Monday, July 04, 2005


Gnu/Linux: "SSH tunneling

I didn't really start messing with this until recently, but this is extremely useful. The idea is that you make a secure connection from a port on your local computer to a port on the remote computer.

For example if you want to connect to a vnc session on the remote computer (on port 5900), you simply forward port 5900 on your computer to port 5900 on the remote computer by doing:
localhost:~$ ssh

Then all you have to do to connect to the vnc session is to connect the vnc viewer to the local computer:
localhost:~$ xvncviewer localhost

Now what's the point of going to all this trouble? Well there are two reasons. First the connection is encrypted so no one can intercept cleartext passwords on the internet (so they can't get your vnc password). And secondly the port you want to connect to may be blocked by a firewall (so that random people can't try to connect to your vnc session). I just remembered a third reason to set this up: you might want to connect to a computer that's connected to the remote host but which isn't directly connected to the internet. For example let's say you want to connect to an rdesktop session on a machine called safe-box, which is connected to (on port 3389), then you'd simply do:
localhost:~$ ssh -L3389:safe-box:3389
localhost:~$ rdesktop localhost

If there's a particular tunnel or tunnels that you want to set up each time you connect to a specific host, you can use the following syntax in the file ~/.ssh/config:
LocalForward 3389 safe-box:3389
LocalForward 5900"

Simple, but effective