ZeroData Tools
Tools
JSON Formatter Format and validate JSON instantly with no uploads, no server calls, and no stored data. JSON Validator Validate JSON instantly before deploys with local processing and zero server calls. YAML Validator Validate YAML files and catch indentation errors instantly with no uploads or backend processing. Base64 Encoder Encode or decode Base64 strings instantly with zero uploads. URL Encoder Encode and decode query parameters locally for APIs, redirects, and forms. HTML Formatter Pretty-print messy markup and inspect structure without exposing page code. CSS Minifier Shrink stylesheets for production with browser-only processing and instant output. JavaScript Beautifier Reformat dense JavaScript into readable code locally for debugging.

SSH Tunnel Generator

Generate ssh tunnel commands visually for local forwarding, remote forwarding, and SOCKS proxy — plus SSH config and systemd service files.

Advertisement
SSH Tunnel Generator
Generate SSH tunnel commands, SSH config entries, and systemd service files for persistent tunnels.
Tunnel Type
SSH Server
Port Configuration
Quick Presets
Tunnel Flow
[Local:3306] ──SSH──▶ [localhost:3306]
SSH Command

How ZeroData protects your privacy

  • No Uploads: Processing happens entirely via client-side JavaScript.
  • No Storage: We do not have a database. We physically cannot save your data.
  • No Tracking: We don't log what you process or track your inputs.
  • Verifiable: Check your DevTools Network tab. You will see 0 outbound requests.

SSH Port Forwarding: The Developer's Swiss Army Knife

SSH port forwarding is one of the most powerful — and most underused — features of the SSH protocol. It lets you create encrypted tunnels that route network traffic between your local machine and remote servers, bypassing firewalls and NAT restrictions without installing additional VPN software.

The most common scenario is local port forwarding: you have a database server (MySQL, PostgreSQL, Redis) running on a private network with no public access. By creating an SSH tunnel, you can connect to the database as if it were running on localhost, while all traffic is encrypted through the SSH connection.

Three Types of SSH Tunnels Explained

Local Forwarding (-L) binds a port on your local machine and forwards connections through the SSH server to a destination host and port. Example: ssh -L 5432:db.internal:5432 user@bastion lets you access the internal PostgreSQL database at localhost:5432.

Remote Forwarding (-R) binds a port on the remote server and forwards connections back to your local machine. This is useful for exposing a locally running development server to a colleague or webhook service without deploying to a staging server.

Dynamic Forwarding (-D) turns your SSH connection into a SOCKS5 proxy. Configure your browser to use localhost:1080 as a SOCKS proxy, and all web traffic is routed through the remote server — useful for accessing geo-restricted content or internal web applications.

Making Tunnels Persistent with Systemd

A manual SSH tunnel dies when you close the terminal or when the network connection drops. For production use cases (e.g., always-on database access), you need a persistent tunnel managed by systemd. This tool generates a complete .service file with Restart=always and ServerAliveInterval keep-alive settings, ensuring the tunnel auto-reconnects after any interruption.

Related SSH Tools

Build your complete SSH workflow with our other tools. Use the SSH Config Generator to manage host aliases, identity files, and jump hosts in your ~/.ssh/config. The SSH Command Builder helps construct complex SSH connection strings with multiple flags. And if you need to generate fresh SSH key pairs, the SSH Key Generator creates RSA keys directly in your browser using the Web Crypto API.

For running tunnels as background services, pair this tool with the Systemd Service Generator for full control over dependencies, restart policies, and environment variables.

How to Use the SSH Tunnel Generator

  1. Select the tunnel type: Local (-L) for accessing remote services, Remote (-R) for exposing local services, or Dynamic (-D) for SOCKS proxy.
  2. Enter the SSH server hostname/IP and username for the connection.
  3. Configure the local and remote ports. Use presets for common services like MySQL or PostgreSQL.
  4. Optionally specify an identity file path for SSH key authentication.
  5. Copy the generated SSH command, SSH config entry, or systemd service file.

Common Use Cases

  • Accessing a remote MySQL or PostgreSQL database securely without exposing it to the public internet.
  • Creating a SOCKS5 proxy for browsing internal network resources from outside the office.
  • Exposing a local development server to a remote testing environment using remote port forwarding.
  • Setting up persistent SSH tunnels as systemd services for always-on database access in production.
  • Forwarding VNC or RDP desktop sessions securely through an encrypted SSH tunnel.
Advertisement

Frequently Asked Questions

What is SSH tunneling and why do I need it?

SSH tunneling (also called SSH port forwarding) creates an encrypted channel between your local machine and a remote server, allowing you to securely access services behind firewalls, NATs, or private networks. Common use cases include accessing a remote database, creating a SOCKS proxy for secure browsing, or exposing a local dev server to a remote network.

What is the difference between Local (-L), Remote (-R), and Dynamic (-D) tunnels?

Local forwarding (-L) routes traffic from a local port through the SSH connection to a destination accessible from the remote server. Remote forwarding (-R) does the opposite — it routes traffic from a port on the remote server back to your local machine. Dynamic forwarding (-D) creates a SOCKS5 proxy that routes all traffic through the remote server, useful for browsing as if you were on the remote network.

How do I make an SSH tunnel persistent with systemd?

Create a systemd service file that runs the SSH tunnel command with the -N flag (no remote command) and configure Restart=always so it automatically reconnects if the connection drops. This tool generates the complete .service file for you. Save it to /etc/systemd/system/ssh-tunnel.service, then run 'sudo systemctl enable --now ssh-tunnel' to start it.

Why does my SSH tunnel keep disconnecting?

SSH connections can be dropped by firewalls or NAT devices that close idle TCP connections. The solution is to enable keep-alive packets using '-o ServerAliveInterval=60' which sends a heartbeat every 60 seconds. This tool includes this option in all generated configs by default.

Is it safe to configure SSH tunnels here?

Yes. This tool runs 100% in your browser. No IP addresses, hostnames, usernames, ports, or key paths are sent to any server. The command generation happens entirely in JavaScript within your browser memory.

Explore more ZeroData utilities

Related Tools

Systemd Service Generator

Generate Linux systemd service unit files visually. Configure ExecStart, restart policies, and dependencies — 100% browser-based.

SSH Config Generator

Build SSH config file entries visually. Host aliases, identity files, jump hosts, and port forwarding — 100% browser-based.

SSH Key Generator

Generate RSA 2048-bit or 4096-bit SSH key pairs in your browser. Private key in PKCS#8 PEM format, public key in OpenSSH authorized_keys format — 100% browser-based, zero uploads.

SSH Command Builder

Build SSH connection commands visually with port forwarding tunnels, identity keys, jump hosts, and advanced options — 100% browser-based.

© 2026 ZeroData Tools. All rights reserved.