05-24-2013
VPN does not seem to be a need. No reconfiguration of sshd is necessary, either. Of course, the sshd on the far end must allow the tunnel type.
If you set up a tunnel with SSH, listening on one end and connecting out to some target host-port on the other, anyone who can get to the listener can use the target, as long as it is not a tcp protocol that acts on hosts and ports in the message stream, like FTP, and even that can be accommodated with additional tricks in many cases. Unlike the shell command part of the ssh session, user id is not in play, it is just a tcp wormhole you created. BTW, if the session has compression, so do the tunnel connections.
10 More Discussions You Might Find Interesting
1. OS X (Apple)
Hi,
I have issues with running graphical interfaces on my computer being remotely logged into a network via the -X option of ssh. My .cshrc shows DISPLAY=hostname:0 and I think there should be a different number instead of the 0. I changed the ssh_config file already to 'X11 forwarding yes', which... (0 Replies)
Discussion started by: ginese
0 Replies
2. Cybersecurity
Hi,
from my workplace we use a proxy to connect to the outside world, including external ssh servers.
The problem is that the server is seeing the connection coming from the proxy and knows nothing about the client behind it. The ssh connection itself works fine, but x-forwarding does not work as... (1 Reply)
Discussion started by: vampirodolce
1 Replies
3. Shell Programming and Scripting
Hi Experts,
I am trying to have the SSH tunnel Remote forwarding command in a shell script. I should be able to do 2 tasks, but unable to get that going.
1) I have 3 servers Server 1, Server 2, Server 3.
I have my Database running on Server 1 and my script running on Server 2 which should... (0 Replies)
Discussion started by: Scriptingglitch
0 Replies
4. UNIX for Dummies Questions & Answers
So this seems like something that should be simple...but I can't quite seem to get it up and running. I have a machine, .107 with a GUI on port 8443. The problem is that I can't connect directly to .107 from my laptop. Now I have another machine, .69 that can connect to .107. So shouldn't I be able... (4 Replies)
Discussion started by: DeCoTwc
4 Replies
5. UNIX for Advanced & Expert Users
I have an application that runs on the server with root privileges and all emails it sends get sent to root (errors, logs, etc), when they should actually go to one of application admins.
I would like to separate these emails from the OS related one sent to root and forward them to that... (2 Replies)
Discussion started by: vostrushka
2 Replies
6. UNIX for Advanced & Expert Users
Hi,
Local PC - Ubuntu 11.04 desktop
Remote PC - Debian 6.0 desktop
My problem is 2 desktops, remote and local, are displayed on the same workplace on local PC. It would be quite confusing. Is there any way to display each desktop on one workplace(on its own workplace) OR displaying both... (0 Replies)
Discussion started by: satimis
0 Replies
7. IP Networking
Hello my friends , i am totally stuck in ssh port forwarding topic
i had learn iptables and other networking topic without any problem but ssh port forwarding is headache
1. local port = what is this ? is this incoming traffic or outgoing traffic
2. remote port = same as above
3. dynamic... (2 Replies)
Discussion started by: rink
2 Replies
8. IP Networking
Hi,
I'm trying to connect ftp over ssh port forwarding to a sever(UnixC) behind FireWall(F/W). here's my env and question.
UnixA(SSH Client) ----F/W ---- UnixB(SSH Svr) ---- UnixC (FTP, 21)
UnixA wants to connect ftp service of UnixC via SSH port forwarding on UnixB.
Unix A,... (3 Replies)
Discussion started by: hanyunq
3 Replies
9. IP Networking
I have a few questions below on ports.
From my understanding ports are what allow information to come into your computer and each port interprets/allows specific information/data to come in. Is this correct from a ball park perspective? If not could some elaborate on this please.
What... (1 Reply)
Discussion started by: syregnar86
1 Replies
10. IP Networking
Here's a situation:
I do all my work on a Mac. I have mysql installed on my mac.
1. There's a certain linux server 'server01' that provides access to
another linux server 'server02' via a pseudo terminal
So, to ssh into 'server02', I do this from my mac:
ssh -t server01... (1 Reply)
Discussion started by: imperialguy
1 Replies
LEARN ABOUT FREEBSD
nos-tun
NOS-TUN(8) BSD System Manager's Manual NOS-TUN(8)
NAME
nos-tun -- implement ``nos'' or ``ka9q'' style IP over IP tunnel
SYNOPSIS
nos-tun -t tunnel -s source -d destination -p protocol_number [source] target
DESCRIPTION
The nos-tun utility is used to establish an nos style tunnel, (also known as ka9q or IP-IP tunnel) using a tun(4) kernel interface.
Tunnel is the name of the tunnel device /dev/tun0 for example.
Source and destination are the addresses used on the tunnel device. If you configure the tunnel against a cisco router, use a netmask of
``255.255.255.252'' on the cisco. This is because the tunnel is a point-to-point interface in the FreeBSD end, a concept cisco does not
really implement.
Protocol number sets tunnel mode. Original KA9Q NOS uses 94 but many people use 4 on the worldwide backbone of ampr.org.
Target is the address of the remote tunnel device, this must match the source address set on the remote end.
EXAMPLES
This end, a FreeBSD box on address 192.168.59.34:
nos-tun -t /dev/tun0 -s 192.168.61.1 -d 192.168.61.2 192.168.56.45
Remote cisco on address 192.168.56.45:
interface tunnel 0
ip address 192.168.61.2 255.255.255.252
tunnel mode nos
tunnel destination 192.168.59.34
tunnel source 192.168.56.45
AUTHORS
Nickolay N. Dudorov <nnd@itfs.nsk.su> wrote the program, Poul-Henning Kamp <phk@FreeBSD.org> wrote the man-page. Isao SEKI
<iseki@gongon.com> added a new flag, IP protocol number.
BUGS
We do not allow for setting our source address for multihomed machines.
BSD
April 11, 1998 BSD