Friday, October 03, 2008

port forwarding using ssh

note to self

ssh can be used in the below way to forward traffic over a secure channel, to make otherwise un-secure ( plain ) traffic to be encrypted.

ssh access to the destination sever is required for this to work.

For an example, to secure POP3 communications with a mail server at a.b.c.d one can do something like below on their local machine.

ssh -N -f -L user@a.b.c.d

-f is to put the connection to the background
-N to wait infinitely for incoming connections
-L binds the tunnel to the specified port ( 1100 in this case )

this will create a ssh tunnel bound to the local port 1100 with port 110 of a.b.c.d
@a.b.c.d performs the authentication via ssh with the a.b.c.d

once this is done, the POP client can be re-configured to talk to local port 1100. ssh will happily encrypt and decrypt what you put in the tunnel from the end-points. This mechanism can be used to secure systems that are not built with such capabilities.

when you want to stop the tunnel, you can simply use "kill"


FAQ at was quite helpful in figuring this out. thanks bud for pointing out such things can be easily done with ssh. :)

No comments: