Advanced SSH Tunelling

In case you don't already know, ssh is kind of a big deal in the GNU/Linux world. It stands for "secure shell", and it's one of the primary ways of remote administration (or login in general). Apart from the standard use, one of my favorite uses of ssh is to create on-the-fly tunnels (or proxies).

This guide makes the following assumtions:

  • You own a Linux computer
  • Said computer's SSH port is forwarded
  • You have a basic understanding of the Linux command line
  • The client is running a POSIX-compliant OS with ssh installed
The basic syntax is as follows:
ssh -D 9999 user@ip.add.ress
Let's break that down a little. ssh is the command to create a secure shell session. The -D flag tells SSH to create a local tunnel (SOCKS5) on the specified port, in this case 9999. user is your username, and ip.add.ress is the IP address of your proxy server. You can retrieve this by running the command:
wget http://www.whatismyip.com/automation/n09230945.asp -O - -o /dev/null && echo
on the SSH server. (Note: the echo command is necessary because wget does not echo a newline at the end of its output.) In order to use this proxy that we've just set up, we need to configure our programs to use it. Most Web-based programs have proxy settings (for example, in Firefox they are found in Edit > Preferences... > Advanced > Network > Settings... In the "Server" or "Host" section, you would place localhost and in the Port section you would type 9999 (or whatever port you specified above). This will route all traffic through that server, through the secure connection that SSH provides.

In some cases, this is not enough. Let's say you have a remote computer running VNC and you don't have its ports forwarded. Is it possible to connect to that machine though your SSH server? The answer is a resounding "yes". It's more complicated, but entirely possible. The syntax would be:

ssh -L 9999:net.work.ip:5900 user@ip.add.ress
Instead of using the -D flag, we use the -L flag. This creates a direct proxy to a specific machine. As above, 9999 is the local port to create the tunnel on, user is your username on the SSH machine, and ip.add.ress is your external IP address. In the example above, 5900 is the port we want to connect to on the remote computer, and 5900 is the default VNC port. Replace this with what you need. net.work.ip is the local IP address of the final target machine. You can retrieve this by running the command:
ifconfig |grep inet |grep Bcast |cut -d ':' -f 2
on the target machine.

Let me know if there's anything else I can expand on.

1 comment:

down said...

you can add the -g option to the ssh command to allow other computers in the network to use the tunnel.

ssh -D 9999 -g user@ip.add.ress

On these other clients don't use localhost as proxy, but the ip address of the computer running the tunnel.