Quick and Dirty SSH Tunneling

Shawn shows us how to set up a quick SSH tunnel for accessing a computer behind a remote firewall. He demonstrates this from his hotel room 400 miles away from his home network!

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Also, SSH tunneling can be

Rory's picture

Also, SSH tunneling can be used when you are on an insecure network, so that you can encrypt your for example, cam chat traffic and feel safe about sending your passwords.

Also, SSH tunneling can be

Rory's picture

Also, SSH tunneling can be used when you are on an insecure network, so that you can encrypt your for example, cam chat traffic and feel safe about sending your passwords.

question

fujiblimp's picture

Hi There
How is it that the private IP address of 192.168.1.1 is accessible from the public internet in order to do this?

@fujiblimp

kniko's picture

It's not..the guy actually accesses 192.168.1.1 (which is the router ip in his home network) through "homeserver" which translates to the real IP of his home server, either 1to1 NAT or PAT for ssh port 22. The homeserver does half the magic, and should be a box running sshd. The other half of the magic happens on the laptop where the tunnel is initiated.

So he actually when the tunnel is created, shh LISTENS at port 8888 and forwards any packets sent to that port through the tunnel to the homeserver and then the homeservers checks the ip and sends it to 192.168.1.1.

Most folks are assigned

Rajan R Vaswani's picture

Most folks are assigned dynamic IP addresses by their ISP. This article here http://www.askmeaboutlinux.com/?p=1286 explains how to set up a dyndns account so you can host websites or use SSH to login to your computer from over the internet. You will find related links on that page on how to do it. There is also this item http://www.askmeaboutlinux.com/?p=1300 to enable you to login to a remote computer from a Nokia E63 smart phone.

Newbie

lucacerone's picture

Hi everybody,
I'm new to Linux world and this article is a bit obscure to me.
I already experienced successfully remote access to my computer
through SSH, but can't really understand what is the difference
between the way I access it (simply ssh -X myuser@myhost)
and the way Shawn access it.
I've tried to understand this tunnelling stuff previously but
never could figure it out what exactly is and why and when it is useful.

Can some of you guys make it simple enough for me to understand or
address me to a clear article for a newbie like me?
Thanks a lot for the article!(and hopefully for your help).

Cheers.

Firefox SSH Tunnel

cantormath's picture

To send all traffic through the SSH tunnel via Firefox:
In Terminal:
:~$ ssh -fND localhost:$PORT user@some-ssh-server.com
For Example:
:~$ ssh -fND localhost:8888 user@sshtunnelserver.com

In Firefox, click on Edit then Preferences. Pick the 'Advanced' tab then the network sub-tab and click on the Settings button next to 'Configure how Firefox connects to the internet'. Select Manual proxy configuration, enter localhost in the SOCKS Host text field and enter the port you used for your tunnel. Close the dialog to apply the settings.

Firefox will go to the port selected, where the SSH process will pick it and send information encrypted to your SSH server, which will in turn establish the actual connections to the urls web server. here are two exceptions:

* Hosts listed in the 'No proxy for' field. By default this setting lists localhost and 127.0.0.1. You could add other hosts or IP addresses if you want Firefox to connect to them directly (instead of using the tunnel).
* Firefox will still do DNS lookups for the localhost.

To prevent Firefox from doing DNS lookups from localhost enter about:config in the URL text field and double click on the network.proxy.socks_remote_dns to set it to true.

At this point Firefox will send all of its traffic (except, again, for the 'No proxy for' field) through your SSH tunnel.

To undo all of this just go back into Firefox Preferences (AdvancedTab > Network subtab > Settings Button) and select 'use system proxy settings'. Then go to about:config and switch network.proxy.socks_remote_dns back to false.

SSH tunnelling can also be

ed2403's picture

SSH tunnelling can also be used when you are on an unsecure network, e.g. a Starbucks, so that you can encrypt your traffic and feel safe about sending your passwords. I have also used it to let my daughter access our Netflix account while overseas - their server sees the traffic as originating on my server which is in the US.

See https://calomel.org/firefox_ssh_proxy.html

Nice

alejorodri11's picture

I just want to thank you. This trick really save my ass. Have a great day.

Webinar
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Webinar
Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix