SSH proxies and tunnels

SSH is a fantastic tool. Imagine you have a server at work (server.mywork.com) that you can SSH into, but you have no other access to your company network. Try the following SSH tricks:

ssh -D 9999 me@server.mywork.com

Opens a SOCKS proxy. If you tell your browser to use localhost:9999 as SOCKS proxy, you can now browse your companies internal web pages.

ssh -L 2222:internalserver.intranet:22 me@server.mywork.com

Now you can do ssh to localhost, port 2222, and that will log you on to internalserver, even if internalserver is only accessible from server, not from where your computer is now. Port 2222 on home computer is forwarded to port 22 on internalserver. This works with any other port/protocol (IMAP, OpenVPN, HTTP).

Now imagine you cant SSH to any computer at your work, but you can do SSH out of work, to your home computer. Then you can try (at work):

ssh -R 2222:localhost:22 me@myhome.com

Now, if you ssh to myhome.com:2222, it will take you to your computer at work. Port 2222 on myhome.com is forwarded to port 22 on work computer.

Finally, to keep that last connection up, there is a clever program named autossh, which automatically reconnects if needed.

Dont break any company policies!

Leave a Comment


NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Time limit is exhausted. Please reload CAPTCHA.

This site uses Akismet to reduce spam. Learn how your comment data is processed.