Friday, October 03, 2008

port forwarding using ssh

note to self

ssh can be used in the below way to forward traffic over a secure channel, to make otherwise un-secure ( plain ) traffic to be encrypted.

ssh access to the destination sever is required for this to work.

For an example, to secure POP3 communications with a mail server at a.b.c.d one can do something like below on their local machine.

ssh -N -f -L 127.0.0.1:1100:a.b.c.d:110 user@a.b.c.d

-f is to put the connection to the background
-N to wait infinitely for incoming connections
-L binds the tunnel to the specified port ( 1100 in this case )

this will create a ssh tunnel bound to the local port 1100 with port 110 of a.b.c.d
@a.b.c.d performs the authentication via ssh with the a.b.c.d

once this is done, the POP client can be re-configured to talk to local port 1100. ssh will happily encrypt and decrypt what you put in the tunnel from the end-points. This mechanism can be used to secure systems that are not built with such capabilities.

when you want to stop the tunnel, you can simply use "kill"

--

FAQ at www.openssh.com was quite helpful in figuring this out. thanks bud for pointing out such things can be easily done with ssh. :)

No comments: