Tech Tip: More ssh Tunneling
Using ssh tunnelling I can protect services which are not normally protected and/or encrypted against unauthorized access. In this example I show how I set up a secure connection to my IRC proxy, but you can use this same recipe for other things.
I run the following script from my .xinitrc file. It does the following:
- Checks, using fping, if it can reach my dircproxy host (myhost).
- Calls autossh to run a persistent forwarding ssh session to the host.
- Logs suitable messages to syslog using logger.
- Echos the autossh PID, which can be used to wait.
#!/bin/sh # # Starts a tunneled connection to dIRCproxy on port 57000. # PROG=`basename $0` if [ `which fping|wc -l` -eq 0 ]; then logger -p user.info $PROG: missing fping exit 0 fi if [ `which autossh|wc -l` -eq 0 ]; then logger -p user.info $PROG: missing autossh exit 1 fi fping myost -q if [ $? -eq 0 ]; then autossh -X -N -L 57000:localhost:57000 frankie@myhost </dev/null >/dev/null >&1 & PID=$! logger -p user.info $PROG: dircproxy tunnel started as $PID echo $PID else logger -p user.info $PROG: klecker not reachable fi
You may not be familiar with fping or autossh. Fping is essentially just ping with some added features, plus it's more amenable for use in scripts. Autossh is an ssh wrapper that's used to start and monitor a copy of ssh.