techblog

Brief guide to ssh tunnels

(1 votes, average: 3 out of 5)

Loading ...

Posted by jay on Dec 6th, 2006

Suppose you are away on a conference, say in Sao Paulo, and you haven’t set up VPN on your laptop but you need to access a server only accessible inside your corporate network. How do you do it?

Well all it takes is a host already inside your corporate network that you can ssh to because ssh has a clever facility built in to enable a tunnel through that computer.

Imagine I have an ssh host inside my network called ’ssh-host’ and the server I want to access is an intranet web server called ‘target’. Then all I need do from my laptop out in the wild is issue the following command

ssh -N -L 1234:target:80 myusername@ssh-host

And that will redirect port 1234 on my laptop to tunnel through to port 80 on the target server. To use it all I do is open up a web browser and go to http://localhost:1234 and hey presto the web page from the target server appears.

Just to talk through the command:

-N This tells ssh not to execute a command on the remote server. This does mean that the ssh command does not appear to complete after you execute it in a shell but just sits there doing nothing. However it has worked. You will need to control-C to quit the ssh command.
-L This tells ssh to create a tunnel.
1234:target:80 This tells ssh that the tunnel should be from port 1234 on the localhost to port 80 on the machine called target.
myusername@ssh-host This is the username and host that sits inside the corporate network and provides the tunnel.

Unix , Cryptography

4 Responses

jad Says:
December 6th, 2006 at 3:49 pm
An easier way (I think) is to use ssh -D port to create a SOCKS tunnel that you can set as a proxy in your browser preferences.
admin Says:
December 6th, 2006 at 4:00 pm
Doesn’t sound much easier to me. A blog article explaining it might help.
Miquel Says:
December 8th, 2006 at 3:53 pm
By adding the -f option we instruct ssh to go inmediately into background.

ssh -f -N -L 1234:target:80 myusername@ssh-host

The tunnel can also be done in reverse form from the machine we want to connect to us. Lets imagine we want to connect to port 80 but it is blocked by a firewall while we have access via ssh to target. Then

ssh -f -N -R 1234:localhost:80 myusername@target

would set up a reverse tunnel from target to us effectively connecting local port 1234 to remote port 80

All these techniques need to have port forwarding enabled on the machine receiving the ssh connection.
Joe Says:
September 10th, 2007 at 9:19 pm
Hi,

One other nice way to traverse a proxy/firewall is to run a ssh server on a ssl port ie port 443. You can then tunnel through the firewall on port 443 using the -p 443 option.

Works well with M$ proxy :-).

HTH someone.

Joe.

Highest Rated

Recent .uk phishing activity (8 votes)
VoIP and Emergency Calls - Where is the Caller? (7 votes)
IPv4 Heat Maps (5 votes)
UNBOUND released ! (3 votes)
Spotting 'invisible' null pointer dereferences with Coverity Prevent (3 votes)
Adding charts to Spring web applications with JFreeChart (2 votes)
Anoto pens, Moleskine notebooks and OSX (2 votes)
Loss of .uk nameserver (2 votes)
Implement IronPort servers for anti-spam (1 votes)
SJPhone settings for SIP (1 votes)

Brief guide to ssh tunnels

4 Responses

Leave a Comment

Recent Posts

Highest Rated

Categories

Archives

Blogroll

Nominet

Meta: