Difference between revisions of "Building Tunnels with SSH"
| Line 30: | Line 30: | ||
E.g.: Assume you have built a website on your local laptop and you want to show it to a friend of yours without installing it on a public server. Also you sit behind you your NAT router at home and your laptop is not reachable from the outside. What do you do? |
E.g.: Assume you have built a website on your local laptop and you want to show it to a friend of yours without installing it on a public server. Also you sit behind you your NAT router at home and your laptop is not reachable from the outside. What do you do? |
||
| + | |||
| + | You can use the ssh -R to log into some public server and forward the port. E.g. like this: |
||
| + | |||
| + | <pre> |
||
| + | $ ssh -R 8123:localhost:80 myweb |
||
| + | </pre> |
||
| + | |||
| + | The only downside of this is that the port 8123 will only be accessible from the myweb. In order to have this port accessible from outside, the remote server needs to have a configuration option in its sshd_config and/or the client must specify that it want this port to be available.<ref>GatewayPorts clientspecified/yes/no</ref> |
||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | == Footnotes == |
||
| + | |||
| + | <references/> |
||
Revision as of 19:02, 23 March 2020
Contents
Motivation
We have learnd to use ssh to pipe data between local machines and remote machines. But ssh also allows to create network tunnels where we can transport other data. If you are not familiar with networking and server commands: You might want to look into the Server Basics and the Networking Basics first and skip this part.
You will also learn how to forward the output of graphical (X11) programs and to build a socks-proxy for web browsing.
build a local tunnel to reach a remote server
Lets assume you are behind a firewall that only allows you to do a ssh connection to one server. E.g. myweb. Now have some tool that needs to connect to port 1234 of server tools.exmaple.org but your firewall does not allow it. What you could do is:
$ ssh -L 7777:tools.example.org:1234 myweb
The -L option tells ssh to listen on port 7777 of your local machine for incoming connections. Any connection will then be forwarded through the ssh tunnel and a connection will be originated from the remote side to the specified server and port. In our case server tools.example.org and port 1234.
If you start your tool and tell it to connect to localhost port 7777 it will be connected to the tools server. The tools server will see the connection coming form the myweb server.
$ ssh 8443:someserver.at:443 anna@tinbox.example.org
If the someserver.at is censored by your firewall and you want to access it you can do so after you build up the tunnel above. Then point your web browser to https://localhost:8443 and you will be talking to the someserver.at on the https port (443), where the connection originate from the tinbox.
The Other Way Around
The capital -R option does the same thing but the other way around. It establishes a listing socket (server port) on the remote end of the ssh side and then forwards anything that connects there to your local machine.
E.g.: Assume you have built a website on your local laptop and you want to show it to a friend of yours without installing it on a public server. Also you sit behind you your NAT router at home and your laptop is not reachable from the outside. What do you do?
You can use the ssh -R to log into some public server and forward the port. E.g. like this:
$ ssh -R 8123:localhost:80 myweb
The only downside of this is that the port 8123 will only be accessible from the myweb. In order to have this port accessible from outside, the remote server needs to have a configuration option in its sshd_config and/or the client must specify that it want this port to be available.[1]
Footnotes
- ↑ GatewayPorts clientspecified/yes/no
