SSH Tunneling

With ssh tunneling you can make a connection seem to originate from a machine that you are permitted ssh access. This is useful, for example, if you want to send mail via smtp.cs.uchicago.edu, but your ISP is blocking outgoing traffic to the SMTP port. The problem, stated generally, is as follows. You want to be able to send traffic to LocalPort on SourceNode, and have it tunneled through an ssh connection to ProxyNode, which would then forward the traffic to RemotePort on TargetNode. To accomplish that with OpenSSH, run this command on SourceNode:

ssh -fNL LocalPort:TargetNode:RemotePort ProxyNode

A specific version of that command that will allow you to send mail from any location through smtp.cs.uchicago.edu is:

ssh -fNL 2525:smtp.cs.uchicago.edu:25 username@classes.cs.uchicago.edu

You would then configure your mail client to send mail to localhost (that is, SourceNode) to port 2525. Port 2525 is chosen so that root level access is not required (root credentials are required to bind to ports lower than 1024).

Traffic is encrypted between SourceNode and ProxyNode, but not between ProxyNode and TargetNode. Thus, if you want to use ssh tunneling for confidentiality, ProxyNode should be the same as TargetNode.

Here are some detailed instructions for setting up specific ssh tunnels:

• Tunnel to MySQL on dbserver.cs from a Windows XP machine
• Tunnel to MySQL on dbserver.cs from a Linux or OS-X machine
• Tunnel to Sybase on sybase.cs from a Unix machine

[ About Us | Education | People | Research | Facilities & Computing | Search this site | View Page Source | Contact Us | Site Map | Login ]
©2012 The University of Chicago® The Department of Computer Science
1100 East 58th Street, Chicago, IL 60637 :: ph 773.702.6614 :: fax 773.702.8487