Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Wolfgang Meiners
October 18, 2005, 4:33 pm
rate this thread
i do not know very much about ssh and tunnelling up to now. But i try to
solve the following problem:
I have a desktop, a laptop and a router that points to the internet.
The desktop ist connected to the router via lan-cable, the laptop is
connected to the router via wlan.
Now i could connect from my laptop to the router via wlan for
router-administration, but this is not secure. Connecting from the
desktop via the lan-cable seems to be much more secure. Nevertheless,
sometimes i can not work on the desktop, since someone else works there.
Now, i could start a proxy-server on my desktop and build a tunnel from
the proxy-server port (80) to a local port on my laptop. I think, this
should work like
ssh -L 9080:desktop:80 -N user@desktop
and then, i connect to localhost:9080 on my laptop and there is a save
connection between my laptop and my desktop via the tunnel, while every
input to this tunnel is lead to the right point via the proxy-server. So
i can have a secure connection from the laptop to the router.
I did not run this up to now, because no proxy server is running on my
desktop. But i hope, this would work.
Nevertheless, i would like to know, if there is a way to achive the same
result without having a proxy-server to run on the desktop.
Thank you for every help
Yes. Two options:
laptop$ ssh -L9999:IP.OF.the.ROUTER:80 user@desktop
Here, traffic to the router would be in the clear over the wire
between the desktop and the router. That would work for you provided
the router only requires port 80 communication. I know mine starts
off there, but redirects in various ways to other ports so dynamic
port forwarding might be something you'd dig.
A general proxy is trivial to achieve though using ssh's dynamic port
forwarding option -D (see man page for details).
laptop$ ssh -D 9999 user@desktop
And you just set your laptop's web browser proxy options to use a
socks4 proxy at 127.0.0.1 port 9999 (or whatever port you choose
Web requests to any site you visit from the laptop (including
http://ip.of.router and https://ip.of.router ) will appear to originate
the desktop machine. The wireless hop of that request from your
laptop to your desktop will be in the ssh tunnel, and the dynamic port
forwarding magic of the desktop's ssh server will talk to your router
in the clear over port 80, (or ssl encrypted over 443 as called for by
the router's web admin tool), but that potentially unencrypted
communication will be over the wire between the desktop.
- » Can't Get Kerberos & ssh to forward authentication / tickets (ssh without entering passwor...
- — Previous thread in » Secure Shell Forum
- » ssh on command line: force using a group size (prime size) of 1024 (and no...
- — Newest thread in » Secure Shell Forum