{ Berbagi, Menulis, Dan Mengajar } Ilmu…

SSH-Tunneling is useful for getting into remote firewalled systems securely. If you need to access a database server, cvs repository, or other service that is blocked off by a firewall, ssh tunnels will let you access them as if you were on the local network. This makes the systems very secure, and promotes encrypted transmission.

SSH GUI based clients have control panels that allow you to setup tunnels. Sometimes, it is necessary to automate such a task on the shell level. SSH tunneling can be an excellent security enhancement to an automated system.

#using the command line only, open ssh tunnel to cvs repository
$ ssh -l youruser yourhost.com -p 22 -N -f -C -L 2401:yourhost.com:2401
Argument summary:

* -l login name
* -p remote host port (It is best to connect to ssh on something other than the default port to shake off automated attacks. Change sshd.conf and/or the port mapping on your firewall. For example :2210 external maps to :22 internal for your ssh boxes that are allowed to accept outside connections.)
* -N do not execute a remote command
* -f requests SSH to go to background
* -L port:host:hostport (port = local port, host and hostport are where you want the tunnel to point to. This does not have to be the box you are ssh-ing to!)
* -C compression – optional

The command will ask for a password after it is executed. Then it will go into the background, running as a system process. To make this run unattended, such as in a nightly cron script, use ssh-keygen to setup trusted authentication between the local and remote host.

#check for ssh process with the parameters specified above
$ ps aux
Now if you are done with the tunnel and want to shut if off:
#find the tunnel that was setup into the repository and shut it down
#alter “2401:” to match the local port tunnel to shut off
ps -fU root -C ssh | grep “ssh -l” | grep “2401:” | awk ‘{print $2}’ | xargs kill