The only firewall port you'll ever need opened - PORT 22
SSH Tunneling/Port Forwarding
Pre requisites:
1. Putty (or an equally good ssh client that allows creation of ssh tunnels)
2. Xming (X Server)
3. root access to the ssh server (if you need to modify the /etc/ssh/sshd_config) file
On the server:
Edit /etc/ssh/sshd_config and confirm that the configuration is as below:
AllowTcpForwarding yes X11Forwarding yes X11DisplayOffset 10 X11UseLocalhost yes |
Close the file and execute the following command (if you’ve changed the file)
$ svcadm restart ssh
SSH Tunneling is a feature that lets you create 'tunnels of TCP traffic' from the client through to the ssh server over your SSH connection.
See the diagram below:
You can create as many 'tunnels' as you like from the client. All you need to create this tunnel is:
1. The local port -> Local end of the tunnel
2. The remote host and port -> Location where you want your TCP packets to finally reach.
Note: The remote end of the tunnel is the SSH server. This implies that your communication channel is encrypted only from your client to your SSH server (which shouldn't be a problem if your SSH server and the servers you want to finally connect to are all on the same trusted network)
Now for some fun:
RDP Tunneling
Lets say you want to access the machine running XP using windows using Remote Desktop client from your local machine that's outside the firewall.
Step 1: CREATE THE TUNNEL
The general syntax is:
D:\>putty –L [local port]:[remote machine]:[remote port] [ssh server]
a. Choose a local port say 30001, for the local end of the tunnel. See that it is not already in use.
b. Execute the command to create the tunnel:
D:\>putty –L 30001:mymac:3389 mysshserver
Enter the username and password in the putty window that pops up.
You're done! You now have an encrypted tunnel from your machine to the ssh server to send tcp packets to the remote machine.
Step 2: USE THE TUNNEL
a. Connect to the remote machine from the local end of the tunnel :
D:\>mstsc –v localhost:30001
If you want to be extra naughty, you can even share you local disk drives with the remote computer ? like so:
X11 forwarding
If you want to do X11 forwarding, its really very simple.
Just ensure that the login on the ssh server doesnt have the DISPLAY environment set (in the .login/.bashrc_profile)
After that you'll need to do the following:
Now, start XMing on your desktop, open the putty session, login and type the following:
$ xclock &
You should see the XWindow pop up on your desktop.
0 comments:
Post a Comment