So, an encrypted SSH tunnel is established between the source host and the SSH server. The destination host allows connections from the SSH server through the firewall, but the firewall does not allow connectionsįrom the source host. The destination host can be any type of serverĬonfigured to accept connections on a static port such as a POP3 email server, a web server, or even another SSH server. To the and then is forwarded to port on the after successfulĪuthentication for tunnel is established between the source host and the SSH server. The basic syntax is as follows: ssh -L :: a connection is made to port on the local system, the connection goes over an encrypted tunnel It can also be used to connect to a server behind a firewall. Port forwarding can be used to make an otherwise unencrypted connection secure byĮncrypting it via ssh. In addition to X11 forwarding, ssh can also be used to forward connections from one port to another, otherwise Of OpenSSH support sftp, which works like FTP and uses SSH without the difficulty of portįorwarding and passive mode. For FTP, be sure to use passiveįTP, because active FTP opens a second connection that will not be forwarded via the SSH port forwarding. The client server to use the local system and the appropriate port on your local system. That method works very nicely for most protocols, including POP3, HTTP, and IMAP, just so long as you're able to tell Over the SSH connection to port 110 on the remote side, thus allowing you to safely retrieve your mail. (Port 110 is the standard POP3 port.) So you log in to the mail server, and then anything on local port 2048 is sent That tells SSH to forward the local port 2048 to 's portġ10. The connection, and -f tells SSH to go into the background once you've authenticated your connection.Įntered your passphrase (or once ssh-agent has authenticated you), you won't need to type more. What's happening here? Option -N tells SSH that you're not interested in running a command on the remote system, only in forwarding Then you can run the following command: ssh -N -f -L 2048::110 you'll be able to connect securely. To connect POP3 to port 2048 on localhost (that is, your workstation). Configure your mail client (such as Netscape) Let's pick an arbitrary port, such as 2048. You therefore wish to forward a port on your workstation
Maybe you read mail on a server that you canĪlso SSH into, and POP3 mail is running while secure POP3 is not. Perhaps even more interesting is SSH's ability to forward arbitrary ports. Without compression, it is rather painful,Īnd I would certainly not recommend running any complex X application on less than 10 Mb. Recent versions of OpenSSH), Netscape is just about usable over a 10-Mb network. With compression on and a fast cipher such as blowfish (the default for When using X, I always make sure to turn compression on with the -C option ( Compression yes in the config file),Īs X is bandwidth-intensive, to put it politely. Yes in the appropriate config files, and run your X application from the remote system's command prompt. You just need to connect SSH using the -X option, or set ForwardX11 Nobody likes messing with the DISPLAY variable, Magic Cookies, or any other part of remote Not only can SSH forward your authentication requests, but it can forward your X Window System traffic as well.Īnd SSH not only forwards the traffic, but also automatically sets X's DISPLAY variable on the remote system, thus simplifying (slightly skeptical) Educational society promoting " Back to basics" movement against IT overcomplexity Softpanorama May the source be with you, but remember the KISS principle -)