Documentation
Fri, 11/02/2011 - 06:34

Using SSH for tunneling

A very useful resource (in French) to use SSH, with specific use cases: Les_tunnels_SSH Another useful (and short one for tunneling): http://www.howtoforge.com/reverse-ssh-tunneling

Connecting to another remote computer through a common central computer

In short, if you have a configuration with 3 computers (A - B - C) and you want to connect to A (arrival) from C (client) but A doesn't allow direct SSH connection, you can do the following:
  1. On A and B, install openssh-server
  2. On A, open an SSH connection to B: ssh -R 5000:localhost:22 user-on-B@B
  3. From C, connect to B: ssh user-on-B@B
  4. Using the open connection on B, open a connection to A: ssh -p 5000 user_on_A@localhost
This should get you all ready to work on A.

Opening a browser

Another special case is you have A-B-C, you are on C and want to access the internal website running on A, but you can only access B in SSH, and from B, access A.
  1. Install openssh-server on A and B
  2. From C, instruct your SSH client to connect to B and to link your local port 8080 to A's port 80: ssh -L 8080:A.A.A.A:80 user_on_B@B.B.B.B
  3. Open your browser on http://localhost:8080

Opening a browser to a named host in SSL

Finally, a more complex case could be to open your browser in HTTPS to a server that only answers correctly if you use a specific domain (or subdomain) name. We use the same terminology as above, where you (as a client) are C, and want to connect to A but have to pass through B. Let's say the destination URL is https://dest.example.com/
  1. Install openssh-server on A and B
  2. Add the domain name you want to reach as an alias for 127.0.0.1 in your /etc/hosts file (127.0.0.1 localhost dest.example.com)
  3. From C, instruct your SSH client to connect to B and to link your local port 8080 to A's port 443 (for SSL): ssh -L 8080:dest.example.com:443 user_on_B@B.B.B.B
  4. Open your browser on https://dest.example.com:8080
Note that, depending on the web application on the other hand, the fact that you use port :8080 to reach it might generate some issues, like for example that, following a link in the application, the URL would be returned to a version without the port number. In this case, you would have to manually update the URL to add the port again.

Comments

[…] of all, you might get inspired by the information in this other article of ours about SSH tunnelling. In particular the second section “Opening a browser”. Basically, if your computer is […]