Tech Tip: More ssh Tunneling

Using ssh tunnelling I can protect services which are not normally protected and/or encrypted against unauthorized access. In this example I show how I set up a secure connection to my IRC proxy, but you can use this same recipe for other things.

I run the following script from my .xinitrc file. It does the following:

  • Checks, using fping, if it can reach my dircproxy host (myhost).
  • Calls autossh to run a persistent forwarding ssh session to the host.
  • Logs suitable messages to syslog using logger.
  • Echos the autossh PID, which can be used to wait.
#!/bin/sh
#
# Starts a tunneled connection to dIRCproxy on port 57000.
#

PROG=`basename $0`

if [ `which fping|wc -l` -eq 0 ]; then
    logger -p user.info $PROG: missing fping
    exit 0
fi
if [ `which autossh|wc -l` -eq 0 ]; then
    logger -p user.info $PROG: missing autossh
    exit 1
fi

fping myost -q
if [ $? -eq 0 ]; then
    autossh -X -N -L 57000:localhost:57000 frankie@myhost </dev/null >/dev/null >&1 &
    PID=$!
    logger -p user.info $PROG: dircproxy tunnel started as $PID
    echo $PID
else
    logger -p user.info $PROG: klecker not reachable
fi

You may not be familiar with fping or autossh. Fping is essentially just ping with some added features, plus it's more amenable for use in scripts. Autossh is an ssh wrapper that's used to start and monitor a copy of ssh.

Load Disqus comments