The Awesomeness of SSH Tunneling

I have to say it; SSH tunneling is freaking amazing. Here is a small list of some cool things you can do:

* SOCKS Tunneling (Dynamic)
* X-Forwarding
* Reverse Tunneling
* Local/remote Port Forwarding

Perhaps I'll talk about everything else later, but dynamic port forwarding through SSH is a very easy way to get a secure web connection to a remote server. Proxies can be a bit of a pain in the ass to configure; using SSH there is barely any configuration.

Here is an example:

ssh -D 5050 [email protected]

If you look at the man page it explains the -D flag and what it does:

 -D [bind_address:]port
         Specifies a local “dynamic” application-level port forwarding.
         This works by allocating a socket to listen to port on the local
         side, optionally bound to the specified bind_address.  Whenever a
         connection is made to this port, the connection is forwarded over
         the secure channel, and the application protocol is then used to
         determine where to connect to from the remote machine.  Currently
         the SOCKS4 and SOCKS5 protocols are supported, and ssh will act
         as a SOCKS server.  Only root can forward privileged ports.
         Dynamic port forwardings can also be specified in the configura‐
         tion file.

To use it, you just need to configure your favorite browser (I use Firefox) to use a SOCKS5 proxy running at localhost. Once you've done that, you have a nice and secure connection to any server that you would normally have access to through SSH.

Firefox + SOCKS5 -> =)

You can test this by turning off the proxy setting, checking your external IP address and then turning the proxy configuration back on. Awesome, right?? If I'm working on a remote server and I need access to some local resources there, this is also a very useful tool. I used to run a minecraft server and accessed my remote McMyAdmin web instance without exposing it to the internet.

Linux is awesome! (Sorry for you windows users D:)


Previous Next
« Making Your SSH Life Easier Don't Work Alone»