Tunneling any stuff via ssh - SSH

This is a discussion on Tunneling any stuff via ssh - SSH ; Hello, how to use ssh as a general tunnel for other protocols? How can for example nntp be tunneled via ssh? For example rsync already has an option for using ssh, but how do I use it in my own ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: Tunneling any stuff via ssh

  1. Tunneling any stuff via ssh

    Hello,


    how to use ssh as a general tunnel for other
    protocols?

    How can for example nntp be tunneled via ssh?

    For example rsync already has an option for using ssh,
    but how do I use it in my own applications
    or via a telnet connection?

    TIA,
    Oliver

  2. Re: Tunneling any stuff via ssh

    Oliver Bandel wrote:
    > Hello,
    >
    >
    > how to use ssh as a general tunnel for other
    > protocols?
    >
    > How can for example nntp be tunneled via ssh?
    >
    > For example rsync already has an option for using ssh,
    > but how do I use it in my own applications
    > or via a telnet connection?
    >
    > TIA,
    > Oliver


    By port forwarding.

    If I want an encrypted telnet connection to server s1, I must first have
    an sshd server running on s1. Then I use an ssh client to forward or
    tunnel telnet (port 23 IIRC) over the ssh connection. Instead of
    connecting my telnet client directly to s1, I connect to port 23 on the
    local client machine, and it gets forwarded over the secure connection
    to the server. The commands would look something like this.

    ssh -NL 23:localhost:23 myuserid@s1 & # Runs in background
    telnet localhost

    This tells ssh to (-L) listen on local port 23, forward the connection
    to s1 via ssh, and from s1 connect to localhost port 23.

    I use this to access Verizon's news server from work. They only allow
    connections from machines on their network (like my home PC) so I
    forward port 119 through my home machine using "ssh -NL
    119:news.verizon.net:119 myuserid@myIP". I installed COPSSH on my
    Windows box at home to let me do this. Then on my work PC I just set the
    news server name to localhost instead of news.verizon.net and oila, I
    have a forwarded connection to my news server.

    One thing to remember that in this scenario (client -> home PC ->
    news.verizon.net) only the first leg of the connection is encrypted.

    --
    To reply by email remove "_nospam"

  3. Re: Tunneling any stuff via ssh

    Chuck wrote:

    [...]
    > One thing to remember that in this scenario (client -> home PC ->
    > news.verizon.net) only the first leg of the connection is encrypted.
    >



    can you explain what this means/whatyou mean here?

    Is only the login encrypted, but not the data?
    Or what means "only the first leg of the connection"?

    Ciao,
    Olivert

  4. Re: Tunneling any stuff via ssh

    On 2006-02-03, Oliver Bandel wrote:
    > Chuck wrote:
    >
    > [...]
    >> One thing to remember that in this scenario (client -> home PC ->
    >> news.verizon.net) only the first leg of the connection is encrypted.


    > can you explain what this means/whatyou mean here?
    >
    > Is only the login encrypted, but not the data?
    > Or what means "only the first leg of the connection"?


    The above results in 2 network connections.

    One is an encrypted SSH connection from client -> home PC
    which encapsulates inside it NNTP traffic.

    The other is plaintext from home PC -> news.verizon.net
    and carries NNTP. This one can not be encrypted without
    matching crypto support at both endpoints. We'll assume
    that you don't have a login on news.verizon.net to
    use in the style client -> news.verizon.net -> localhost .

    --
    Elvis Notargiacomo master AT barefaced DOT cheek
    http://www.notatla.org.uk/goen/
    Powergen write "Why not stay with us" - let me count the ways!

+ Reply to Thread