 |
VOOZH | about |
|
VOOZH | about |
We’re so glad you’re here. You can expect all the best TNS content to arrive Monday through Friday to keep you on top of the news and at the top of your game.
Check your inbox for a confirmation email where you can adjust your preferences and even join additional groups.
Follow TNS on your favorite social media networks.
Become a TNS follower on LinkedIn.
Check out the latest featured and trending stories while you wait for your first TNS newsletter.
Secure Shell (SSH) has several really cool tricks up its sleeve, each of which offers a handy feature (wrapped in a comforting blanket of security) to help make your life a bit easier.
Last week, we discussed key authentication with SSH; this week we will talk about port forwarding, which can be used to:
There are three different types of SSH port forwarding. They are local (connections from a client are forwarded, via SSH, to a remote host), remote (connections from a remote server are forwarded, via SSH, to another machine), and dynamic (connections from different applications are forwarded, via SSH, to several servers).
There are many examples of port forwarding, some of which can get rather complicated. Because of this, we’re only going to deal with the first two types of port forwarding here (local and remote). These are also the types of SSH port forwarding that you’ll use the most.
SSH port forwarding is built into SSH by default, so as long as you have SSH installed, you should have everything you need to work with this feature.
With that said, let me show you how SSH port forwarding works.
Your Linux distribution probably already has SSH installed. However, for port forwarding, you’ll want the SSH server added as well. For that, you can log into your Linux machine and install it on an Ubuntu-based distribution like so:
sudo apt-get install openssh-server -y
On a RHEL-based distribution, that command would be:
sudo dnf install openssh-server -y
Once the server is installed, start and enable it on an Ubuntu-based distribution with the command:
sudo systemctl enable --now ssh
On a RHEL-based distribution, the start/enable command is:
sudo systemctl enable --now sshd
The first type of port forwarding we’ll deal with is local. Let’s say you’re developing a new site and you want to be able to access it via an encrypted connection. This new site may be on your local network or on a remote server. Either way, you can connect to it using the remote SSH server from a local port to a remote port.
Let’s say you want to use local port 8080 and forward a connection IP address 192.168.1.11 port 80, via SSH. To do that, the command would be:
ssh -L 8080:192.168.1.11:80 localhost
You will be prompted for your local SSH user password and then will be returned to the command prompt. To verify the tunnel worked, open a web browser and point it to:
localhost:8080
The remote site (at 192.168.1.11) should appear in the web browser and is being tunneled via SSH encryption.
You can keep using the encrypted tunnel as long as you remain “logged in” from the terminal window. To close the encrypted tunnel, go back to the terminal window and type:
exit
You will probably find this type of port forwarding to be more useful because it can allow you to give others access to a remote machine, via an encrypted tunnel. Say, for instance, you have someone on your LAN who needs VNC access to a server with a GUI and you want to ensure that connection is encrypted for security purposes. This, of course, would require you have VNC set up properly on the server and a VNC viewer on a client machine.
For this example, we’ll stick with the 192.168.1.11 IP address for the remote machine and the client machine is at 192.168.1.21. You must have SSH access to the client machine as well.
Before you do this, however, you must take care of a simple SSH configuration. Open the SSH server configuration file with the command:
sudo nano /etc/ssh/sshd_config
Add the following line to the bottom of the file:
GatewayPorts yes
Save and close the file. Restart SSH with either:
sudo systemctl restart ssh
or
sudo systemctl restart sshd
Now, let’s create the remote tunnel. To create the tunnel for VNC (which runs on port 5900), run the following command on the remote server (which, for our example, is at 192.168.1.11):
ssh -R 5900:localhost:5900 USERNAME@192.168.1.21
Where USERNAME is a username on the client machine to which you have access. Once you authenticate that user, the SSH remote tunnel is up and running. The other user could then connect to the server, using a VNC client, with localhost and port 5900.
Remember, even when the remote user disconnects their VNC connection, the tunnel is still up and running. To close the tunnel, go back to the remote server’s terminal and type exit.
If you’re looking to create encrypted tunnels for various use cases, look no further than SSH. Once you get the hang of creating these tunnels, you’ll find they can be very useful in several different types of scenarios.
