: CSS (css)This one line configuration is enough to allow a client to port forward to any host on the server’s network. It also enables remote forwarding which allows the client to forward ports from the server, however, these are limited to the servers loopback interface.
If you want to enable the client to open remote forwarding from any remote host, then you need to enable gateway forwarding.
server.getForwardingPolicy().allowGatewayForwarding();Code language: CSS (css)You can control and limit the connections that can be made through port forwarding by granting access to just specific hosts/ports. By default there is no restriction, as soon as you grant one forwarding then all the forwarding will be disabled unless it’s been previously granted.
You can grant access to a single host allowing any port to be accessed:
server.getForwardingPolicy().grantForwarding("hostname");Code language: CSS (css)Or you can restrict access to a specific host and port
server.getForwardingPolicy().grantForwarding("hostname:443");Code language: CSS (css)You can of course use as many grantForwarding directives as you require to build up a list of permitted hosts.
At any time once granted, you can revoke the permission using:
server.getForwardingPolicy().revokeForwarding("hostname:443");Code language: CSS (css)