Re: SSH and forwarding port

From: Felix Tiede (tiede_at_pc-tiede.de)
Date: 08/22/04 

Date: Sun, 22 Aug 2004 22:35:13 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Bruno Caruso wrote:
| Hi,
|
| I want to use SSH from my work desk to the client site for doing some
| diagnosis on electronic systems. The network will be like that:
| One PC at work desk with ssh client on private LAN. SSH client is configured
| for forwarding port 9000 for example (in fact, my diagnosis application). A
| firewall accept the outgoing connection by port 22.
|
| At the client site, one PC with SSH server. The connection to Internet will
| be by DSL link and some servers (diagnosis servers) will be connected on
| the Ethernet private network on site (by Ethernet connection on the SSH
| server PC).
|
| My question is this one:
|
| The final destination of the forwarding TCP frame is a diagnosis servers on
| client private LAN (for example address 10.0.1.1 on port 9000) through the
| PC with SSH server. When SSH server has decrypted the frame, what to do
| with this frame? Because I want that this frame arrive to the diagnosis
| servers. I don't know what to do exactly!.. Is the frame will be routed on
| the LAN by SSH server PC?
|
| Thank you for your help.
|
| Bruno

Yes.
By using the command
'ssh -L 9000:10.0.1.1:9000 <user>@<ssh-server-pc>'
the SSH server PC will forward the connection to IP 10.0.1.1. There is no
need for decryption on the diagnosis server. Also, this connection uses the
server port 22 which should be accepted by both firewalls.
Then you can use your diagnosis tool as if your client pc was this diagnosis
server. There's no need for further configuration of the SSH server PC, only
the diagnosis server must be allowed to accept connections from the SSH
server PC.

But remember:
This connection is encrypted only from your client PC to the SSH server PC,
there's no encryption between diagnosis server and SSH server PC.

Greetings,
Felix
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBKQOBDH+mFzdSOa0RAi+2AJ9cfGPd64pGzrQBEZ3YY6vnpglkEwCfeQ7v
FVni2cWvCGLFgVorfc3wXiM=
=MwJU
-----END PGP SIGNATURE-----

Relevant Pages

  • Re: Explanation of SSH
    ... I am still unclear on how SSH works exactly. ... Client issues SSH command and names server ... "Shopper" says "server sends back its public host and server keys ... Surely there is only one public key it sends ...
    (comp.security.ssh)
  • Re: ssh security question
    ... In my case - the client is a windows client and the ssh is embedded into the windows nx client. ... Is there any reason I can't run ssh-keygen on the server and copy the private key to the client - and the public key to the "authorised" directory? ... sniffer can catch your passwords, and it would make it trivial to log in ...
    (SSH)
  • Re: Publishing a SSH Server
    ... Your unix box cannot reply to SSH request, ... Create a client address set for your unix box (ip address from to are the ... Jim Harrison [ISA SE] ... In that case the server is a SecureNET client but still it doesn't work.... ...
    (microsoft.public.isa.publishing)
  • Re: FC6 VPN
    ... Then you can run any application you would like off the server by simply running it, or if you want to run a whole session, use gnomesession. ... ssh client that supports X forwarding, which is want you want to be looking at. ... SSH allows you to forward any local port to any remote port. ... If you need to connect to, say a windows share, you would forward your local port to the linux server through the ssh tunnel. ...
    (Fedora)
  • Re: Password less login between client & server, server & client
    ... password less logins on both the ssh client and ssh server. ... Login as the user that is making the connection. ...
    (comp.security.ssh)