The Power of SSH Tunnel

By | February 9, 2008

_____________________________________________
with loves, with efforts, with knowledges
knowing the best for ur best
__illuminator__
http://wafa.web.id
_____________________________________________

SSH is known for its secure shellprotocol, from wikipedia.org its explain that :

Secure Shell or SSH is a network protocol that allows data to be exchanged over a secure channel between two computers. Encryption provides confidentiality and integrity of data. SSH uses public-key cryptography to authenticate the remote computer and allow the remote computer to authenticate the user, if necessary.
SSH is typically used to log into a remote machine and execute commands, but it also supports tunneling, forwarding arbitrary TCP ports and X11 connections; it can transfer files using the associated SFTP or SCP protocols.

now, in this posting i’ll describe some usage from ssh client for tunnelling:

  • X11 Display forwarding
  • This type tunnel can be done with this additional command line:
    -X
    example:
    ssh -l wafa@myserver -X
  • This methode explain that, all my display will exported to my local X Server, with note that you have install your local XServer (for windows you can install XWin32 or eXceed or another XServer for win32, but for linux/unix this is preinstalled package when u install desktop environment)

 

  • Local Port forwarding
  • This type tunnel can be done with this additional command line :
    -L [bind ip address:]localport:remote ip address:remoteportexample:
    -L 127.0.0.1:8080:208.80.152.42:8080
     
  • This method can be explain like this, you can access remote address and port from your localhost port 8080, this method can be used to create a tunnel to your internal imap/pop3/smtp server when you at outside your internal office network.
    e.q :
    -L 127.0.0.1:143:192.168.0.5:143

    => 192.168.0.5    : your internal imap server
    => 127.0.0.1:143 : for your mail client setting

 

  • Remote Port forwarding
  • This type tunnel can be done with additional command line :
    -R bind remote ip address:remoteport:[local ip address:]localport
    example:
    -R 208.80.152.42:8080:
    127.0.0.1:8080
  • This type tunnel useful when you need a back access to your local server from your remote server, this type tunnel is the opposite of local port forwarding.

 

  • Local Dynamics Port Forwarding a.k.a Socks Tunnel
  • This type is commonly used if you need full access to your remote network, this tunnel work like a socks proxy, ssh support both socks 4 & 5, this type tunnel can be done with this additional command line :
    -D [bind ip address:]localportexample:
    -D 127.0.0.1:8080

for some security reason there is some additional tips and command to deal with tunneling, such as:

  • using pair keys, you will nedd this to by pass password prompting, u can use this when u already have pair key generated by ssh-keygen
  • do not execute remote command, just do the tunnel, this can be done with additional options : -N

_____________________________________________
with loves, with efforts, with knowledges
knowing the best for ur best
__illuminator__
http://wafa.web.id
_____________________________________________

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.