ssh -L provides a remote service locally.
For example, if we wish to connect to www.google.com (port 80) but want it to appear as if the server is on the local machine you could do
ssh mylogin@localhost -L 80:google.com:80 -N -f
-N does no execute a remote command (the shell wont come up when you connect)
-f run as background process (drops you back to your local shell after connecting)
ssh -R brings a local service to another machine (an outside machine in this case)
This is the reverse of -L. After doing the above, we could connect like this to a remote machine running ssh and it could go to localhost:80 and see google.
ssh myremotemachine -l username -R 80:localhost:80 -N -f
Now a user of myremotemachine can connect to localhost in a webbrowser and see google. This is fairly pointless except if you have two networks in different places and want to have machines behind the gateways communicate with each other. It's sort of like vpn, but not. More specific.
As another example, we are behind a proxy and a machine on the local network is running a license server.
On the gateway machine on this network, we start ssh -L. (actually it does not have to be the gateway machine... you can use -o 'commands here' to go through a proxy server on the gateway machine if it exists).
ssh localhost -l username -L 5461:server.com:5461 -N -f
Now to provide this service outside is
ssh remotemachine -l username -R 5461:localhost:5461 -N -f
in /etc/ssh/sshd_config AllowTCPForwarding must be yes
After changing this you must do /etc/init.d/sshd restart
Posts
No comments:
Post a Comment