SSH Tips and Tricks Part 1
SSH has a number of very useful features that aren't widely known about. In this part, we look at the structure of SSH connections, and how SSH can be used for carrying and proxying network connections.
SSH has a number of very useful features that aren't widely known about. In this part, we look at the structure of SSH connections, and how SSH can be used for carrying and proxying network connections. (Part 1 of 2, see part 2)
To most people, SSH is simply a secure form of Telnet. Most like that their usernames and passwords aren't sent in the clear. Many like that their session data is also encrypted. Few realise what else their SSH connection can carry, and hence what else SSH can do for them.
What most people don't realise is that SSH sessions have three distinct parts. One part handles the encryption of the whole sessions (including key exchange). Another part handles authentication. A third part handles connections within the session, including multiplexing mutliple connections into one session.
Connections
The connection within a session that most people are aware of is the "interactive login" connection. This is the "secure telnet" part, where you get to interact with the remote server in the usual manner.
If you happen to be connecting from a machine running an X server (eg Linux, OSX with X11 enabled), you may be aware of X11 forwarding. Through this, you can run X programs on the remote machine, and have them display locally (with the X11 traffic being carried over your SSH session). This all happens in parallel with your interactive session, and can be very useful.
Another thing that can be carried over your SSH session is network connections, and this is where the very cool stuff starts. There are three main types of forwarding: local to remote, remote to local, and Socks v4 (dynamic) proxying.
Local to Remote forwarding
With local to remote forwarding, a connection to your machine is forwarded to the remote machine, and made from there. This allows you to access network resources as if you where the remote machine. A common use is to forward your SMTP connections so you can send emails from your normal server (eg when connected to a network which blocks port 25), eg:
ssh -L 2525:mailserver.myoffice.com:25 login.myoffice.com
will send all connections to port 2525 on your local machine over the ssh link to login.myoffice.com, which will then connect them to port 25 of mailserver.myoffice.com.
Remote to Local forwarding
With remote to local forwarding, you invert the above. You allow people connecting to the remote machine to be connected through to something on your local machine, or its subnet. This allows you to build inverse VPNs, or to let people connect back through to your machine. A common use is to allow connections to a service on your machine, when you're behind a natting firewall:
ssh -g -R 2222:localhost:22 login.mycompany.com
This will mean that people connecting to port 2222 on login.mycompany.com will be connected to your local SSH server. (The -g allows everyone to access the forward, rather than just people on the machine)
Dynamic Socks v4 Proxying
With the Socks v4 (dynamic) proxying, you can make multiple connections to multiple machines (as opposed to multiple connections to a single machine+port, as with local-to-remote forwarding), as if you were the remote machine. This is done by ssh acting as a Socks v4 proxy on your local machine. One common use of this is to browse intranet resources - just configure your browser to use a Socks v4 proxy, and then all your web browsing will come from the remote machine.
ssh -D 1080 login.mycompany.com
Then configure your web browser for a Socks v4 proxy on localhost port 1080.
Putty
All the above can be done with putty too. Just see the Tunnels section (under Connection then SSH) of the configuration pane. Select the required type of forwarind, tap in the port, the destination hostname and port (not required for dynamic), and away you go.
