Difference between revisions of "Building Tunnels with SSH"
(Created page with "Category:LinuxLV Category:SSH == Motivation == We have learnd to use ssh to pipe data between local machines and remote machines. But ssh also allows to create netwo...") |
(→Motivation) |
||
| Line 3: | Line 3: | ||
== Motivation == |
== Motivation == |
||
| − | We have learnd to use ssh to pipe data between local machines and remote machines. But ssh also allows to create network tunnels where we can transport other data. |
+ | We have learnd to use ssh to pipe data between local machines and remote machines. But ssh also allows to create network tunnels where we can transport other data. If you are not familiar with networking and server commands: You might want to look into the [[Server Basics]] and the [[Networking Basics]] first and skip this part. |
| + | |||
| + | You will also learn how to forward the output of graphical (X11) programs and to build a socks-proxy for web browsing. |
||
| + | |||
| + | == build a local tunnel to reach a remote server == |
||
| + | |||
| + | Lets assume you are behind a firewall that only allows you to do a ssh connection to one server. E.g. myweb. Now have some tool that needs to connect to port 1234 of server tools.exmaple.org but your firewall does not allow it. What you could do is: |
||
| + | |||
| + | <pre> |
||
| + | $ ssh -L 7777:tools.example.org:1234 myweb |
||
| + | </pre> |
||
| + | |||
| + | The -L option tells ssh to listen on port 7777 of your local machine for incoming connections. Any connection will then be forwarded through the ssh tunnel and a connection will be originated from the remote side to the specified server and port. In our case server tools.example.org and port 1234. |
||
| + | |||
| + | If you start your tool and tell it to connect to localhost port 7777 it will be connected to the tools server. The tools server will see the connection coming form the myweb server. |
||
| + | |||
| + | <pre> |
||
| + | $ ssh 8443:someserver.at:443 myweb |
||
| + | </pre> |
||
| + | |||
| + | If the someserver.at is censored by your firewall and you want to access it you can do so after you build up the tunnel above. Then point your web browser to https://localhost:8443 and you will be talking to the someserver.at on the https port (443). |
||
Revision as of 18:37, 23 March 2020
Motivation
We have learnd to use ssh to pipe data between local machines and remote machines. But ssh also allows to create network tunnels where we can transport other data. If you are not familiar with networking and server commands: You might want to look into the Server Basics and the Networking Basics first and skip this part.
You will also learn how to forward the output of graphical (X11) programs and to build a socks-proxy for web browsing.
build a local tunnel to reach a remote server
Lets assume you are behind a firewall that only allows you to do a ssh connection to one server. E.g. myweb. Now have some tool that needs to connect to port 1234 of server tools.exmaple.org but your firewall does not allow it. What you could do is:
$ ssh -L 7777:tools.example.org:1234 myweb
The -L option tells ssh to listen on port 7777 of your local machine for incoming connections. Any connection will then be forwarded through the ssh tunnel and a connection will be originated from the remote side to the specified server and port. In our case server tools.example.org and port 1234.
If you start your tool and tell it to connect to localhost port 7777 it will be connected to the tools server. The tools server will see the connection coming form the myweb server.
$ ssh 8443:someserver.at:443 myweb
If the someserver.at is censored by your firewall and you want to access it you can do so after you build up the tunnel above. Then point your web browser to https://localhost:8443 and you will be talking to the someserver.at on the https port (443).
