Home arrow Site Administration arrow Page 8 - Secure Tunnelling with SSH

In And Out - Administration

You probably already know how to use SSH to securely log in toremote hosts over the Web. In this article, take things a little further byusing SSH to encrypt connections to other ports as well. Scenarios coveredinclude securing your mail server connection so that your mail password isalways protected and creating secure pathways through firewalls for trustedhosts.

  1. Secure Tunnelling with SSH
  2. Kicking The Tyres
  3. Test Drive
  4. Et Tu, Brute?
  5. No Forwarding Address
  6. Any Port In A Storm
  7. Remote Control
  8. In And Out
  9. Log Out
By: icarus, (c) Melonfire
Rating: starstarstarstarstar / 29
April 02, 2003

print this article


Port forwarding comes in handy when dealing with firewalls as well. By creating a secure channel between two hosts, each on different sides of a firewall, SSH makes it possible for any computer outside the firewall to connect to any computer inside it.

The most common scenario here is when roaming users need to connect to their intranet Web server, which is protected behind a corporate firewall, from an external location. A direct connection in such cases is not possible - the firewall will reject all requests coming from outside the local network. SSH can play an important role here.

Let's consider an example, to better understand how this could work. Let's assume that the corporate Web server is running on a machine named "www", inside the firewall, and that there exists a machine named "medusa" on the same physical network, but outside the firewall. We can also assume that both "medusa" and "www" are running OpenSSH.

Next, let's assume that there exists a roaming host "remote", which is connected to the Internet on a dial-up connection and is outside the firewall...but desperately needs to get inside so that its owner can access the corporate intranet.

With port forwarding, accomplishing this is fairly simple. First, an SSH connection should be established between "medusa" and "www", which are on opposite sides of the firewall, and then an arbitrary port (say, 8080) on "medusa" should be forwarded to port 80 (the Web server port) on "www".
[me@www] $ /usr/local/ssh/bin/ssh -R 8080:www:80 medusa
Since "medusa" is outside the firewall, it can accept connections from the external host "remote" on port 8080. These connections are then forwarded through the secure tunnel to port 80 on "www", and the resulting Web pages transmitted back to "remote" via the reverse route. The end result: the roaming user can gain access to a server inside the corporate firewall without compromising the security of the system.

>>> More Site Administration Articles          >>> More By icarus, (c) Melonfire

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort


- Coding: Not Just for Developers
- To Support or Not Support IE?
- Administration: Networking OSX and Win 7
- DotNetNuke Gets Social
- Integrating MailChimp with Joomla: Creating ...
- Integrating MailChimp with Joomla: List Mana...
- Integrating MailChimp with Joomla: Building ...
- Integrating MailChimp with Joomla
- More Top WordPress Plugins for Social Media
- Optimizing Security: SSH Public Key Authenti...
- Patches and Rejects in Software Configuratio...
- Configuring a CVS Server
- Managing Code and Teams for Cross-Platform S...
- Software Configuration Management
- Back Up a Joomla Site with Akeeba Backup

Developer Shed Affiliates


Dev Shed Tutorial Topics: