Tunnelling allows connections to be made to remote services through an
encrypted connection. This is useful if there is a firewall preventing
your access to a server from one machine, but you do have access to
the server from another machine to which you can use ssh
to connect.
Ssh
uses port forwarding to establish a connection
between a local port and the port which runs the service to be
tunnelled on the remote machine (which might be POP or FTP or HTTPS,
for example). Once port forwarding is set up you connect to the local
port which then forwards the connection through ssh to the
remote port. That is, all requests sent to the local port are
forwarded to the remote port and thus encrypted, and from the remote
port it appears you are actually on that remote host.
Tunnelling requires the remote host to be running an ssh
server, which can be checked using telnet to connect to
port 22:
$ telnet lynx.togaware.com 22
|
You will either receive a message stating the version of the remote
ssh server or an error message similar to:
telnet: Unable to connect to remote host: Connection refused
|
The ssh syntax for port forwarding is:
$ ssh -f [kayon@alpine]
-L [local port]:[alpine]:[remote port] [command]
|
A useful example is tunnelling of POP as described in
Section 29.3.1. We list a number of actual examples
here:
Suppose you want to access your secure https server from outside the
secure network. The https server uses port 443. suppose you have ssh
access to host lynx. Establish the tunnel with:
$ ssh -2 -n -N -f -a -C -L 5443:admin.hq.togaware.com:443 lynx sleep 1000d
|
Then you can access this firewall protected HTTPS server locally
through https://localhost:5443/.
Here's an example using POP:
$ ssh -2 -n -N -f -a -L 5143:mail-bt:143 lynx sleep 1000d
|
Then you can access the POP server on your local machine.
Copyright © 1995-2006 [email protected]
|