SSH Tunneling

Classic Tunnel

You want to map a remote port locally,

ssh -L localport:localhost:remoteport remotehost

You want to map a port that is available on the remote network locally,

ssh -L localport:internalhost:remoteport remotebounce

Check

netstat -lntupe --inet --inet6 | grep localport

You can even further make the service accessible on your network by adding a bind_address at front

x.x.x.x:

Reverse Tunnel

You want to map a local port to a remote host,

ssh -R remoteport:localhost:localport remotehost

You want to map a port that is available on your network to a remote host,

ssh -R remoteport:somepeer:localport remotehost

Check on the remote host

netstat -lntupe --inet --inet6 | grep remoteport

You can even further make the service accessible on the remote network by adding a bind_address at front

x.x.x.x:

Whatever Forward Proxy

You want a SOCKS4 or SOCKS5 forward proxy on your local system,

ssh -D LOCALPORT remotehost

You want the same but actually providing the forwarding service to others on your internal network,

ssh -D BIND-TO-IP:PORT remotehost

or just on any network interface,

ssh -D *:PORT remotehost

Finally, if you want to bring this up at startup,

vi /etc/rc.local

#goes into bg
#ssh -fN -D *:PORT remote
su - USER -c "sleep 10; ssh -fN -D *:PORT remote" &

Or if you rather prefer to have a one minute delay and keep it as a Watchdog

as user

http://pub.nethence.com/bin/security/check.socks

crontab -e

* * * * * $HOME/bin/check.socks PORT REMOTESRV

Resources

Opening and closing an SSH tunnel in a shell script the smart way https://gist.github.com/scy/6781836

Can SSH be tunneled over HTTPS using thttpd? https://serverfault.com/questions/140945/can-ssh-be-tunneled-over-https-using-thttpd


Nethence | Pub | Lab | Pbraun | SNE Russia | xhtml