Differences

This shows you the differences between two versions of the page.

--- software:ssh [2010/03/08 23:12]
cyril created
+++ software:ssh [2014/08/04 09:36] (current)
cyril [Complete Forwarding]
@@ Line 3: / Line 3: @@
 ===== Static Forwarding =====
+Local forwarding:
 <code>
 ssh -L8021:<dist>:21 <host>
+</code>
+Remote forwarding (you need to set "GatewayPorts yes" in sshd_config if you want to access the port from other addresses than localhost, then "/etc/init.d/sshd reload"):
+<code>
+ssh -R8021:<dist>:21 <host>
 </code>
 ===== Dynamic Forwarding =====
-Use another machine as a proxy.
+Use another machine as a proxy, turning localhost into a SOCKS proxy, eg on port 8080:
 <code>
-ssh -D8080 <host>
+ssh [-fN] -D8080 <host>
 </code>
-  * Firefox : Preferences | Advanced | Settings | Manual Proxy Configuration | SOCKS Host : localhost, Port : 8080
+It may be a good idea to open a ssh server on a web port (80/8080/443), because you will need to use this when you have a restricted connection, and port 22 may be forbidden as well (just add ''Port 22'' AND ''Port 80'' to sshd_config, or configure NAT port forwarding on your router, and then use ''ssh -p <port> <host>...'').
-  * VLC : <code>vlc --host="localhost:8080"</code>
+Then configure your apps to use it:
+  * **Firefox** : Preferences | Advanced | Settings | Manual Proxy Configuration | SOCKS Host : localhost, Port : 8080
+  * **Firefox** : there are some add-ons like FoxyProxy to quickly switch between no proxy and different proxies
+  * **Thunderbird** : Preferences | Advanced | Network & Disk space | Settings | Manual Proxy Configuration | SOCKS Host : localhost, Port : 8080
+  * **VLC** : ''vlc --socks="localhost:8080"''
+  * **Pidgin** : Tools | Preferences | Proxy | Proxy type: SOCKS 4, Host: localhost, Port: 8080
+  * **ssh**, **git**, **sshfs**, **scp**, **rsync** : /etc/ssh_config <code>
+# just to prevent from trying to use the proxy when you want to establish the proxy:
+Host <host>
+    ProxyCommand socat STDIO TCP:%h:%p
+# for using the proxy for everything else:
+Host *
+    ProxyCommand socat STDIO SOCKS4:localhost:%h:%p,socksport=8080
+</code>
+  * **KDE apps** (Konqueror, but does not work with Kopete...) ~/.kde4/share/config/kioslaverc<code>
+[Proxy Settings]
+ProxyType=1
+socksProxy=socks://localhost:8080
+</code>
+  * **Applications that do not support use of a proxy**: configure tsocks in /etc/tsocks.conf:<code>
+server = localhost
+server_type = 5
+server_port = 8080
+</code> Then start your application with tsocks to force it to use the proxy:<code>
+tsocks <app-with-args>
+</code>
+You can do something similar and maybe more powerful with proxychains.
+RSYNC protocol proxy:<code>
+export RSYNC_CONNECT_PROG='ssh <host> nc %H 873'
+</code>
+===== Complete Forwarding =====
+Forward all the traffic so you don't have to configure every application.
+  * **VPN**: complicated to set up
+  * **SShuttle**:<code>
+sshuttle --dns -r <host> 0/0 -x 10.0.0.0/8
+</code>0/0 is the forward mask (everything), -x is the exclude mask (local network), --dns forwards the DNS requests as well. See also option --no-latency-control for better bandwidth but higher latency, and "--python /usr/bin/python" if you get error message "P=python2: Command not found. P: Undefined variable.".