Monday, June 16, 2008

Forwarding Ports over SSH

lets say that the only access you have to a remote network is through SSH but you have an application that needs to securely access port 5901 on the remote network, (however this port is blocked to the outside world) SSH to the rescue. You can create a tunnel over SSH and then run your application and it will connect to the desired port by first being tunneled over your ssh connection

ssh -L 5901:remote-server:5901 user@ssh-remote-server

once the connection has been made over ssh and you have authenticated with your ssh password,
simply fire up your application that requires the remote port and point it to your localhost port 5901 and it will be tunneled over the ssh connection. in this example we tunneled vnc over ssh to make the connection
simply type vncviewer localhost:1

the remote server will think that the connection has been initiated from the local server on its network (the ssh server)

another example lets say you want to browse a web server on a remote machine through your local port 8080
ssh -L 8080:remote-server:80 user@ssh-remote-server
once you have authenticated on ssh, open up your browser and type http://localhost:8080 in your address bar, you will access the web-page of the remote server:80

the added advantage of doing this is that your tunnel is encrypted and traffic travelling between your local and remote machines is secure.

No comments: