Home

About Me
Blog
Projects
Awards
Publications
Volunteer

Configure Putty tunnel

Arvind Toorpu
2–3 minutes

How to Configure WinSCP and PuTTY for SSH Tunneling

Setting up WinSCP and PuTTY to use SSH tunneling ensures secure and efficient connections to your servers through an intermediate host. This guide provides step-by-step instructions for configuring both tools.

WinSCP Configuration

The WinSCP configuration is straightforward, leveraging its “tunnel” feature. Follow these steps:

  1. Open WinSCP and configure a saved session for the final destination host:

    • On the Session page, enter the hostname and username of the final destination host.
    • Leave the password blank.

  2. Enable Advanced Options:

    • Check the “Advanced options” box in the login dialog.

  3. Set Up the Tunnel:

    • Navigate to Connection → Tunnel.
    • Check the box for “Connect through SSH tunnel”.
    • Enter the hostname and username of the intermediate host. Leave the password blank.

  4. Save the Session:

    • Click the Save button in the lower-right corner of the window.

Logging In

  • When you log in using this saved session:
    • You’ll be prompted for the password to your account on the intermediate host.
    • You’ll then be prompted for the password to your account on the final destination host.
  • Once logged in, the bounce between hosts is transparent, and WinSCP behaves as if you connected directly to the final destination host.

Enhancing Security

  • For a more secure and seamless connection, configure public key authentication with Pageant instead of using passwords.

PuTTY Configuration

Configuring PuTTY for SSH tunneling is slightly more complex and requires public key authentication on the intermediate host. Here’s how to set it up:

  1. Prepare Public Key Authentication:

    • Configure public key authentication for the intermediate host.
    • Verify that the authentication works correctly.

  2. Create a Saved Session:

    • Open PuTTY and navigate to the Session page.
    • Enter the hostname and username of the final destination host.

  3. Set Up the Proxy Command:

    • Go to Connection → Proxy.

    • Select “Local” as the proxy type.

    • In the Local proxy command field, enter the following:

       
      plink.exe intermediate.proxy.host -l username -agent -nc %host:%port

    • Replace intermediate.proxy.host and username with the appropriate intermediate host and username.

  4. Save the Session:

    • Click Save to preserve the settings.

Plink Command Details

For reference, here’s an example of the full plink command:

 
C:\Program Files (x86)\PuTTY\plink.exe 10.194.0.0210 -l username -agent -nc %host:%port

This command directs PuTTY to use plink.exe as the local proxy, forwarding traffic through the intermediate host to the final destination.

Conclusion

Both WinSCP and PuTTY offer robust tunneling features that enable secure and transparent connections to remote servers. WinSCP is simpler to configure, while PuTTY requires additional steps for proxying through an intermediate host using plink.exe.

For enhanced security, always use public key authentication instead of passwords when setting up these connections.

Hello,

Arvind Toorpu

I am a Database Admin/Architect with over 14+ years of experience managing multiple DBMS systems

Let’s connect

Join the fun!

Stay updated with our latest tutorials and ideas by joining our newsletter.

Recent posts