Dimas Maulana
Dimas Maulana

SSH Tunneling Made Easy

Dimas Maulana Development
 

By Frank Wiles

Setting up a simple SSH tunnel can be incredibly useful, yet finding a straightforward guide can be surprisingly challenging. In this Quick-Tip, I’ll walk you through the process using OpenSSH on a Linux/Unix system. With SSH tunneling, you can securely route all your local traffic through a remote server where you have an account.

One common use case for SSH tunneling is redirecting outbound email traffic to a personal server. This can help you avoid the hassle of changing SMTP servers, dealing with SMTP-AUTH, and other complications when you’re behind firewalls. Hotel firewalls, wireless access points, and various NATing devices you encounter while traveling don’t always cooperate. Here’s how to do it:

1

ssh -f [email protected] -L 2000:personal-server.com:25 -N

Let’s break down this command:

  • -f: This flag instructs SSH to go into the background just before executing the command.
  • [email protected]: Replace this with your username and the address of your personal server.
  • -L 2000:personal-server.com:25: This part specifies the tunnel. It’s in the format -L local-port:host:remote-port. In this case, it forwards local port 2000 to port 25 on personal-server.com. And yes, it’s all encrypted!
  • -N: This tells OpenSSH not to execute a command on the remote system.

Now, you can configure your email client to use localhost:2000 as the SMTP server, and your email will be securely tunneled through your personal server.

SSH tunneling isn’t just for email; it’s a versatile tool. You can also use it to bypass restrictive firewall rules. For instance, if you encounter a firewall that doesn’t allow outbound Jabber protocol traffic to talk.google.com, you can work around it with this command:

1

ssh -f -L 3000:talk.google.com:5222 home -N

Here’s what’s happening:

  • -f: As before, this puts SSH in the background.
  • -L 3000:talk.google.com:5222: This sets up the tunnel, redirecting traffic from local port 3000 to talk.google.com on port 5222.
  • home: This is just an SSH alias for your server at home.

Afterward, configure your Jabber client to use localhost as the server and port 3000, which you’ve just configured. Now, your Google Talk traffic will be encrypted and routed through your home server before reaching Google.

SSH tunneling can be a lifesaver when dealing with network restrictions, ensuring your data remains secure while passing through various networks. Remember, with these techniques, you have the power to keep your online activities private and unrestricted.

Updated on 06-04-2015 
Back | Home
0%