1 SSH Tunnel Forwarding
2 =====================
3 :author: Aaron Ball
4 :email: nullspoon@iohq.net
5
6 == {doctitle}
7
8 Yesterday, I had an idea that remarkably enough, actually worked (go figure,
9 huh). I have a few friends who use Linux on their desktops but aren't quite
10 Linux gurus (but who am I kidding, neither am I as evidenced by this post).
11 Don't get me wrong of course, I'm super proud to have friends that aren't IT
12 people but use Linux on their desktops. That speaks a lot to the quality of
13 the work the Linux community has produced.
14
15 Despite the whole Linux thing, they still occasionally have issues and call me
16 for help. Most of the time, I just need GUI access to troubleshoot router
17 issues on their side or something like that. Now, telling someone how to port
18 forward and open up firewall ports on a router you don't know just so you can
19 directly connect to their laptop/desktop through ssh can be really painful over
20 the phone most of the time.
21
22
23 [[enter-the-brick-that-hit-me-in-the-head-yesterday...]]
24 == Enter the brick that hit me in the head yesterday...
25
26 I was driving to lunch yesterday and began wondering if it would be possible to
27 have two computers tunnel to a central server on the same port and in essence,
28 forward traffic between the ports. As it turns out, this actually works (!!!),
29 and it's really easy too.
30
31 So, for our example we'll have three computers Me, Nexus, and Douglas (you know
32 who you are). Nexus is our central server that's accepting ssh connections and
33 Douglas is my friend that needs help. It doesn't matter which order these
34 connections need to be made in. Additionally, we're going to assume that our
35 friend's vnc server is set up and listening on 5901.
36
37 First (not really), you need to connect to the central server
38 (nexus.example.com for our example). To do this, open a terminal and type
39
40 ----
41 ssh -L 5901:localhost:5901 me@nexus.example.com
42 ----
43
44 Second (again, not really), our good friend Douglas needs to connect to the
45 nexus as well. To do that, he needs to open a *reverse* tunnel to the nexus
46 using the following command:
47
48 ----
49 ssh -R 5901:localhost:5901 douglas@nexus.example.com
50 ----
51
52 Open your VNC client and connect to localhost:5901 and you should be golden!
53
54 Please take note of the differences in the two commands we just used. The only
55 difference (aside from the usernames) is the switch used for the tunnel. The
56 *-L* establishes a standard tunnel and the *-R* establishes a reverse tunnel,
57 which allows the traffic to be forwarded to another tunnel connected on the
58 same port.
59
60 There is one security issue with this that could potentially cause you grief if
61 you don't own the central server. If you don't own the box exclusively, other
62 users on the box could also connect to the reverse tunnel. If you do own the
63 box though, this shouldn't be an issue for you.
64
65 _Insert clever post ending here_
66
67
68 Category:SSH
69 Category:VNC
70 Category:Linux
71
72
73 // vim: set syntax=asciidoc:
|
