[NCLUG] ssh question
Jim Hutchinson
jim at ubuntu-rocks.org
Mon Oct 6 12:38:32 MDT 2008
I'm wondering if any of the tech gurus on this list can help me with an ssh
question. First, some background. I'm running an ssh sever at home. It
listens on port 5151. I would like to be able to tunnel web traffic over the
ssh connection for security when using open networks. I think I know how to
do this. Normally I pick a random port for a socks proxy in firefox like
port 8080. The command I use is
ssh -D 8080 -p 5151 user at ip_of_ssh_server
This does work. I can set up a socks proxy in firefox and as far as I can
tell my web traffic is tunneled. However, there are times when I would
prefer not to have traffic on a random port as that might alert the network
police. A bunch of traffic on port 8080, for example, might look out of
place. It seems to me it would be possible to use port 443 for the tunnel
and that would then cause all web traffic to look as if it's just normal
encrypted SSL traffic - or at least that is how I understand it. To do this
I just change the command to
ssh -D 443 -p 5151 user at ip_of_ssh_server
As root of course for ports under 1024. This too seems to work. Going to a
"what's my IP" type site tells me my IP is my ssh server IP and not the IP
of the network I'm actually on.
What I'm wondering is if it's actually doing what I think it's doing.
Everything I read talks about having the ssh server listen on port 443
rather than forwarding that port but when I tried that nothing worked (i.e.
connection just timed out and didn't connect). Does it matter what port the
ssh server listens on (assuming you don't use a port that is used for
something else)? Under what scenario would you want to have the ssh server
listen on port 443? The only thing I can think of is if your work or
whatever blocks all ports but 80 and 443 and there is no way to ssh out on a
random port like 5151. Is that accurate?
Additionally, some people suggest using a command like
ssh user at IP -L 8080:localhost:80
Or something similar. I find this syntax much more confusing that a simple
-D switch. Is there a solution for setting up a socks proxy that uses the -L
(or -R) options or is this a different use? Is there any reason that would
be better than the way I'm doing it above (i.e. ssh -D 443 -p 5151
user at ip_of_ssh_server).
Hope that makes sense to someone. Thanks in advance for any help.
--
Jim (Ubuntu geek extraordinaire)
----
Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html
More information about the NCLUG
mailing list