Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Tunnel using SSH
Top Forums UNIX for Advanced & Expert Users Tunnel using SSH Post 302993473 by stomp on Friday 10th of March 2017 03:24:28 AM
Old 03-10-2017
Hi,

I'm not quite sure what your question is, so I explain a bit more.

SSH: Local Port forwarding

Local Port forwarding in SSH means that a listening Port on the local side is opened and all data is accepted and forwarded to a specified Host+Port on the remote side via the ssh connection. So all data is intercepted by the ssh-client, sent through the encrypted tunnel and after that sent - unencrypted to the host reachable from the target host. If the remote host is localhost then unencrypted data never goes over any physical media.

But you may specify other targets than localhost as remote forward host - maybe a host only the ssh-target host is able to reach. For example a host in a remote private lan which your source host has no possible connection to, but to take an intermediate step to the ssh target host. In this case the transport of the data after it leaves the ssh tunnel and is sent unencrypted at the target ssh host to the port forwarding target host.

See this nice picture(german language. The only thing to know is, that red is encrypted and blue is unencrypted):

http://www.netzmafia.de/skripten/int...verbindung.gif

Unprivileged ports

So since every tunnel requires a local listening socket a user must have privileges to create such. And since all Ports < 1024 require extended privileges a normal user cannot create sockets on that port range. But it's not needed use privileged ports. You may just use any port >= 1024. It's a bit more pleasant to use the same port as target-port and local tunnel-port. E. g. when you use port 80, you can simple type http://localhost or http://virtualhost.domain.tld (with virtualhost.domain.tld pointing to 127.0.0.1 in your ssh clients hosts file, so the http request has the correct virtualhost set and the target is localhost) and thus you do not need to specify the nonstandard port.
This User Gave Thanks to stomp For This Post:
lobsang
 

10 More Discussions You Might Find Interesting

1. Programming

using a ssh tunnel with nx compression

hi everybody and thank you for this wondefrul forum this is my first thread posted here and i hope that i could find some help from your part (i am even sure) :D here is the situation: i am to develop an application of remote desktop access such as vnc, vpn and especially nx i want to develop... (0 Replies)
Discussion started by: bolboln01
0 Replies

2. Shell Programming and Scripting

SSH Tunnel Forwarding with no shell

Hi Experts, I am trying to have the SSH tunnel Remote forwarding command in a shell script. I should be able to do 2 tasks, but unable to get that going. 1) I have 3 servers Server 1, Server 2, Server 3. I have my Database running on Server 1 and my script running on Server 2 which should... (0 Replies)
Discussion started by: Scriptingglitch
0 Replies

3. UNIX for Advanced & Expert Users

ssh decipher a tunnel

Two question here, but it's only one on the protocol point of view. If two persons use the same key to connect to a SSH server is there a risk they can decipher the other tunnel. In other terms is that less safe than if they have two separate keys. Same question if two persons use the same user... (2 Replies)
Discussion started by: moi
2 Replies

4. UNIX for Advanced & Expert Users

Stopping SSH tunnel

I have initiated a tunnel for vncserver. now i want to stop it. is there any way except sleep option? (2 Replies)
Discussion started by: majid.merkava
2 Replies

5. Cybersecurity

RDP over SSH Tunnel

Hi all, I'm trying have an alternative way of connecting into a Corporate network. Mostly in case the VPN down as I cannot also change the security policy. I want to expose windows RDP over ssh tunnel. I have 3 hosts in my scenario 1- Host a : Windows 2k8 has no internet access just only an... (3 Replies)
Discussion started by: h@foorsa.biz
3 Replies

6. UNIX for Dummies Questions & Answers

SSH tunnel working for ssh but not for sshfs

I'm trying to setup a link between my home pc (work-machine) and a server at work (tar-machine) that is behind a gateway (hop-machine) and not directly accessible. my actions: work-machine$ ssh -L 1234:tar-machine:22 hop-machine work-machine$ ssh -p 1234 user@127.0.0.1 - shh access on... (1 Reply)
Discussion started by: Vathau
1 Replies

7. IP Networking

Help with SSH tunnel?

I have a Java web app on machine (X) that needs to talk to an LDAP server (Y) on :636, but the LDAP server is only accessible on a particular network. I can login to a machine (Z) on that network from X, and this machine can talk to the LDAP server on :636. How can I tunnel so that X can... (2 Replies)
Discussion started by: spacegoose
2 Replies

8. UNIX for Advanced & Expert Users

Ssh tunnel question

Hi all I have a suite of scripts that ssh to remote servers within a cluster and run some tests. This is done from a central server so that all of the test results can be captured in one location. Problem is I now have 509 tests and the number is growing. The scripts work by establishing a... (2 Replies)
Discussion started by: steadyonabix
2 Replies

9. Proxy Server

WebSocket over SSH tunnel - is it possible?

Hello, I have a video streaming application that utilizes a WebSocket for the server <-> client communication. My goal is to make the video streaming service available over the internet in the cases where neither the server nor client have public IPs. One way to do this is over a VPN... (8 Replies)
Discussion started by: Vladislav
8 Replies

10. Solaris

Tunnel X over ssh for 11.3

Hello Solaris experts: Trying to bring the 11.3 gdm screen over ssh to a Linux Box: I did the following: 1. made chanes to /etc/ssh/sshd_config & bounced ssh daemon: # X11 tunneling options X11Forwarding yes X11DisplayOffset 10 X11UseLocalhost yes 2. From the remote Linux box: ... (6 Replies)
Discussion started by: delphys
6 Replies

LEARN ABOUT DEBIAN

ssh-argv0

SSH-ARGV0(1)						    BSD General Commands Manual 					      SSH-ARGV0(1)

NAME

     ssh-argv0 -- replaces the old ssh command-name as hostname handling

SYNOPSIS

     hostname | user@hostname [-l login_name] [command]

     hostname | user@hostname [-afgknqstvxACNTX1246] [-b bind_address] [-c cipher_spec] [-e escape_char] [-i identity_file] [-l login_name]
     [-m mac_spec] [-o option] [-p port] [-F configfile] [-L port:host:hostport] [-R port:host:hostport] [-D port] [command]

DESCRIPTION

     ssh-argv0 replaces the old ssh command-name as hostname handling.	If you link to this script with a hostname then executing the link is
     equivalent to having executed ssh with that hostname as an argument.  All other arguments are passed to ssh and will be processed normally.

OPTIONS

     See ssh(1).

FILES

     See ssh(1).

AUTHORS

     OpenSSH is a derivative of the original and free ssh 1.2.12 release by Tatu Ylonen.  Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
     Theo de Raadt and Dug Song removed many bugs, re-added newer features and created OpenSSH.  Markus Friedl contributed the support for SSH
     protocol versions 1.5 and 2.0.  Jonathan Amery wrote this ssh-argv0 script and the associated documentation.

SEE ALSO

     ssh(1)

Debian Project							 September 7, 2001						    Debian Project
All times are GMT -4. The time now is 09:44 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy