5. Forwards
● Garden hose grappling hook
● Types
– Local - what you would like to be locally
available, from a remote host
– Remote - what you would like to be remotely
available, from a remote host
– Dynamic – application-level port forwarding
NoVAH! SSH tunnel-fu - vbatts 5
10. In Session
~# List forwarded connections
~C Open command line.
Primarily for -L, -R or -D and also
-KR[bind_address:]port
NoVAH! SSH tunnel-fu - vbatts 10
11. To loopback or not?
● the [bind_address] can be very handy
● default bind_address is 127.0.0.1 (localhost)
● ADVISORY: don't forget about your firewall configuration
● ADVISORY: privileged ports require root
● allows a local system to serve local traffic to a remote
destination
deez@lappy $> ssh -L0.0.0.0:3389:winderz.nuts.lan gateway.nuts.com
NoVAH! SSH tunnel-fu - vbatts 11
12. VIPs/multiple loopbacks
mostly Linux only ;) and requires a bit of root
● Use Case
– Saved sessions, configured for a specific hostname
and port
● ifconfig and /etc/hosts
● setup
deez@nuts #> ifconfig lo:0 127.0.0.2 netmask 255.255.254.0
● teardown
deez@nuts #> ifconfig lo:0 down
NoVAH! SSH tunnel-fu - vbatts 12
14. Configurations
● man page for ssh_config(5)
– ~/.ssh/config
– any file, then use the -f <file> approach
● ExitOnForwardFailure
– is nice when you have a host setup, only
needing to ensure forwards land properly
● Host and HostName
– convenient for saving a custom setup, in a
profile for a host
NoVAH! SSH tunnel-fu - vbatts 14
15. Proxying
● Privoxy
deez@lappy $> ssh -L8118:localhost:8118 myhome.dyndns.org
● DNS Leakage :(
– Frequent and common
– [insert tor here]
● The Onion Router and helpers like torsocks
allow anonymized, encrypted and DNS leak-
safe traffic for a host of applications
– https://www.torproject.org/
– http://torsocks.googlecode.com/
NoVAH! SSH tunnel-fu - vbatts 15
16. Links and such
● This talk
– http://slackware.com/~vbatts/things/20110314-NoVAH-ssh_tunnel_fu-vbatts.odp
● PuTTY
– http://www.chiark.greenend.org.uk/~sgtatham/putty/
● Linux shell for windows
– http://www.cygwin.com/
● RTFM
– http://www.linuxmanpages.com/
● TOR
– https://www.torproject.org/
– http://torsocks.googlecode.com/
NoVAH! SSH tunnel-fu - vbatts 16