dynamic ssh tunnel

Jul 25, 2011 at 2:41 PM


Can SSH.NET create dynamic ssh tunnel?

It need for browser proxy e.g..

 It's "ssh -D" implementation but SSH.Net has only ssh-L /-R ...

Jul 25, 2011 at 3:15 PM

I didnt not look into this option yet but I think somebody already mentioned that so I can take a look at it a little bit later,

I guess once I am done with other issues.


If you like, can you open a feature request issue so I know to get back to it.




Dec 26, 2011 at 11:34 AM

Hi Oleg,

Just wondering if you ever got around to this? I put a feature request in here: http://sshnet.codeplex.com/workitem/960

Would love it if you could add it in.



Dec 26, 2011 at 3:06 PM



I already support remote and local port forwarding.

Are you talking about this feature? If so, I guess I just need you to show some examples then.




Dec 27, 2011 at 1:29 AM
Edited Dec 27, 2011 at 1:45 AM

Hi Oleg,

Your port forwarding works excellent but SSH is capable of Dynamic port forwarding, this is useful if you want to use a socks proxy server and SSH will automatically direct any tcp traffic it tunnels to it's correct server port.

For example if I wanted to forward http and ssl traffic through a proxy server using SSH I would put in a command such as: "ssh -D 1080 socks.myserver.org"

Then I can simply set Firefox/IE/Chrom to use the local client as the proxy server (i.e. on port 1080) and the SSH dynamic tunnel will automatically know that it needs to come out as port 80/443 on the remote end.

Basically this is really useful if you want to tunnel a lot of different TCP traffic through a proxy without having to have a seperate tunnel for each protocol.

Hopefully this makes more sense, if not this might.. http://www.linode.com/wiki/index.php/SSH_Dynamic_Port_Forwarding

The reason I ask for this is because I am trying to write some in-house monitoring software that sits in an isolated network and SSH through a central server (like a DMZ) is the only way to access them.

So I am trying to use your SSH library to create a connection to the central server and then call other 3rd party software to access the servers behind it through the central server.


CLIENT ---(ssh tunnel)---> CENTRAL SERVER ---(socks/proxy request on behalf of client)---> DATABASE/SECURITY/CUSTOMER SERVERS
Dec 27, 2011 at 2:24 PM


ok, yea, I will take a look at it then and see what I can do.

I just never knew about this feature so will have to investigate it a little bit.




Dec 28, 2011 at 11:31 PM



I think I figured out how SOCKS works, so will try to work on it now.

Do you have any software examples that uses SOCKS4 or SOCKS5 ?

The only one I know and use now its putty but was wondering if you using something else that I can also use to test.




Dec 29, 2011 at 1:37 AM

Awesome, thanks so much Oleg!

For examples I am not exactly sure what you mean.

I suppose a really basic example would be if you have an SSH server (some linux box or VPS) use putty and create your dynamic tunnel. Then go to your web browser and go to it's connection settings and for the proxy add localhost on the local port you specified for a socks proxy (make sure you only do this for socks, not http).

If you now use the web browser and check the traffic (or if you went through an external SSH server, check your reported IP address) you will see you are bouncing through the server you SSH'd to.

Pretty much any TCP based comms program can be set to use a socks proxy such as MSN, ICQ, Skype, Outlook, Thunderbird, mIRC et al. All you need to do is SSH to a server with a dynamic port set.

If you meant you needed an example from another SSH program, the one I use over Putty is SSH Secure Shell that you seem to be only able to download from Uni websites such as http://www.dartmouth.edu/comp/soft-comp/software/downloads/windows/ssh-sftp/install.html.

I hope that helps, if not email me or reply back and I will try and help as much as possible, thanks again Oleg!


Jan 3, 2012 at 2:11 PM



I found how to test it, so will start working on it,

However I will try to implement proxy support first, as I think dynamic port feature will be depend on this one.