Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
software:ssh [2010/03/08 23:12]
cyril created
software:ssh [2014/08/04 09:36] (current)
cyril [Complete Forwarding]
Line 3: Line 3:
 ===== Static Forwarding ===== ===== Static Forwarding =====
  
 +Local forwarding:
 <code> <code>
 ssh -L8021:<dist>:21 <host> ssh -L8021:<dist>:21 <host>
 +</code>
 +Remote forwarding (you need to set "GatewayPorts yes" in sshd_config if you want to access the port from other addresses than localhost, then "/etc/init.d/sshd reload"):
 +<code>
 +ssh -R8021:<dist>:21 <host>
 </code> </code>
  
 ===== Dynamic Forwarding ===== ===== Dynamic Forwarding =====
  
-Use another machine as a proxy.+Use another machine as a proxy, turning localhost into a SOCKS proxy, eg on port 8080:
  
 <code> <code>
-ssh -D8080 <host>+ssh [-fN] -D8080 <host>
 </code> </code>
  
-  * Firefox : Preferences | Advanced | Settings | Manual Proxy Configuration | SOCKS Host : localhost, Port : 8080 +It may be a good idea to open a ssh server on a web port (80/8080/443), because you will need to use this when you have a restricted connection, and port 22 may be forbidden as well (just add ''Port 22'' AND ''Port 80'' to sshd_config, or configure NAT port forwarding on your router, and then use ''ssh -p <port> <host>...''). 
-  * VLC : <code>vlc --host="localhost:8080"</code>+ 
 +Then configure your apps to use it: 
 +  * **Firefox** : Preferences | Advanced | Settings | Manual Proxy Configuration | SOCKS Host : localhost, Port : 8080 
 +  * **Firefox** : there are some add-ons like FoxyProxy to quickly switch between no proxy and different proxies 
 +  * **Thunderbird** : Preferences | Advanced | Network & Disk space | Settings | Manual Proxy Configuration | SOCKS Host : localhost, Port : 8080 
 +  * **VLC** ''vlc --socks="localhost:8080"'' 
 +  * **Pidgin** : Tools | Preferences | Proxy | Proxy type: SOCKS 4, Host: localhost, Port: 8080 
 +  * **ssh**, **git**, **sshfs**, **scp**, **rsync** : /etc/ssh_config <code> 
 +# just to prevent from trying to use the proxy when you want to establish the proxy: 
 +Host <host> 
 +    ProxyCommand socat STDIO TCP:%h:%p 
 +# for using the proxy for everything else: 
 +Host * 
 +    ProxyCommand socat STDIO SOCKS4:localhost:%h:%p,socksport=8080 
 +</code> 
 +  * **KDE apps** (Konqueror, but does not work with Kopete...) ~/.kde4/share/config/kioslaverc<code> 
 +[Proxy Settings] 
 +ProxyType=1 
 +socksProxy=socks://localhost:8080 
 +</code> 
 +  * **Applications that do not support use of a proxy**: configure tsocks in /etc/tsocks.conf:<code> 
 +server = localhost 
 +server_type = 5 
 +server_port = 8080 
 +</code> Then start your application with tsocks to force it to use the proxy:<code> 
 +tsocks <app-with-args> 
 +</code> 
 +You can do something similar and maybe more powerful with proxychains. 
 + 
 +RSYNC protocol proxy:<code> 
 +export RSYNC_CONNECT_PROG='ssh <host> nc %H 873' 
 +</code> 
 + 
 +===== Complete Forwarding ===== 
 + 
 +Forward all the traffic so you don't have to configure every application.
  
 +  * **VPN**: complicated to set up
 +  * **SShuttle**:<code>
 +sshuttle --dns -r <host> 0/0 -x 10.0.0.0/8
 +</code>0/0 is the forward mask (everything), -x is the exclude mask (local network), --dns forwards the DNS requests as well. See also option --no-latency-control for better bandwidth but higher latency, and "--python /usr/bin/python" if you get error message "P=python2: Command not found. P: Undefined variable.".
  
software/ssh.1268089947.txt.gz · Last modified: 2013/09/19 16:43 (external edit)
CC Attribution-Share Alike 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0