Tunneling any stuff via ssh

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

how to use ssh as a general tunnel for other

How can for example nntp be tunneled via ssh?

For example rsync already has an option for using ssh,
but how do I use it in my own applications
or via a telnet connection?


Re: Tunneling any stuff via ssh

Oliver Bandel wrote:
Quoted text here. Click to load it

By port forwarding.

If I want an encrypted telnet connection to server s1, I must first have
an sshd server running on s1. Then I use an ssh client to forward or
tunnel telnet (port 23 IIRC) over the ssh connection. Instead of
connecting my telnet client directly to s1, I connect to port 23 on the
local client machine, and it gets forwarded over the secure connection
to the server. The commands would look something like this.

ssh -NL 23:localhost:23 myuserid@s1 & # Runs in background
telnet localhost

This tells ssh to (-L) listen on local port 23, forward the connection
to s1 via ssh, and from s1 connect to localhost port 23.

I use this to access Verizon's news server from work. They only allow
connections from machines on their network (like my home PC) so I
forward port 119 through my home machine using "ssh -NL
119:news.verizon.net:119 myuserid@myIP". I installed COPSSH on my
Windows box at home to let me do this. Then on my work PC I just set the
news server name to localhost instead of news.verizon.net and oila, I
have a forwarded connection to my news server.

One thing to remember that in this scenario (client -> home PC ->
news.verizon.net) only the first leg of the connection is encrypted.

To reply by email remove "_nospam"

Re: Tunneling any stuff via ssh

Chuck wrote:

Quoted text here. Click to load it

can you explain what this means/whatyou mean here?

Is only the login encrypted, but not the data?
Or what means "only the first leg of the connection"?


Re: Tunneling any stuff via ssh

Quoted text here. Click to load it

The above results in 2 network connections.

One is an encrypted SSH connection from client -> home PC
which encapsulates inside it NNTP traffic.

The other is plaintext from home PC -> news.verizon.net
and carries NNTP.   This one can not be encrypted without
matching crypto support at both endpoints.  We'll assume
that you don't have a login on news.verizon.net to
use in the style   client -> news.verizon.net -> localhost  .

Elvis Notargiacomo  master AT barefaced DOT cheek
http://www.notatla.org.uk/goen /
    Powergen write "Why not stay with us" - let me count the ways!

Site Timeline