🔐 How to Enable SSH Tunnel on Ubuntu Server and Create SSH User for Tunneling
SSH tunneling is a powerful way to securely forward traffic from one machine to another over an encrypted connection. It’s widely used for secure web browsing, port forwarding, and accessing remote services behind firewalls. In this guide, you’ll learn how to enable SSH tunneling on your Ubuntu server and create a dedicated SSH user for tunneling purposes.
🧰 Prerequisites
- An Ubuntu server (20.04 or newer recommended)
- Root or sudo access
- An SSH client (like
ssh, PuTTY, or OpenSSH)
1️⃣ Step 1: Install and Enable OpenSSH Server
First, ensure OpenSSH is installed and running:
sudo apt update
sudo apt install openssh-server -y
sudo systemctl enable ssh
sudo systemctl start ssh
Check if it’s running:
sudo systemctl status ssh
2️⃣ Step 2: Configure SSH for Tunneling (Optional but Recommended)
Edit the SSH configuration file to make sure tunneling is allowed:
sudo nano /etc/ssh/sshd_config
Ensure the following lines are set:
PermitTunnel yes
AllowTcpForwarding yes
GatewayPorts yes
Save and exit (Ctrl+O, Enter, then Ctrl+X).
Then reload the SSH service:
sudo systemctl restart ssh
3️⃣ Step 3: Create a New SSH User for Tunneling
You may want a dedicated user account just for tunneling:
sudo adduser tunneluser
Set a password and fill in optional info.
To restrict this user to SSH-only (no shell access), set their shell to nologin:
sudo usermod -s /usr/sbin/nologin tunneluser
If you want to allow shell access, skip the line above.
4️⃣ Step 4: Test the SSH Tunnel
On your client machine, use this command to forward local port 1080 (SOCKS proxy):
ssh -N -D 1080 tunneluser@your-server-ip
-N: Do not execute remote command-D 1080: Create a SOCKS proxy on port 1080
Now configure your browser or system to use localhost:1080 as a SOCKS5 proxy.
✅ Bonus: Make It Secure
- Use SSH key authentication instead of passwords
- Disable root login via SSH (
PermitRootLogin no) - Use UFW to allow only necessary ports (
sudo ufw allow ssh)
How to Root BlueStacks 5: Unlock Android Superpowers on Your PC (F.A.Q)
Can I use SSH tunneling for web browsing?
Yes! Set up a SOCKS proxy with -D and configure your browser to route traffic through it.
Is SSH tunneling encrypted?
Absolutely. All data passed through the tunnel is encrypted end-to-end.
Can I restrict a user to tunneling only?
Yes, you can use nologin or set specific SSH permissions in sshd_config.
Is it safe to expose my SSH server to the internet?
It can be if secured properly—use strong passwords or SSH keys, disable root login, and enable a firewall.
