Using ssh Port Forwarding to Print at Remote Locations

Rory shows you how to connect the printing systems on different networks across the Internet in a secure manner.
______________________

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Good article

Anonymous's picture

Nice :)

Re: Using ssh Port Forwarding to Print at Remote Locations

seldterre's picture

I am looking for info on using ssh port forwarding to print between to win2k boxes. I have the ssh server running, and can connect, but cant seem to setup the printing side of the arrangement. I have forwarded 9100:win2khost:9100 and get an error that it could not open the channel when I try to print. I have also used 9100:win2khost:515, however, this seems to send the print job into the ether never to be seen again. I have lpdsvc running on the win2khost box, with printers setup tcp/ip 127.0.0.1 port 9100; lpr 127.0.0.1 and various other configurations. Any help would be appreciated.

Re: Using ssh Port Forwarding to Print at Remote Locations

Anonymous's picture

What do you do if you don't have direct access from your home computer to the relevant company computer, requiring the

connection to be initiated from the company computer while

somehow opeing up the home computer? How to avoid

opening up the home compuiter and stay below the threshold

of running a full IPSEC network?

TIA!

Re: Using ssh Port Forwarding to Print at Remote Locations

Anonymous's picture

This article helped me make our office more secure. We had multiple database ports that were accessible through our firewall. Now I have all our people using ssh (putty) from home doing port forwarding to their local host through the ssh session to get access to the databases.

Now if I could only get Samba to do this as well so they could access their home directories and shares!!!

Thanks,
Shawn

You CAN port-forward CFS to Remote Samba servers

Anonymous's picture

Samba can do this, get the latest version and run Teraterm on your Windows PeeCees for the port forwarding... you lose the local network, tho, when you redirect your nbios and dgram ports to the remote server.

Thank you samba team! Thank you OpenSSH!

--Charlie

Re: Using ssh Port Forwarding to Print at Remote Locations

Anonymous's picture

You used Putty? I didn't know putty could do port forwarding. Could you explain how you setup your users?

Thanks,

Greg

Re: Using ssh Port Forwarding to Print at Remote Locations

Anonymous's picture

1. Must have putty .52 or later

2. Configure a saved session with ssh, and the machine

3. Under the configuration/ connection/ ssh/ tunnels

Oracle: forwarded 1521; destination 192.168.x.x:1521 (server behind the firewall)

MySQL: forwarded 3306; destination 192.168.x.x:3306 (server behind the firewall)

4. Resave configuration... unless you like typing it in over and over.

Now that is it... they can connect to the databases through their machine to the server using ssh (i.e. localhost:1521), but they do have to connect with that ssh session first.

Shawn

Re: Using ssh Port Forwarding to Print at Remote Locations

Anonymous's picture

How can you print a file on your local machine to a remote printer using ssh?

Is it possible to use ssh to allow someone else to print a file on his local machine using your account on the remote computer without giving them you password.

Re: Using ssh Port Forwarding to Print at Remote Locations

Anonymous's picture

It is also possible with port-forwarding, by just remotely executing lpr. Just give 'ssh username@somehost lpr' as the print-command.

Works fine under Gnome and also KDE IIRC.

It is more convient if another authentication is used instead of a password.

But at least in Gnome I remember one occasion being surprised when a dialog popped up asking for a password. I was using password authentication.

Printing to Win2K?

Anonymous's picture

Is there a sneaky way to print from a linux machine to a Win2k machine using this method? Or should I just use cups?

Re: Printing to Win2K?

rory's picture

I don't know. ssh is payware for windows. There is no lpr on windows. Back in the DOS days there was the "print" command available. Is there a print command in Win2K?

You can also use samba to print from linux to windows.

Somebody with a windows machine should try it.

Re: Printing to Win2K?

Anonymous's picture

Not true. You can use PuTTY, which handles ssh just fine.

Re: Printing to Win2K?

rory's picture

Can you set up PuTTY as an ssh daemon so that you can ssh

to the windows box? Or does PuTTY supply only the ssh client to ssh to Linux from Windows?

Re: Printing to Win2K?

Anonymous's picture

Putty is just a client. However, Cygwin has a daemon that can be setup on winblows ;)

--

Kevin White

Re: Printing to Win2K?

Anonymous's picture

openssh is also distributed for windows (sorry i dont remember where i got it from exactly, probably openssh.org) Buti it only works in win2k/XP and i have had problems with it in XP (mainly i think due to its provided shell, cmd should work fine)

Re: Printing to Win2K?

Anonymous's picture

The OpenSSH daemon is included in Cygwin, I think. see http://sources.redhat.com/cygwin/

Re: Printing to Win2K?

Anonymous's picture

You need to checkout the ssh.com client. It's a free download for personal use and it has all the command line tools. The latest versions of putty is completeley free and also has all the command line tools. I think you may have missed a simpler way of getting the ip of the connecting host when you ssh to a remote host, i.e. (echo $SSH_CLIENT |awk '{print $1}'). And you could have stopped at the port forwarding and lprng config setup because you can have inetd handle passing the redirect to lpr. All though you may want to at least have a tcpwapper statement and potentially a netfilter setup that limits access to the redirected port to avoid printing any old junk that gets sent to your inetd port.

As for all those Windows 2000 you can take the path of least resistance by adding the unix printing services windows component that is availble on all versions of 2000. You can add it under the Advanced menu of the Network and Dialup Connections folder.

Re: Printing to Win2K?

Anonymous's picture

In Win NT you can add lpr as: Start -> Settings -> Control Panel -> Network -> Services -> Add -> Microsoft TCP/IP printing

You add a lpd printer port as follows: Start -> Settings -> Printers -> Add Printer -> Add Port -> LPR Port -> New Port -> (lpd server and queue)

You add a printer using the above port: Start -> Settings -> Printers -> select printer port -> Next -> select manufacturer and type -> Next -> Next -> etc. etc.

Re: Using ssh Port Forwarding to Print at Remote Locations

Anonymous's picture

Just give 'ssh username@somehost lpr'

Yes, that is what I use. The system described in the article is needlessly complicated.

There is no need to do port forwarding, edit printcap, write a client program for the other end, modify shell initialization scripts, and so on when the data can simply be passed on STDIN and the printer name can be passed on the command line. Welcome to UNIX, land of pipes and command lines.

Did you consider dialup or dynamic IP's?

rory's picture

I like Keep It Simple Stupid solutions. But sometimes you can buy some convenience with complication. The setup in the article is really for dialup users. If you are lucky enough to have left the world of dynamic IP's in the past, then stick to simplicity. However, if you are using dialup your host name gets changed every time you connect and gets really long and cumbersome to type.

Compare the following:
ssh rory@somehost lpr
ssh rory@levrtwa1-ar1-182-035.evrtwa1.dsl.dialupsucks.net lpr

After I have dialed up in the morning, ssh'ed over to work and typed my print command into each application I am going to use for the day, I will be on the my second pot of coffee and about ready to go to lunch. Then I'll get disconnected and have to redial. Oh what fun :-).
The described system is only for where the simplest solution does not pay off. Set it up once and then let ssh figure out how to route your print data back to your location.
Welcome to Unix where pipes and command lines take care of the grunt work and I can get some work done.

Webinar
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Webinar
Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix