summaryrefslogtreecommitdiff
path: root/src/SSH_Tunnel_Forwarding.adoc
diff options
context:
space:
mode:
Diffstat (limited to 'src/SSH_Tunnel_Forwarding.adoc')
-rw-r--r--src/SSH_Tunnel_Forwarding.adoc73
1 files changed, 73 insertions, 0 deletions
diff --git a/src/SSH_Tunnel_Forwarding.adoc b/src/SSH_Tunnel_Forwarding.adoc
new file mode 100644
index 0000000..171262d
--- /dev/null
+++ b/src/SSH_Tunnel_Forwarding.adoc
@@ -0,0 +1,73 @@
+SSH Tunnel Forwarding
+=====================
+:author: Aaron Ball
+:email: nullspoon@iohq.net
+
+== {doctitle}
+
+Yesterday, I had an idea that remarkably enough, actually worked (go figure,
+huh). I have a few friends who use Linux on their desktops but aren't quite
+Linux gurus (but who am I kidding, neither am I as evidenced by this post).
+Don't get me wrong of course, I'm super proud to have friends that aren't IT
+people but use Linux on their desktops. That speaks a lot to the quality of
+the work the Linux community has produced.
+
+Despite the whole Linux thing, they still occasionally have issues and call me
+for help. Most of the time, I just need GUI access to troubleshoot router
+issues on their side or something like that. Now, telling someone how to port
+forward and open up firewall ports on a router you don't know just so you can
+directly connect to their laptop/desktop through ssh can be really painful over
+the phone most of the time.
+
+
+[[enter-the-brick-that-hit-me-in-the-head-yesterday...]]
+== Enter the brick that hit me in the head yesterday...
+
+I was driving to lunch yesterday and began wondering if it would be possible to
+have two computers tunnel to a central server on the same port and in essence,
+forward traffic between the ports. As it turns out, this actually works (!!!),
+and it's really easy too.
+
+So, for our example we'll have three computers Me, Nexus, and Douglas (you know
+who you are). Nexus is our central server that's accepting ssh connections and
+Douglas is my friend that needs help. It doesn't matter which order these
+connections need to be made in. Additionally, we're going to assume that our
+friend's vnc server is set up and listening on 5901.
+
+First (not really), you need to connect to the central server
+(nexus.example.com for our example). To do this, open a terminal and type
+
+----
+ssh -L 5901:localhost:5901 me@nexus.example.com
+----
+
+Second (again, not really), our good friend Douglas needs to connect to the
+nexus as well. To do that, he needs to open a *reverse* tunnel to the nexus
+using the following command:
+
+----
+ssh -R 5901:localhost:5901 douglas@nexus.example.com
+----
+
+Open your VNC client and connect to localhost:5901 and you should be golden!
+
+Please take note of the differences in the two commands we just used. The only
+difference (aside from the usernames) is the switch used for the tunnel. The
+*-L* establishes a standard tunnel and the *-R* establishes a reverse tunnel,
+which allows the traffic to be forwarded to another tunnel connected on the
+same port.
+
+There is one security issue with this that could potentially cause you grief if
+you don't own the central server. If you don't own the box exclusively, other
+users on the box could also connect to the reverse tunnel. If you do own the
+box though, this shouldn't be an issue for you.
+
+_Insert clever post ending here_
+
+
+Category:SSH
+Category:VNC
+Category:Linux
+
+
+// vim: set syntax=asciidoc:

Generated by cgit