Belgium
Aug - 07

28

Automating SSH Tunnel establishment from SSH config file

Posted in General, Linux on August 28th, 2007 by Nicolas

In order to setup an ssh tunnel between port 8080 on the local machine and port 80 on the SSH server, you can go and type:

ssh -L8080:localhost:80 machine.example.org -l yourUsernameAtMachineDOTexampleDOTorg

But if you follow the law of the least effort, you won’t want to type that in everytime you need to establish the tunnel, you would rather type:

ssh tunnelName

and have SSH do everything by itself for you! This can be acomplished by inserting the following lines in your ~/.ssh/config file.

Host tunnelName        
User yourUsernameAtMachineDOTexampleDOTorg        
Hostname machine.example.org        
GatewayPorts yes        
LocalForward 8080 localhost:80

Notice the GatewayPorts yes directive, this is optional for the tunnel to come up but allows you to use the tunnel from other machines than just the one that establishes it!

Tags: ,
Aug - 07

7

SSH to intranet hosts from outside – SSH gateway

Posted in General, Work on August 7th, 2007 by Nicolas

For some of the latest projects I’m working on, it is required that I quite frequently access various machines that are located behing a corporate firewall, on a privately adressed subnet inside a company.

One option I had but got fed up with quite fast was :

 outside$ ssh nicolas@gateway 
 gateway$ ssh root@box1 
 box1# 
or  
 ssh -t nicolas@gateway ssh root@box1

Once again, SSH came in handy and I found that everything was there for me to have that first hop and re-ssh done automatically. Just added the following to my ~/.ssh/config

 Host gateway       
 Hostname gateway.example.org       
 User nicolas 

 Host box1       
 Hostname 192.168.0.1       
 User root       
 ProxyCommand ssh gateway nc -w 1 %h 22

This, coupled to ssh’s passwordless authentication made my day a lot easier ;)

Tags: ,
Aug - 07

6

Auto SSH-Tunnel to a CVS repository with eclipse

Posted in Java & Eclipse, Work on August 6th, 2007 by Nicolas

Some of the software projects I’m involved in require access to a CVS repository which is behind a corporate firewall that will drop all incoming traffic which is not directed to a specific machine (the SSH server) on port 22. This situation made it hard to code from outside the organization’s network.

12

Some geekery would be to setup an SSH tunnel from the eclipse machine that would encrypt pserver while outside of the organization and forward it from the SSH server to the CVS server. This could be done by executing the following command:

ssh -L2401:cvs.example.org:2401 ssh.example.org

One would then configure eclipse to access the CVS repository located at localhost using pserver, ssh would do the rest.

This method is now “integrated” into eclipse. When going to File->New->Project->CVS->Project from CVS, you can now choose the pserverssh2 connection method.

You then have to fill the “Host” field using this syntax:

sshlogin@ssh.example.org#sshPort@cvs.example.org

or

sshlogin@ssh.example.org@cvs.example.org

if the ssh server listens on the default port 22.

You then fill in the username and password with your pserver CVS’ credentials and you’re all set!

Enjoy!

Tags: