Forwards● Garden hose grappling hook● Types – Local - what you would like to be locally available, from a remote host – Remote - what you would like to be remotely available, from a remote host – Dynamic – application-level port forwarding NoVAH! SSH tunnel-fu - vbatts 5
In Session~# List forwarded connections~C Open command line. Primarily for -L, -R or -D and also -KR[bind_address:]port NoVAH! SSH tunnel-fu - vbatts 10
To loopback or not?● the [bind_address] can be very handy● default bind_address is 127.0.0.1 (localhost)● ADVISORY: dont forget about your firewall configuration● ADVISORY: privileged ports require root● allows a local system to serve local traffic to a remote destination deez@lappy $> ssh -L0.0.0.0:3389:winderz.nuts.lan gateway.nuts.com NoVAH! SSH tunnel-fu - vbatts 11
VIPs/multiple loopbacks mostly Linux only ;) and requires a bit of root● Use Case – Saved sessions, configured for a specific hostname and port● ifconfig and /etc/hosts● setup deez@nuts #> ifconfig lo:0 127.0.0.2 netmask 255.255.254.0● teardown deez@nuts #> ifconfig lo:0 down NoVAH! SSH tunnel-fu - vbatts 12
Configurations● man page for ssh_config(5) – ~/.ssh/config – any file, then use the -f <file> approach● ExitOnForwardFailure – is nice when you have a host setup, only needing to ensure forwards land properly● Host and HostName – convenient for saving a custom setup, in a profile for a host NoVAH! SSH tunnel-fu - vbatts 14
Proxying● Privoxy deez@lappy $> ssh -L8118:localhost:8118 myhome.dyndns.org● DNS Leakage :( – Frequent and common – [insert tor here] ● The Onion Router and helpers like torsocks allow anonymized, encrypted and DNS leak- safe traffic for a host of applications – https://www.torproject.org/ – http://torsocks.googlecode.com/ NoVAH! SSH tunnel-fu - vbatts 15
Links and such● This talk – http://slackware.com/~vbatts/things/20110314-NoVAH-ssh_tunnel_fu-vbatts.odp● PuTTY – http://www.chiark.greenend.org.uk/~sgtatham/putty/● Linux shell for windows – http://www.cygwin.com/● RTFM – http://www.linuxmanpages.com/● TOR – https://www.torproject.org/ – http://torsocks.googlecode.com/ NoVAH! SSH tunnel-fu - vbatts 16
A particular slide catching your eye?
Clipping is a handy way to collect important slides you want to go back to later.