[NCLUG] ssh question

Brett Johnson brett at hp.com
Mon Oct 6 16:12:55 MDT 2008 

On Mon, 2008-10-06 at 12:38 -0600, Jim Hutchinson wrote:
> Normally I pick a random port for a socks proxy in firefox like
> port 8080.

Why pick a random port?  Port 1080 is the "standard" socks proxy port
(grep socks /etc/services).  Anyway...

>  The command I use is
> 
> ssh -D 8080 -p 5151 user at ip_of_ssh_server
> 
> This does work. I can set up a socks proxy in firefox and as far as I can
> tell my web traffic is tunneled. However, there are times when I would
> prefer not to have traffic on a random port as that might alert the network
> police. A bunch of traffic on port 8080, for example, might look out of
> place.

Umm, so, in this case, nobody outside your localhost machine will see
any traffic on port 8080.  They'll only see traffic on port 5151 to your
home IP (the ssh tunnel).  I'm still not groking why you'd care about
this, but the port your sshd listens to is the only one that's going to
get any traffic in the scenario you've laid out so far..

>  It seems to me it would be possible to use port 443 for the tunnel
> and that would then cause all web traffic to look as if it's just normal
> encrypted SSL traffic

SSL != ssh, but that's a different discussion I suppose..

>  - or at least that is how I understand it. To do this
> I just change the command to
> 
> ssh -D 443 -p 5151 user at ip_of_ssh_server

Again, the only place you'll see traffic on port 443 in this case is on
localhost -- all the network traffic will be flowing through your ssh
tunnel to your home network, on port 5151.

> What I'm wondering is if it's actually doing what I think it's doing.
> Everything I read talks about having the ssh server listen on port 443

That's probably because in order to make it look like you're talking
over port 443 to an outside observer, that's the way you'd have to set
it up.

> Additionally, some people suggest using a command like
> 
> ssh user at IP -L 8080:localhost:80

This does not do the same thing at all.  "-D" actually sets up a pseudo
socks server in the sshd.  "-L" just forwards a port verbatim.

-- 
Brett Johnson <brett at hp.com>
 Irritated at Outlook's plain-text quoting?
 http://home.in.tum.de/~jain/software/outlook-quotefix/

More information about the NCLUG mailing list