SSH tunneling/gateway question
-
It would have been better to have a package repository located with the remote servers and let that server have outbound access. But this is the way it is right now.
-
What about something like this?
-
@black3dynamite said in SSH tunneling/gateway question:
What about something like this?
That is the local tcp forwarding. I knew that could be done but in this case it's the opposite direction I need, the remote tcp forwarding. It's like putting internet and the proxy on Computer B instead.
-
@Pete-S said in SSH tunneling/gateway question:
@black3dynamite said in SSH tunneling/gateway question:
What about something like this?
That is the local tcp forwarding. I knew that could be done but in this case it's the opposite direction I need, the remote tcp forwarding. It's like putting internet and the proxy on Computer B instead.
I think I have it figured out though. Just need to try it on a couple of test VMs first.
-
@scottalanmiller said in SSH tunneling/gateway question:
Yes, SSH tunneling makes a VPN that can work in either direction.
I never knew you could do this with SSH... Why is this not more commonly done?
-
@dafyre said in SSH tunneling/gateway question:
I never knew you could do this with SSH... Why is this not more commonly done?
It's pretty darn common. It's the most common vendor support VPN tool, for example.
-
@Pete-S said in SSH tunneling/gateway question:
@black3dynamite said in SSH tunneling/gateway question:
What about something like this?
That is the local tcp forwarding. I knew that could be done but in this case it's the opposite direction I need, the remote tcp forwarding. It's like putting internet and the proxy on Computer B instead.
Yeah essentially replace the -L with a -R. It's the same thing.
-
OK, this is what I ended up doing.
I wanted the remote server to have access to a local repository served over http. This works with any kind of traffic over tcp though, as it's not a web proxy but tcp forwarding.
I set up the files and served the website on the ssh client machine with PHPs build-in server. It's easy to use and requires no setup. You just start it in the base directory you want to serve. I used port 8000.
php -S localhost:8000Then access the remove server from the client with the reverse tcp forwarding active.
Basically forwarding port 8000 on the remote host to port 8000 on the local ssh client.ssh -R 8000:localhost:8000 remote_ipBut since I was connecting with a windows machine I used putty instead.
This is how you set up the tcp forwarding:
It seems like you can not only forward one port, but many ports and in whatever direction you want at the same time.
To try that you have things working:
wget localhost:8000In my case I wanted apt package manager to use the forwarded port so I just changed it to use http://localhost:8000 to access the packages.
-
@Pete-S said in SSH tunneling/gateway question:
OK, this is what I ended up doing.
I wanted the remote server to have access to a local repository served over http. This works with any kind of traffic over tcp though, as it's not a web proxy but tcp forwarding.
I set up the files and served the website on the ssh client machine with PHPs build-in server. It's easy to use and requires no setup. You just start it in the base directory you want to serve. I used port 8000.
php -S localhost:8000Then access the remove server from the client with the reverse tcp forwarding active.
Basically forwarding port 8000 on the remote host to port 8000 on the local ssh client.ssh -R 8000:localhost:8000 remote_ipBut since I was connecting with a windows machine I used putty instead.
This is how you set up the tcp forwarding:
It seems like you can not only forward one port, but many ports and in whatever direction you want at the same time.
To try that you have things working:
wget localhost:8000In my case I wanted apt package manager to use the forwarded port so I just changed it to use http://localhost:8000 to access the packages.
Right you can name any number of ports. If you want to do dynamic tunneling you can pass a -D and use the remote host as a SOCKS proxy. Then only define the one port for the proxy in your browser or wherever.
SSH is pretty awesome.
-
using ssh to tunnel rdp is quite handy as well.
