====== SSH ======

===== Static Forwarding =====

Local forwarding:
<code>
ssh -L8021:<dist>:21 <host>
</code>
Remote forwarding (you need to set "GatewayPorts yes" in sshd_config if you want to access the port from other addresses than localhost, then "/etc/init.d/sshd reload"):
<code>
ssh -R8021:<dist>:21 <host>
</code>

===== Dynamic Forwarding =====

Use another machine as a proxy, turning localhost into a SOCKS proxy, eg on port 8080:

<code>
ssh [-fN] -D8080 <host>
</code>

It may be a good idea to open a ssh server on a web port (80/8080/443), because you will need to use this when you have a restricted connection, and port 22 may be forbidden as well (just add ''Port 22'' AND ''Port 80'' to sshd_config, or configure NAT port forwarding on your router, and then use ''ssh -p <port> <host>...'').

Then configure your apps to use it:
  * **Firefox** : Preferences | Advanced | Settings | Manual Proxy Configuration | SOCKS Host : localhost, Port : 8080
  * **Firefox** : there are some add-ons like FoxyProxy to quickly switch between no proxy and different proxies
  * **Thunderbird** : Preferences | Advanced | Network & Disk space | Settings | Manual Proxy Configuration | SOCKS Host : localhost, Port : 8080
  * **VLC** : ''vlc --socks="localhost:8080"''
  * **Pidgin** : Tools | Preferences | Proxy | Proxy type: SOCKS 4, Host: localhost, Port: 8080
  * **ssh**, **git**, **sshfs**, **scp**, **rsync** : /etc/ssh_config <code>
# just to prevent from trying to use the proxy when you want to establish the proxy:
Host <host>
    ProxyCommand socat STDIO TCP:%h:%p
# for using the proxy for everything else:
Host *
    ProxyCommand socat STDIO SOCKS4:localhost:%h:%p,socksport=8080
</code>
  * **KDE apps** (Konqueror, but does not work with Kopete...) ~/.kde4/share/config/kioslaverc<code>
[Proxy Settings]
ProxyType=1
socksProxy=socks://localhost:8080
</code>
  * **Applications that do not support use of a proxy**: configure tsocks in /etc/tsocks.conf:<code>
server = localhost
server_type = 5
server_port = 8080
</code> Then start your application with tsocks to force it to use the proxy:<code>
tsocks <app-with-args>
</code>
You can do something similar and maybe more powerful with proxychains.

RSYNC protocol proxy:<code>
export RSYNC_CONNECT_PROG='ssh <host> nc %H 873'
</code>

===== Complete Forwarding =====

Forward all the traffic so you don't have to configure every application.

  * **VPN**: complicated to set up
  * **SShuttle**:<code>
sshuttle --dns -r <host> 0/0 -x 10.0.0.0/8
</code>0/0 is the forward mask (everything), -x is the exclude mask (local network), --dns forwards the DNS requests as well. See also option --no-latency-control for better bandwidth but higher latency, and "--python /usr/bin/python" if you get error message "P=python2: Command not found. P: Undefined variable.".