petes-brain

Pocket Full of SSH Forwarding Tricks November 5, 2014

SSH makes a great ad-hoc VPN/SOCKS-Proxy depending on your needs. A couple of times now I’ve lost my .bash_profile file and had to look all of this up. I’m writing this down here so that I don’t loose it again.

SSH with a SOCKS Proxy

You can forward any port across an ssh connection by running

 pete$ ssh -D 56789 pete@remoteserver.awesome.com

This takes any traffic that you send at port 56789 on your local system and kicks it out the front door from remoteserver.awesome.com. Once authenticated, you can use a SOCKS 5 proxy plugin like foxy-proxy. Point the SOCKS 5 proxy to 127.0.0.1 and use the port you defined with the -D option.

This is a handy way to do an end run around DNS based web filters like OpenDNS.

SSH Through a Bastion Host

Ever needed to connect to an SSH host through an intermediary? Here’s an article that I eventually find every time I loos my .bash_profile. The solution:

 pete$ ssh -A -t pete@external.awesome.com \
ssh -A -t pete@internal.remoteserver.awesome.inside

Look kinda crazy? It is. Your just chaining ssh commands and using the -A option to kick off the next link (you can keep adding to the end of each). Crazy, yes. It also fits nicely as an alias directive in your .bash_profile.

SSH as VPN

Ever needed to touch a single service on a remote system that was not SSH? I use this to point SSH enabled text editors at internal SSH servers (tip courtesy of Fredrik Boström)

 pete$ ssh -L 9876:internal.awesome.inside:22 \
primary@external.awesome.com

When you run this and authenticate, it takes any connections to localhost:9876 and forwards them to internal.awesome.inside:22 all over your connection to external.awesome.com. For instance, once connected, I can tell Coda2 to use SSH to connect to locahost:9876 with credentials for ssh on internal.awesome.inside.


Categories Uncategorized

Leave a Reply