What? SSH stuff AGAIN?!?!?

Date December 9, 2008

Apparently the SSH fiasco isn't done. I didn't believe it either, but there are still things that haven't been covered!

Daniel, at Bonetree Blog wrote an overview of a great tool to have in your toolbox: SSH tunnels. Completely aside from the inherent security that an SSH tunnel provides, I've got lots of random hardware (usually cheap routers, APs, and the like) that only want to allow an administrator to log in if the admin is on the same subnet that they are. That's a pain in the butt when you're a couple of states away! To remedy this, I connect to a server that IS on the same network as the device and I create an SSH tunnel through the server to get to the appliance. Daniel explains it better than I'm doing, and he actually uses it to make a SOCKS proxy. Just read his article.

  • Saint Aardvark

    Oh aye...at a previous job, we had some of our products (Linux and FreeBSD servers) at a customer's site. Outside access to their network was quite restricted: we had to use a Windows machine with a particular VPN client to connect. The VPN client wouldn't let you make changes to the routing table, so we couldn't just add a route for the remote machines that pointed to the Windows VPN client.

    We got around this by installing Cygwin (thank Gopod for that; it makes even Windows useful) and launching a couple of SSH processes after the VPN successfully connected. They were set to tunnel connections to certain ports on our side to port 22 on the various machines we had at the customer's site. SSH and Cygwin to the rescue!

    More recently, I was having to connect to Sun's ILOM server on a bunch of new servers that were in a machine room a few buildings away. For a while I was running SSH and forwarding the different ports as necessary, then pointing my browser and the remote console client at localhost. Had to give it up though, because it was a pain to connect to a different machine (close all the clients, stop SSH, do it again but pointing the endpoints to another IP address for half a dozen ports). OpenVPN did the trick quite nicely.

    Oh, and last stupid trick: at a hotel where Internet access is $10/day; they only block/redirect port 80 and 443; they don't block port 22; SSH home, install Squid, and point Firefox at that.

  • AJ

    I like that. I use SSH for logging into my server, etc. but hadn't thought of using SSH in that way before.

  • Ernie Oporto

    The free NX for Linux server combined with the free NX for Windows client from http://www.nomachine.com uses ssh to keep me connected offsite