Forwarding or tunneling is the use of SSH to secure another network application, covered fully in Chapter 9. Both PuTTY and Plink can set up secure tunnels for this purpose.
Forwarding is set up with the PuTTY Configuration dialog. For local port forwarding, which is the most common type, select Tunnels. Then fill in these fields:
Any unused TCP/IP port on your local machine.
The remote SSH server name, followed by a colon, followed by the remote port number.
Choose Local.
For example, to connect to a remote VNC server (port 5900) on
server.example.com, you'd provide a destination
of server.example.com:5900, and any
unused source port (say, 12345).
This example demonstrates local forwarding [9.2.1], but PuTTY can also do
remote [9.2.1.2] and
dynamic [9.3] port
forwarding.
To turn on X forwarding [9.4] for secure connections with an X Window server, simply choose Tunnels again and select the checkbox Enable X11 Forwarding.
To turn on agent forwarding [6.3.5] to allow your SSH agent to communicate with clients on other machines, navigate to Connection/SSH/Auth and select the checkbox Allow Agent Forwarding.
To enable the various kinds of forwarding with the command-line program Plink:
Use the -L option, supplying the source port, remote server name, and remote port. For example, to forward local port 12345 to remote port 5900 on server.example.com, run:
C:\> plink server.example.com -L 12345:server.example.com:5900
Use the -R option, supplying the remote source port, local server name, and local port. For example, to forward remote port 12345 on outerspace.example.com to your local port 5900, run:
C:\> plink outerspace.example.com -R 12345:localhost:5900
Use the -D option. For example, to perform dynamic port forwarding via proxy on port 12345, run:
C:\> plink -D 12345 server.example.com
Use the -X option to enable it, or -x to disable it
Use the -A option to enable it, or -a to disable it.