ssh forwarding question

ssh forwarding question

[Sina Bahram]

Hi all,

I believe we have a ton of ssh users on this list, and I figured that I
should turn to the practical experts, since I believe I'm following the
documentation, and it's not working.

Here is what I am trying to do:

I have a server that is running sshd. That server, for the sake of argument,
is somewhere on the web, and completely accessible remotely. In other words,
it has a public IP.

I have my laptop right here in my lap, and I want to be able to have
absolutely every single http request go over the ssh tunnel and come back
through again of course.

Is this possible to do with ssh?

The reason I ask is because, I won't know the IP that I want to connect to
ahead of time, so I can forward to that particular ip address.

I want to be able to do the following:

ssh -L 12345:localhost:12345 -N -f username@server

Then, I simply tell my browser to use a proxy or to use port 12345 always,
rather than using some random high port.

Any thoughts, folks?

Take care,
Sina

Re: ssh forwarding question

[Igor Gueths]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi. By 'its not working', what errors/what makes you determine the fact that it's not working? The configuration you have supplied should work; the only thing I think may be throwing the whole 
thing off is your -f option...I'm not sure how authentication is handled when that option is used since I've never tried it. Also, I assume you are using the Openssh version of Ssh? The above 
assumes yes. Hth.
On Mon, Oct 24, 2005 at 12:00:29PM -0400, Sina Bahram wrote:
> Hi all,
> 
> I believe we have a ton of ssh users on this list, and I figured that I
> should turn to the practical experts, since I believe I'm following the
> documentation, and it's not working.
> 
> Here is what I am trying to do:
> 
> I have a server that is running sshd. That server, for the sake of argument,
> is somewhere on the web, and completely accessible remotely. In other words,
> it has a public IP.
> 
> I have my laptop right here in my lap, and I want to be able to have
> absolutely every single http request go over the ssh tunnel and come back
> through again of course.
> 
> Is this possible to do with ssh?
> 
> The reason I ask is because, I won't know the IP that I want to connect to
> ahead of time, so I can forward to that particular ip address.
> 
> I want to be able to do the following:
> 
> ssh -L 12345:localhost:12345 -N -f username@server
> 
> Then, I simply tell my browser to use a proxy or to use port 12345 always,
> rather than using some random high port.
> 
> Any thoughts, folks?
> 
> Take care,
> Sina
> 
> 
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iQIVAwUBQ11KhKe2pgKIdGq4AQr6AhAAjBkIDUtMA/8y+GIlhywHP0Wl9jz2hVmz
sjxZ5+G6YyIPXMmikYd73zTikbRLOskOyv+093QgMUtgNnIQ08pZmyCWeLK+mdAK
ehj8tF2GTL08DvevKxTjJdayIMzVfKqQI0C/dtFBujifImieYh06G8H8aD6HGNsN
y8r4EsE3SLQ/gNOgtnF2J87X1yNwsFkt503Xiwt1xPwUiGTzZJwkbNI79mCq5uuk
0/zzOAElrFlZuvLY687Tv1AVDq2lVL/4/f85ThaUAQH0jKno0YGySPLb4dt87+JY
GnXQWTfTrlWgE1lBDmlqohyHyy4gdorC3tBWu7xALypKQQhqT5vUFwkOZNObLSwa
i4OZspTo0NtZZzWxSNr1X6v26DfXbjP/TjjL/HaeZBKhX7vWEQbKMG1+brwfEFD+
XMUzqHHnIRhItO5FZcPJjrGyLrhfK+X1NOd+gkCpoTOB2dyVOt3ijJAQRe5PU2sd
65XZUOqNz7/j5yPcG89fYHEWfOPfohuA1YlsxZvvcLH2EkgyJ01MS4istTh2jkGm
rmIB2Fqk8C0BKpxLynp+bhJRDooacyUIrnfzhJ6IR+pkjnAW7J0znRWQOYwtoXUG
TnAutdY4Z0RaKCP89awbXLArAadFMaVDVoNTScakUu7qp6Q9XDfR/dBnuI02ReJ0
vO6HLDiS57Y=
=+3YO
-----END PGP SIGNATURE-----

RE: ssh forwarding question

[Sina Bahram]

Hi Igore,

Thanks for your reply.

Yes, this is OpenSSH, and it's not working because everytime I try to
actually access it via using whatever port I am trying to tunnel, I get the
following.

channel 1: open failed: connect failed: Connection refused 

Take care,
Sina

-----Original Message-----
From: speakup-bounces@braille.uwo.ca [mailto:speakup-bounces@braille.uwo.ca]
On Behalf Of Igor Gueths
Sent: Monday, October 24, 2005 4:57 PM
To: Speakup is a screen review system for Linux.
Subject: Re: ssh forwarding question

