SSH Tunneling
There are 2 types of ssh tunnels, Forward and Reverse:
example for ssh tunneling on the ftp-port to your home server, for imap-mail, vnc and internet proxy:
If you like, it is easier to distibute a public key, so you can automate these commands.
while many company's have limitted internet access for ssh, you will run a daemmon on a different free port. e.g. 21 (ftp) 443 (htps) or 8080
at home start a ssh daemon running on the ftp port 21
/usr/sbin/sshd -p 21
you can add this in your /etc/rc.local
from your client run:
ssh -C -g -L6001:<vncserver>:5901
-L6002:<mailserver>:143 \
-L6003:<proxyserver>:3128 \
-p 21 \
user@<home-server>
Options:
-C will compress the traffic (very handy for VNC connections) -g will access other pc's at home to connect to the tunnel on your server
other options are:
-n will not return your session to your prompt and redirect everything to /dev/null -X will forward a tunnel for X sessions
for more options see the ssh manpage
it will be nice to create a dedicated user on your home-server. On your client you should configure your imap-mail with port 6002, e.g.
If you want to connect from the outside to an internal server which is not accessible from the outsite, you will setup a reverse tunnel: you run this on a server which can connect both to (example) a vnc service on another server and to the internet.
ssh -C -g -R6001:<vncserver>:5901 \
-p 21 \
user@<home-server>
At home you start a VNC sesion to your server:1 (5901), it will connect through the tunnel to the vnc-session of the server on the internal network.
If the connection drops the tunnes is gone, so you write a little loop around it:
#!/bin/bash
while true
do
ssh -C -g -R6001:<vncserver>:5901 \
-p 21 \
user@<home-server>
sleep 10
done
In this situation you can remote force a reconnect by killing the incomming ssh session on your home-server:
pkill -u <user>
in this case it is easier to create a dedicated ssh user on your home-server.
For Gnome users the is a verry nice GUI called gSTM:
File:Gstm.jpg
