• Home
  • NW
  • Kultúra
  • Šport
  • Fun
  • Linux
  • Download

Asus A6TC

  • Ubuntu 8.04
  • Gigabit LAN
  • Disk

Network

  • IP config
  • Firewall
  • SSH tunnel
  • TIPS
  • SSH tunnel advanced

Server basics

  • LVM with EXT3

Linky kámošov

  • Sacie-komando

Linky školy

  • Diplomovka
  • STU FEI KTL
  • STU FEI

Linky in-line

  • Zakkaz
  • Be-mag

Na pobavenie

  • Najstaršia stránka
LINUX » SSH_TUNNELLING

SSH tunnel in Linux environment

Publishing your services from behind NAT using SSH remote tunnel

Ssh tunnels are one of the things, why I really like this OS. Of course you can also install ssh service in windows system too, but how many users did it so? I know only about one. Ssh tunnels help us access computers without public IP address or if it is behind blocking firewall.

We want to access home linux machine from work linux machine. We want access ssh service running on home linux machine on port 22. But we can access any service, just change the port number.

For this we need to create 2 ssh tunnels:
  • » Remote ssh tunnel from home linux machine to linux hopping station
  • » Local ssh tunnel from work linux machine to linux hopping station
Graphical show of ssh tunnel in network.
Computers used for ssh tunnel are:
  • » rollyboy@roleta - Private IP address or Public IP address not accessbile because of placed behind the firewall - this is home linux machine behind NAT service, which we want access from outside (e.g. work).
  • » marecek@ares - Public IP address - this is linux hopping station accessible from anywhere, because it has public IP address.
  • » roleta@einstein - Private IP address or Public IP address not accessbile because of placed behind the firewall - this is work linux machine behind the NAT service.

Remote ssh tunnel from home linux machine to linux hopping station

Ssh service runs by default on port 22. All ports above 1024 can be used for ssh tunnelling, but better check it before on Dave's port list or in file /etc/services.

Check free port numbers in file /etc/services. Port 3306 is already used by other application, in this example mysql: 
root@roleta:/# cat /etc/services | grep 3306
mysql        3306/tcp
mysql        3306/udp
root@roleta:/#

Now we create remote ssh tunnel from home linux machine port 22 (service ssh, which we want access from outside) to linux hopping station port 45 100 (free port).

1. Create remote ssh tunnel: 
rollyboy@roleta:/$ ssh -R 45100:localhost:22 marecek@ares.ktl.elf.stuba.sk
Linux ares 2.6.16-1-686 #2 Fri May 5 04:56:53 UTC 2006 i686 GNU/Linux

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.

Last login: Mon Aug  4 18:44:15 2008 from adsl-195-168-231-099.dynamic.nextra.sk
marecek@ares:~$

Local ssh tunnel from work linux machine to linux hopping station

Now we create local ssh tunnel from work linux machine port 45 101 (free port) to linux hopping station port 45 100.

2. Create local ssh tunnel: 
[roleta@einstein~]$ ssh -L 45101:localhost:45100 marecek@ares.ktl.elf.stuba.sk
The authenticity of host 'ares.ktl.elf.stuba.sk (147.175.103.16)' can't be established.
DSA key fingerprint is 4b:e5:6b:a0:fc:98:64:53:76:e0:63:e2:43:34:ae:db.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'ares.ktl.elf.stuba.sk' (DSA) to the list of known hosts.
Enter passphrase for key '/home/roleta/.ssh/id_rsa': 
Linux ares 2.6.16-1-686 #2 Fri May 5 04:56:53 UTC 2006 i686 GNU/Linux

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.

Last login: Mon Aug  4 19:09:36 2008 from adsl-195-168-231-099.dynamic.nextra.sk
marecek@ares:~$

Access home station from work

On work linux machine we connect to ssh service using this tunnel listen on port 45 101. And ..., wualla, we are on the home linux machine.

3. Access home machine from work: 
[roleta@einstein~]$ ssh -p 45101 rollyboy@localhost
The authenticity of host '[localhost]:45101 ([::1]:45101)' can't be established.
DSA key fingerprint is 80:d6:af:4d:ce:d8:5a:47:39:55:7d:81:48:56:80:df.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[localhost]:45101' (DSA) to the list of known hosts.
Enter passphrase for key '/home/roleta/.ssh/id_rsa': 
Linux roleta 2.6.24-19-generic #1 SMP Fri Jul 11 23:41:49 UTC 2008 i686

The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

To access official Ubuntu documentation, please visit:
http://help.ubuntu.com/
Last login: Tue Jul  1 12:52:01 2008 from barborka.mshome.net
rollyboy@roleta:~$

Some content copyright © 2008 find on facebook , some rights reserved, feel free to share "opensource" way of thinking. Layout created at CSSWebLayouts
Legal | Privacy Policy | Contact