Wednesday, February 6, 2008

SSH Port Forwarding

SSH (Secure SHell) is well known to Linux administrators as a method for connecting to other systems.
SSH strongly encrypts the connection between the hosts, ensuring that passwords and any transmitted data are safe.


SSH port forwarding, essentially, is the art of causing a port from one host to appear on another, using a connection through SSH. Port forwarding can accomplish several goals at once, but one of the most compelling reasons to use the technique is that traffic to the forwarded port is encrypted.


Local Port Forwarding

When you forward a port locally, you make a port from the SSH server available on your local machine.
A port on the remote machine which would otherwise be unavailable to you can be used just as if it was your local machine’s port. This port is also then available to other programs on your local host, outside the SSH session.

Imagine a situation where you need to conceal your web browsing traffic
Certainly many nefarious reasons for doing this come to mind immediately, but how about a legitimate one?
Perhaps you need to solve a difficult problem for which you need googling but you don't ant that your boss gets to know that you googled the problem and all your activities are logged.

If you have a remote host in your home that uses a squid web proxy, and is reachable by SSH then, you can easily use local port forwarding to augment SSH with a secure proxy channel.
Assume your remote host in the home is home.com and your web proxy is proxy at port 3128 and your office host is office.com.

To set up port forwarding in this case, issue this command :

ssh -L 3128:proxy:3128 username@home.com

At this point, you can set your web browser to use the proxy, using the host office.com (or localhost) and port 3128.

Your web browser connects to your local machine’s port 3128, but the connection is forwarded over the SSH session to home.com in your home office, which connects to proxy to make HTTP requests. Anyone at office.com watching traffic will see only SSH traffic between office.com and home.com.

Hurray you have now forwarded your ports at home to your office!!!!

You can get more from
http://www.redhatmagazine.com/2007/11/06/ssh-port-forwarding/

No comments: