http://wiki.breedveld.net/index.php?action=history&feed=atom&title=SSH_TunnelingSSH Tunneling - Revision history2026-04-17T00:36:56ZRevision history for this page on the wikiMediaWiki 1.44.2http://wiki.breedveld.net/index.php?title=SSH_Tunneling&diff=2103&oldid=prevRoland: Protected "SSH Tunneling" [edit=autoconfirmed:move=autoconfirmed]2009-07-03T15:20:23Z<p>Protected "<a href="/index.php/SSH_Tunneling" title="SSH Tunneling">SSH Tunneling</a>" [edit=autoconfirmed:move=autoconfirmed]</p>
<p><b>New page</b></p><div>There are 2 types of ssh tunnels, Forward and Reverse:<br />
<br />
example for ssh tunneling on the ftp-port to your home server, for imap-mail, vnc and internet proxy:<br />
<br />
If you like, it is easier to distibute a public key, so you can automate these commands.<br />
<br />
while many company's have limitted internet access for ssh, you will run a daemmon on a different free port.<br />
e.g. 21 (ftp) 443 (htps) or 8080<br />
<br />
at home start a ssh daemon running on the ftp port 21<br />
/usr/sbin/sshd -p 21<br />
you can add this in your /etc/rc.local<br />
<br />
from your client run:<br />
ssh -C -g -L6001:<vncserver>:5901<br />
-L6002:<mailserver>:143 \<br />
-L6003:<proxyserver>:3128 \<br />
-p 21 \<br />
user@<home-server><br />
Options:<br />
-C will compress the traffic (very handy for VNC connections)<br />
-g will access other pc's at home to connect to the tunnel on your server<br />
other options are:<br />
-n will not return your session to your prompt and redirect everything to /dev/null<br />
-X will forward a tunnel for X sessions<br />
for more options see the ssh manpage<br />
<br />
it will be nice to create a dedicated user on your home-server.<br />
On your client you should configure your imap-mail with port 6002, e.g.<br />
<br />
If you want to connect from the outside to an internal server which is not accessible from the outsite, you will setup a reverse tunnel:<br />
you run this on a server which can connect both to (example) a vnc service on another server and to the internet.<br />
ssh -C -g -R6001:<vncserver>:5901 \<br />
-p 21 \<br />
user@<home-server><br />
At home you start a VNC sesion to your server:1 (5901), it will connect through the tunnel to the vnc-session of the server on the internal network.<br />
<br />
If the connection drops the tunnes is gone, so you write a little loop around it:<br />
#!/bin/bash<br />
while true<br />
do<br />
ssh -C -g -R6001:<vncserver>:5901 \<br />
-p 21 \<br />
user@<home-server><br />
sleep 10<br />
done<br />
In this situation you can remote force a reconnect by killing the incomming ssh session on your home-server:<br />
pkill -u <user><br />
in this case it is easier to create a dedicated ssh user on your home-server.<br />
<br />
For Gnome users the is a verry nice GUI called gSTM:<br><br />
[[Image:gstm.jpg]]</div>Roland