I was mucking about with SSH tunneling with PuTTY a bit earlier. Although it looks completely mind boggling, it’s actually very very simple to do. I just wish some schmuck had written a concise howto, then I probably would’ve spent 2 minutes figuring it out instead of 5. 😀

So… consider this my concise howto. (Ok, bear in mind, I have no idea how to spell concise, let alone speak it!)

First of all, you need to have an accessible SSH server somewhere that you can authenticate to, and hopefully the option AllowTCPForwarding is set to “Yes” in its sshd_config. If you have access to modify the config, I suggest checking that this option is on.

Load PuTTY on your workstation, and type the hostname and port of your ssh server on the “Session” window (That’s the default window that opens when PuTTY loads). If you have your connection saved, click it in the Saved Sessions list and click the “Load” button.

Now, in the tree list to the left, expand “Connection”, then “SSH”, and click on “Tunnels”.

In the dialog to the right, type in a source port (This is the port that you will connect to on your local machine) – pick something arbitrary – hopefully it won’t be in use. If you’re not sure, open a command prompt and run ‘netstat -a’, and pick a port that is NOT listed there 😛

In the destination field, type the name of the server you wish to connect to, and the port, using host:port syntax.
Click “Add”. If you want to add more local ports / remote hosts, do it now.

If you want your machine to be a gateway type machine, click the check box at the very top of the screen, “Local ports accept connections from other hosts”. — I have NOT tested this functionality, so who knows if it works.

Click ‘Open’ when you’re ready. If you like, you can switch back to the ‘Sessions’ section, and save your tunnel session.

The PuTTY console screen will open like normal, and you can authenticate to your ssh server. Leave that window open, and open whatever software you wish to tunnel with, and enter ‘localhost:port’ (set the port to whatever port you chose in the Source port for the tunnel).

Voila! You should be connected.

The only caveat I can see is using the tunnel for browsing the web is not that effective, especially in the case of name based virtual hosts – if you try access a site that is a virtual host on some web server, the default site will actually load, and not necessarily the site you were expecting. I’m not sure if there is a way around this.