Using SSH for tunneling

A very useful resource (in French) to use SSH, with specific use cases: Les_tunnels_SSH

Another useful (and short one for tunneling): http://www.howtoforge.com/reverse-ssh-tunneling

Connecting to another remote computer through a common central computer

In short, if you have a configuration with 3 computers (A – B – C) and you want to connect to A (arrival) from C (client) but A doesn’t allow direct SSH connection, you can do the following:

  1. On A and B, install openssh-server
  2. On A, open an SSH connection to B: ssh -R 5000:localhost:22 user-on-B@B
  3. From C, connect to B: ssh user-on-B@B
  4. Using the open connection on B, open a connection to A: ssh -p 5000 user_on_A@localhost

This should get you all ready to work on A.

Opening a browser

Another special case is you have A-B-C, you are on C and want to access the internal website running on A, but you can only access B in SSH, and from B, access A.

  1. Install openssh-server on A and B
  2. From C, instruct your SSH client to connect to B and to link your local port 8080 to A’s port 80: ssh -L 8080:A.A.A.A:80 user_on_B@B.B.B.B
  3. Open your browser on http://localhost:8080

Opening a browser to a named host in SSL

Finally, a more complex case could be to open your browser in HTTPS to a server that only answers correctly if you use a specific domain (or subdomain) name. We use the same terminology as above, where you (as a client) are C, and want to connect to A but have to pass through B.

Let’s say the destination URL is https://dest.example.com/

  1. Install openssh-server on A and B
  2. Add the domain name you want to reach as an alias for 127.0.0.1 in your /etc/hosts file (127.0.0.1 localhost dest.example.com)
  3. From C, instruct your SSH client to connect to B and to link your local port 8080 to A’s port 443 (for SSL): ssh -L 8080:dest.example.com:443 user_on_B@B.B.B.B
  4. Open your browser on https://dest.example.com:8080

Note that, depending on the web application on the other hand, the fact that you use port :8080 to reach it might generate some issues, like for example that, following a link in the application, the URL would be returned to a version without the port number. In this case, you would have to manually update the URL to add the port again.

It's only fair to share...Share on Facebook
Facebook
Tweet about this on Twitter
Twitter
Share on LinkedIn
Linkedin
Share on Tumblr
Tumblr
Email this to someone
email

Leave a Reply

Your email address will not be published. Required fields are marked *