Erik: Copy from old

Erik — Sat, 06 Jun 2009 23:30:34 GMT

Copy from old

New page

Sometimes you want to run vnc on a remote machine and do not have the
port forwarded, but you have ssh forwarded. This is a time where ssh
tunneling would work great. It's fast, efficient and its
encrypted. This first example is when you connecting to the server or
client that is running a vnc server:

ssh -L 5901:localhost:5901 user@server

Now the first -L means that we are going to tunnel from the
localhost to the actual remote host. The first field is ''5901'', the localport to use,
so that when we type '''localhost:5901''' we actually go through the tunnel (on the vnc client).
The next field is ''localhost'' which is resolved on the remote host side. So, localhost in this
example would be the remote host (who said it's confusing ?). The last field ''5901'' is the
port number on the remote host that we want to connect to.
The user@server is the username and host we want to forward to.

Now if we wanted to forward port 631 on the remote host, but it is only binded on the hostname ''server'' the following example would be used:

ssh -L 9000:server:631 user@server

Port 631 is usually used for CUPS so we can tunnel this as well. So in
order to get that page we would type http://localhost:9000. This would
go through the tunnel and get the cups server remotely. Keep in mind
if you type a password it will be encrypted.

ssh -R 9000:localhost:3128 user@server2

Now in this example we are going to forward a remote port to the local
box. For instance the above example we are going to open up port 9000
on server2 and it is going to tunnel to port 3128. This is the same
syntax as the -L option just the other way around for tunneling. The
best explanation between -L and -R is that -R is remotely opening up
the port 9000 while -L is locally opening that port up.

Now say you are already in an ssh session and want to add ports later
on? Well this is possible through what we call the SSH escape
key. Make sure you are on a new line and type ~C in and you should
see:

ssh>

Now you can run the commands -L and -R. These are the same syntax
above just do not put the ssh in front of it.So for instance you could
type:

-L 8000:localhost:631 server

And if it happened successfully it would say:

Forwarding port

Now hit enter after it says Forwarding port because sometimes it just
hangs there, but it forwards it fine. There are also more things you
can do with the ~ key. All you have to do is type ~?. (Note do not
type the . after the ?)

Adding tunneling to ssh is great, but you can also make a socks proxy
out of ssh as well:

ssh -D 7800 user@server

Then you can use your localhost:7800 as your socks proxy. Now say you
want other computers to be able to connect to your forward ports or
the socks proxy? Thats possible with the -g argument:

ssh -gD 8700 user@server
ssh -gL 8000:localhost:3128 user@server

Both of these examples would allow a remote user to connect to
them.

[[Category:Tutorials]]

Ssh-tunneling - Revision history

Erik: Copy from old