https://www.slackwiki.com/index.php?title=Ssh-tunneling&feed=atom&action=historySsh-tunneling - Revision history2024-03-29T07:55:09ZRevision history for this page on the wikiMediaWiki 1.40.0https://www.slackwiki.com/index.php?title=Ssh-tunneling&diff=193&oldid=prevErik: Copy from old2009-06-06T23:30:34Z<p>Copy from old</p>
<p><b>New page</b></p><div>Sometimes you want to run vnc on a remote machine and do not have the<br />
port forwarded, but you have ssh forwarded. This is a time where ssh<br />
tunneling would work great. It's fast, efficient and its<br />
encrypted. This first example is when you connecting to the server or<br />
client that is running a vnc server:<br />
<br />
<br />
ssh -L 5901:localhost:5901 user@server<br />
<br />
<br />
Now the first -L means that we are going to tunnel from the<br />
localhost to the actual remote host. The first field is ''5901'', the localport to use,<br />
so that when we type '''localhost:5901''' we actually go through the tunnel (on the vnc client).<br />
The next field is ''localhost'' which is resolved on the remote host side. So, localhost in this<br />
example would be the remote host (who said it's confusing ?). The last field ''5901'' is the<br />
port number on the remote host that we want to connect to.<br />
The user@server is the username and host we want to forward to.<br />
<br />
Now if we wanted to forward port 631 on the remote host, but it is only binded on the hostname ''server'' the following example would be used:<br />
<br />
<br />
ssh -L 9000:server:631 user@server<br />
<br />
<br />
Port 631 is usually used for CUPS so we can tunnel this as well. So in<br />
order to get that page we would type http://localhost:9000. This would<br />
go through the tunnel and get the cups server remotely. Keep in mind<br />
if you type a password it will be encrypted. <br />
<br />
<br />
ssh -R 9000:localhost:3128 user@server2<br />
<br />
<br />
Now in this example we are going to forward a remote port to the local<br />
box. For instance the above example we are going to open up port 9000<br />
on server2 and it is going to tunnel to port 3128. This is the same<br />
syntax as the -L option just the other way around for tunneling. The<br />
best explanation between -L and -R is that -R is remotely opening up<br />
the port 9000 while -L is locally opening that port up. <br />
<br />
<br />
Now say you are already in an ssh session and want to add ports later<br />
on? Well this is possible through what we call the SSH escape<br />
key. Make sure you are on a new line and type ~C in and you should<br />
see:<br />
<br />
<br />
ssh> <br />
<br />
<br />
Now you can run the commands -L and -R. These are the same syntax<br />
above just do not put the ssh in front of it.So for instance you could<br />
type:<br />
<br />
<br />
-L 8000:localhost:631 server<br />
<br />
<br />
And if it happened successfully it would say:<br />
<br />
Forwarding port <br />
<br />
Now hit enter after it says Forwarding port because sometimes it just<br />
hangs there, but it forwards it fine. There are also more things you<br />
can do with the ~ key. All you have to do is type ~?. (Note do not<br />
type the . after the ?) <br />
<br />
Adding tunneling to ssh is great, but you can also make a socks proxy<br />
out of ssh as well:<br />
<br />
<br />
ssh -D 7800 user@server<br />
<br />
<br />
Then you can use your localhost:7800 as your socks proxy. Now say you<br />
want other computers to be able to connect to your forward ports or<br />
the socks proxy? Thats possible with the -g argument:<br />
<br />
<br />
ssh -gD 8700 user@server<br />
ssh -gL 8000:localhost:3128 user@server<br />
<br />
<br />
Both of these examples would allow a remote user to connect to<br />
them.<br />
<br />
[[Category:Tutorials]]</div>Erik