Linux Blog

Remote SSH Port Forwarding

Filed under: General Linux — TheLinuxBlog.com at 1:00 am on Wednesday, February 23, 2011

SSH Remote Port Forwarding

SSH is an amazing tool, I often find myself finding new and interesting ways (at least to me) to use it. It is a great tool to have in your toolbox.

This may be hard to explain in works, but here goes.

Picture this: you have 3 hosts, Host A has outbound access only and is on the same network as Host B. Host B has port 22 open, accepts ssh and is allowed to ssh to Host A. Host C is the computer you are sitting at and on a different network. So, you need to connect to Host A from host C. The way to do this is with SSH port forwarding.

Lets say Host A is 192.168.1.2, Host B is 192.168.1.1 and Host C is 10.0.0.1 on the different network. Host C also has port 22 open.

So, in order to connect to Host A from Host C you can do the following with local port forwarding:

(Read on …)

Linux Tunneling Techniques

Filed under: Linux Software — TheLinuxBlog.com at 4:59 am on Wednesday, November 10, 2010


Video completely unrelated.
Ever tunneled or used tunneling for mobile Internet? Perhaps you have needed to otherwise tunnel to bypass a restrictive firewall or for a secure channel on an insecure wireless network. It seems that everyone knows how to tunnel using the ssh socks support and how to use Firefox’s about:config screen to set it to use a socks and remote DNS. While this is great for occasional web browsing it only takes you so far.

tsocks is a great application to let you tunnel other programs over socks. Its easy to install on most distributions and allows you to use many command line applications. I’ve used it on a number of occasions successfully and while it does its job its not the the best solution. This is because it was last updated in 2002 and doesn’t perform DNS lookups. I found myself using it to SSH to an IP address (memorized, or looked up through another SSH session) and using applications on the remote server.

proxychains is a bit of a better tunneling solution, it works the similarly to tsocks but It also resolves DNS and can chain multiple proxies. I’ve used it on numerous occasions with great success. ssh, lynx, lftp, irssi and a whole bunch of others work without any problems. Another plus is it has also been updated in the last 5 years (but not by much.)

One application I haven’t yet had the pleasure of trying on the desktop is 3proxy. I have used it on the iPhone but ended up using the ssh socks method more often. From its yum description and feature list, it sounds very promising and one definitely worth looking into.

Speaking from experience I know its kind of difficult to browse your distributions web repositories to find the files you need and install them (I had to do this since I didn’t have them) so I recommend you download these applications and save yourself some time before you need them on the road.

sl the BOFH’s revenge for bad typists

Filed under: Linux Software — TheLinuxBlog.com at 9:57 am on Wednesday, November 19, 2008

If you don’t know what BOFH is, then lets try wikipedia. This morning in my feed reader from tips4linux.com was an article that “makes you pay attention.”

Basically, the article software package they were recommending today is sl. I couldn’t resist commenting on this. There are many times that I am stuck over a slow SSH session, all I need is the server admin, or BOFH coming along, installing sl and making my life a pain.

So, I installed it on my desktop. What an excellent piece of software. If you run Fedora its in the yum repos and you should give it a shot. Now, all I have to do is symlink this to other useful binaries that I commonly mistype, don’t have installed and for good operator measures, some that I do.

Its too bad that I couldn’t run this through wall, but I guess I could run it as a cron. I think it should have a config file so that you could work it a bit more. Perhaps as it steams through make the smoke spell a message. Any way, thats my ranting and rambling over for the morning. Now to yum remove.

Using Subversion with SSH & Custom Ports

Filed under: Linux Software,Quick Linux Tutorials — TheLinuxBlog.com at 9:09 am on Monday, September 15, 2008

Lets say you use subversion on your home PC to keep track of projects and you want to checkout or export your project from a remote location. Here’s the catch, sshd is running on a custom port or forwarded from another. For some reason the command line SVN client does not support a port parameter when using the defacto svn+ssh://

svn co svn+ssh://thelinuxblog.com/owen/svn/project1/trunk project1
ssh: connect to host thelinuxblog.com port 22: Connection refused

Well we know why the error above happens its because I happen to run SSH on port 1337. The following work around requires root privileges, and may mess with your system a bit but if you really need to check something out, then it will work.

As root, login and stop SSH if you run it. With SSH Forward port 22 with a local SSH forwarding connection to the remote host.

[owen@thelinuxblog.com]$ sudo su -
[root@thelinuxblog.com]$ /sbin/service sshd stop
[root@thelinuxblog.com]$ ssh -p 1337 owen@thelinuxblog.com-L 22:[internal ip]:1337

Once this is done, your localhost:22 now forwards to your remote host. With another session (on your local machine) you can verify the connection by using ssh localhost. You will probably get warnings about the hosts identity being changed, or not verifying it, but you can ignore then. Once you’ve tested it, just use SVN as normal. When finished, remember to logout of the SSH session, and start SSH back up again if you run it.

Linux Wireless Morals

Filed under: General Linux — TheLinuxBlog.com at 2:40 pm on Monday, April 7, 2008

Is it moral for some one who uses Linux to borrow some ones Wireless?

Lets say you are at a hot spot and you need to jump online really quickly but some the internet house your are at charges for wireless. Is it moral to connect to some one else’s wifi?

Maybe you just moved and the internet has not arrived at your house yet. Is it moral to use a neighbors for an undefined amount of time before you are settled in and have the internet set up?

If you answered yes to any of these questions then you may either be cheap (like me) or have low morals. Either way, there are ways to protect your identity and information while borrowing wireless by using Linux.

A good way to protect your self while borrowing some one else’s wireless is to tunnel with SSH. You can use a squid proxy on a port and set up your SSH to forward a local port to the squid server. Once this is done your unencrypted http traffic is now tunneled through an encrypted SSH session. If the person who owns the wireless network (or any one else) were to sniff the packets they would just see the destination address and not the full traffic information.

Use SSH for everything that is unencrypted. SSH to a known host and use these protocols here. FTP and POP are good examples of protocols that can be used by SSH. Don’t use an instant messenger through the internet, it is very easy to sniff the packets. Some times a friend may give out incriminating information which could get you in trouble.

A good device to help with protecting your information while using some one else’s wireless is DD-WRT. Once installed on a supported device it has many functions that can be used. Bridging mode, VPN passthru, advanced routing can all be used to protect your information. DD-WRT would be especially good if set up as a bridge to the other persons wireless. You could use a NAT firewall to hid how many devices you really have connected and change the mac addresses of the clients.

In the future I’ll be showing you more ways to hide your privacy while using wireless technologies so stay tuned!