Friday, October 03, 2008

port forwarding using ssh

note to self ssh can be used in the below way to forward traffic over a secure channel, to make otherwise un-secure ( plain ) traffic to be encrypted. ssh access to the destination sever is required for this to work. For an example, to secure POP3 communications with a mail server at a.b.c.d one can do something like below on their local machine. ssh -N -f -L 127.0.0.1:1100:a.b.c.d:110 user@a.b.c.d -f is to put the connection to the background -N to wait infinitely for incoming connections -L binds the tunnel to the specified port ( 1100 in this case ) this will create a ssh tunnel bound to the local port 1100 with port 110 of a.b.c.d @a.b.c.d performs the authentication via ssh with the a.b.c.d once this is done, the POP client can be re-configured to talk to local port 1100. ssh will happily encrypt and decrypt what you put in the tunnel from the end-points. This mechanism can be used to secure systems that are not built with such capabilities. when you want to stop the tunnel, you can simply use "kill" -- FAQ at www.openssh.com was quite helpful in figuring this out. thanks bud for pointing out such things can be easily done with ssh. :)

No comments:

changing opnsense mtu

 note to self When an OpnSense is deployed on Proxmox environment where MTU is <1500, it doesn't seem to auto-detect and leaves the O...