Gnu/Linux
Gnu/Linux: "SSH tunneling
I didn't really start messing with this until recently, but this is extremely useful. The idea is that you make a secure connection from a port on your local computer to a port on the remote computer.
For example if you want to connect to a vnc session on the remote computer (on port 5900), you simply forward port 5900 on your computer to port 5900 on the remote computer by doing:
localhost:~$ ssh -L5900:remote-host.com:5900 remote-host.com
Then all you have to do to connect to the vnc session is to connect the vnc viewer to the local computer:
localhost:~$ xvncviewer localhost
Now what's the point of going to all this trouble? Well there are two reasons. First the connection is encrypted so no one can intercept cleartext passwords on the internet (so they can't get your vnc password). And secondly the port you want to connect to may be blocked by a firewall (so that random people can't try to connect to your vnc session). I just remembered a third reason to set this up: you might want to connect to a computer that's connected to the remote host but which isn't directly connected to the internet. For example let's say you want to connect to an rdesktop session on a machine called safe-box, which is connected to remote-host.com (on port 3389), then you'd simply do:
localhost:~$ ssh -L3389:safe-box:3389 remote-host.com
localhost:~$ rdesktop localhost
If there's a particular tunnel or tunnels that you want to set up each time you connect to a specific host, you can use the following syntax in the file ~/.ssh/config:
Host remote-host.com
LocalForward 3389 safe-box:3389
LocalForward 5900 remote-host.com:5900"
Simple, but effective
I didn't really start messing with this until recently, but this is extremely useful. The idea is that you make a secure connection from a port on your local computer to a port on the remote computer.
For example if you want to connect to a vnc session on the remote computer (on port 5900), you simply forward port 5900 on your computer to port 5900 on the remote computer by doing:
localhost:~$ ssh -L5900:remote-host.com:5900 remote-host.com
Then all you have to do to connect to the vnc session is to connect the vnc viewer to the local computer:
localhost:~$ xvncviewer localhost
Now what's the point of going to all this trouble? Well there are two reasons. First the connection is encrypted so no one can intercept cleartext passwords on the internet (so they can't get your vnc password). And secondly the port you want to connect to may be blocked by a firewall (so that random people can't try to connect to your vnc session). I just remembered a third reason to set this up: you might want to connect to a computer that's connected to the remote host but which isn't directly connected to the internet. For example let's say you want to connect to an rdesktop session on a machine called safe-box, which is connected to remote-host.com (on port 3389), then you'd simply do:
localhost:~$ ssh -L3389:safe-box:3389 remote-host.com
localhost:~$ rdesktop localhost
If there's a particular tunnel or tunnels that you want to set up each time you connect to a specific host, you can use the following syntax in the file ~/.ssh/config:
Host remote-host.com
LocalForward 3389 safe-box:3389
LocalForward 5900 remote-host.com:5900"
Simple, but effective
posted by remco at 12:05 PM
<< Home