Page 8 - Secure Tunnelling with SSH

Dev Shed Forums

Administration
Apache
BrainDump
DHTML
Flash
Java
JavaScript
Multimedia
MySQL
Oracle
Perl
PHP
Practices
Python
Reviews
Security
Style-Sheets
Web Services
XML
Zend
Zope

Forums Sitemap
IBM® developerWorks

Dedicated Servers
E-Commerce Hosting
Linux Web Hosting
Managed Hosting
Small Business Hosting
Download TestComplete
VPS Hosting

Weekly Newsletter
Developer Updates
Free Website Content

Articles

Forums

All Feeds

Write For Us Get Paid

Request Media Kit

Site Map

Privacy Policy
Support

USERNAME

PASSWORD

>>> SIGN UP!

Lost Password?

ADMINISTRATION

RSS

Secure Tunnelling with SSH

By: icarus, (c) Melonfire	Search For More Articles! Disclaimer Author Terms
Rating: / 27
2003-04-02

Table of Contents:

Secure Tunnelling with SSH

Kicking The Tyres

Test Drive

Et Tu, Brute?

No Forwarding Address

	ADD THIS ARTICLE TO:
	Del.ici.ous	Digg
	Blink	Simpy
	Google	Spurl
	Y! MyWeb	Furl

Email Me Similar Content When Posted

Add Developer Shed Article Feed To Your Site

Email Article To Friend

Print Version Of Article

PDF Version Of Article

ADVERTISEMENT

Dell PowerEdge Servers

Secure Tunnelling with SSH - In And Out
(Page 8 of 9 )

Port forwarding comes in handy when dealing with firewalls as well. By creating a secure channel between two hosts, each on different sides of a firewall, SSH makes it possible for any computer outside the firewall to connect to any computer inside it.

The most common scenario here is when roaming users need to connect to their intranet Web server, which is protected behind a corporate firewall, from an external location. A direct connection in such cases is not possible - the firewall will reject all requests coming from outside the local network. SSH can play an important role here.

Let's consider an example, to better understand how this could work. Let's assume that the corporate Web server is running on a machine named "www", inside the firewall, and that there exists a machine named "medusa" on the same physical network, but outside the firewall. We can also assume that both "medusa" and "www" are running OpenSSH.

Next, let's assume that there exists a roaming host "remote", which is connected to the Internet on a dial-up connection and is outside the firewall...but desperately needs to get inside so that its owner can access the corporate intranet.

With port forwarding, accomplishing this is fairly simple. First, an SSH connection should be established between "medusa" and "www", which are on opposite sides of the firewall, and then an arbitrary port (say, 8080) on "medusa" should be forwarded to port 80 (the Web server port) on "www".

[me@www] $ /usr/local/ssh/bin/ssh -R 8080:www:80 medusa

Since "medusa" is outside the firewall, it can accept connections from the external host "remote" on port 8080. These connections are then forwarded through the secure tunnel to port 80 on "www", and the resulting Web pages transmitted back to "remote" via the reverse route. The end result: the roaming user can gain access to a server inside the corporate firewall without compromising the security of the system.

Next: Log Out >>

More Administration Articles
More By icarus, (c) Melonfire

Comments On: Secure Tunnelling with SSH

>>> Be the FIRST to comment on this article!

ADMINISTRATION ARTICLES

- Configuring Load-Balanced Clusters
- Load-Balanced Clusters
- UNIX Time Format Demystified
- Making Changes in the CVS
- Building Your First CVS Repository
- CVS Quickstart Guide
- Authorizing Users in Samba
- Handling User Accounts in Samba
- Authentication in Samba
- Accounts, Authentication, and Authorization
- Advanced Concepts on Dealing with Files and ...
- Dealing with Files and Filesystems
- More Hacks for the User Environment in BSD
- Personalizing the User Environment in BSD
- Customizing the User Environment in BSD
Find More Administration Articles

Accelerating Trading Partner Performance

Competing on Analytics

Cost Effective Scaling with Virtualization and Coyote Point Systems

Five Checkpoints to Implementing IP Telephony

Hosted Email Security: Staying Ahead of New Threats