[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-developers] SSH Tunnelling (WAS: Re: Webmin)

Subject: [cobalt-developers] SSH Tunnelling (WAS: Re: Webmin)
From: Ted Behling <TBehling@xxxxxxxxxxxxx>
Date: Wed Aug 15 09:58:35 2001
List-id: Discussion Forum for developers on Sun Cobalt Networks products <cobalt-developers.list.cobalt.com>

At 06:32 PM 8/15/01 -0400, baltimoremd@xxxxxxxxxxxxxxx wrote:
>On Wed, 15 Aug 2001, Ted Behling wrote:
>
>> you need me to explain tunnelling, just ask.
>
>Please, I'd like to learn more about it.

Tunnelling a TCP connection over SSH works a lot like port forwarding.  In
fact, SSH calls it just that, but I find the name misleading.  FWIW, I
believe "tunneling" is a more correct term, as in the popular "stunnel"
program.

To set up SSH TCP Port Forwarding, you configure your SSH client to listen
on a port on your own computer and redirect connections to an arbitrary
destination host and port, relative to the SSH server.  If you set a
forwarding destination of "localhost", the server will connect to itself.
You don't have to do any additional server configuration to enable
forwarding, unless you've purposefully disabled it.

For example, use SSH if you want a secure POP connection but your e-mail
client and server don't support SSL natively.  Configure your SSH client's
"port forwarding" feature to listen on port 110 and send connections to
port 110 on localhost.  The first 110 refers to your own computer's port,
so you configure your e-mail client to use your own computer as the POP
server.  The SSH server will complete the connection to port 110 on its
localhost when you check your mail.

If you're tunnelling an HTTP connection (such as Webmin), point your
browser at http://localhost:1234, where 1234 is the local port you chose.
Webmin does support SSL connections (via Perl's Net:SSLeay module and
OpenSSH), but you can gain additional authentication by configuring the
Webmin server to accept connections only from localhost.  Webmin will see
the SSH-tunnelled connection as coming from localhost, since the SSH server
is acting as a proxy.

If you have SecureCRT, search its help for "port forwarding" to see some
neat diagrams about how it all works.

--------------------------------------------------------------------------
Ted Behling, Web Application Developer - Monarch Information Systems, Inc.

43 Folly Field Road, Unit 4, Hilton Head Island, SC 29928-5434
E-mail: mailto:TBehling@xxxxxxxxxxxxx
Phone/Fax: 1-800-842-7894    Local or Outside the USA: 1-843-842-7894
Cell Phone (urgent issues): 843-816-7895
Cell Phone E-mail: mailto:TedPhone@xxxxxxxxxxxxx (116 letter limit)
Web site: http://www.MonarchIS.net
--------------------------------------------------------------------------

Follow-Ups:
- Re: [cobalt-developers] SSH Tunnelling (WAS: Re: Webmin)
  - From: Jeff Lasman

References:
- Re: [cobalt-developers] Webmin
  - From: Ted Behling
- Re: [cobalt-developers] Webmin
  - From: baltimoremd

Prev by Date: [cobalt-developers] consoled on ttyS0??
Next by Date: Re: [cobalt-developers] no modversion.h?
Previous by thread: Re: [cobalt-developers] Webmin
Next by thread: Re: [cobalt-developers] SSH Tunnelling (WAS: Re: Webmin)

Sun Cobalt Developers Message Index

Sun Cobalt Developers Thread Index