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi. By 'its not working', what errors/what makes you determine the fact that
it's not working? The configuration you have supplied should work; the only
thing I think may be throwing the whole thing off is your -f option...I'm
not sure how authentication is handled when that option is used since I've
never tried it. Also, I assume you are using the Openssh version of Ssh? The
above assumes yes. Hth.
On Mon, Oct 24, 2005 at 12:00:29PM -0400, Sina Bahram wrote:
> Hi all,
> 
> I believe we have a ton of ssh users on this list, and I figured that 
> I should turn to the practical experts, since I believe I'm following 
> the documentation, and it's not working.
> 
> Here is what I am trying to do:
> 
> I have a server that is running sshd. That server, for the sake of 
> argument, is somewhere on the web, and completely accessible remotely. 
> In other words, it has a public IP.
> 
> I have my laptop right here in my lap, and I want to be able to have 
> absolutely every single http request go over the ssh tunnel and come 
> back through again of course.
> 
> Is this possible to do with ssh?
> 
> The reason I ask is because, I won't know the IP that I want to 
> connect to ahead of time, so I can forward to that particular ip address.
> 
> I want to be able to do the following:
> 
> ssh -L 12345:localhost:12345 -N -f username@server
> 
> Then, I simply tell my browser to use a proxy or to use port 12345 
> always, rather than using some random high port.
> 
> Any thoughts, folks?
> 
> Take care,
> Sina
> 
> 
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iQIVAwUBQ11KhKe2pgKIdGq4AQr6AhAAjBkIDUtMA/8y+GIlhywHP0Wl9jz2hVmz
sjxZ5+G6YyIPXMmikYd73zTikbRLOskOyv+093QgMUtgNnIQ08pZmyCWeLK+mdAK
ehj8tF2GTL08DvevKxTjJdayIMzVfKqQI0C/dtFBujifImieYh06G8H8aD6HGNsN
y8r4EsE3SLQ/gNOgtnF2J87X1yNwsFkt503Xiwt1xPwUiGTzZJwkbNI79mCq5uuk
0/zzOAElrFlZuvLY687Tv1AVDq2lVL/4/f85ThaUAQH0jKno0YGySPLb4dt87+JY
GnXQWTfTrlWgE1lBDmlqohyHyy4gdorC3tBWu7xALypKQQhqT5vUFwkOZNObLSwa
i4OZspTo0NtZZzWxSNr1X6v26DfXbjP/TjjL/HaeZBKhX7vWEQbKMG1+brwfEFD+
XMUzqHHnIRhItO5FZcPJjrGyLrhfK+X1NOd+gkCpoTOB2dyVOt3ijJAQRe5PU2sd
65XZUOqNz7/j5yPcG89fYHEWfOPfohuA1YlsxZvvcLH2EkgyJ01MS4istTh2jkGm
rmIB2Fqk8C0BKpxLynp+bhJRDooacyUIrnfzhJ6IR+pkjnAW7J0znRWQOYwtoXUG
TnAutdY4Z0RaKCP89awbXLArAadFMaVDVoNTScakUu7qp6Q9XDfR/dBnuI02ReJ0
vO6HLDiS57Y=
=+3YO
-----END PGP SIGNATURE-----

_______________________________________________
Speakup mailing list
Speakup@braille.uwo.ca
http://speech.braille.uwo.ca/mailman/listinfo/speakup

RE: ssh forwarding question

[Adam Myrow]

Are you doing the port forwarding as root, or a normal user?  This is 
important, because as a normal user, you cannot forward to ports below 
1000.  These are known as "privileged ports," and only root can forward to 
them.  Thus, as a normal user, you would have to forward port 80 to some 
other port over 1000.

Re: ssh forwarding question

[Gregory Nowak]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Uhmm, isn't it 1024, instead of 1000?

Greg


On Tue, Oct 25, 2005 at 04:31:45PM -0500, Adam Myrow wrote:
> Are you doing the port forwarding as root, or a normal user?  This is 
> important, because as a normal user, you cannot forward to ports below 
> 1000.  These are known as "privileged ports," and only root can forward to 
> them.  Thus, as a normal user, you would have to forward port 80 to some 
> other port over 1000.
> 
> 
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
> 
> 
> !DSPAM:435ea482211146614514141!
> 
> 

- -- 
web site: http://www.romuald.net.eu.org
gpg public key: http://www.romuald.net.eu.org/pubkey.asc
skype: gregn1
(authorization required, add me to your contacts list first)

- --
Free domains: http://www.eu.org/ or mail dns-manager@EU.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFDXq2Q7s9z/XlyUyARArxDAKCNPkXmCpR6ZV5yZaMyqGO7HqTAyACguk8Q
edTy5Ud95FBefvmKG1Sm0WA=
=Iacx
-----END PGP SIGNATURE-----

Re: ssh forwarding question

[Adam Myrow]

On Tue, 25 Oct 2005, Gregory Nowak wrote:

> Uhmm, isn't it 1024, instead of 1000?

Yes, my mistake.  I was about to say 1024, but I could have sworn that 
I've seen examples where somebody forwarded port 110 to 1010, but the 
other documents I have checked indicate that all ports below 1024 are 
privileged.

RE: ssh forwarding question

[Sina Bahram]

Yup, I'm root, and I believe it's actually 1024.

Although, that example was for simplicity's sake ... I am actually using
high port numbers.

Take care,
Sina 

-----Original Message-----
From: speakup-bounces@braille.uwo.ca [mailto:speakup-bounces@braille.uwo.ca]
On Behalf Of Adam Myrow
Sent: Tuesday, October 25, 2005 5:32 PM
To: Speakup is a screen review system for Linux.
Subject: RE: ssh forwarding question

Are you doing the port forwarding as root, or a normal user?  This is
important, because as a normal user, you cannot forward to ports below 1000.
These are known as "privileged ports," and only root can forward to them.
Thus, as a normal user, you would have to forward port 80 to some other port
over 1000.


_______________________________________________
Speakup mailing list
Speakup@braille.uwo.ca
http://speech.braille.uwo.ca/mailman/listinfo/speakup