I can tunnel my whole network traffic using sshuttle by this simple following command (which digitalocean is my IP address and I have a public key, saved there):
sudo sshuttle --dns -r root#digitalocean -x digitalocean 0/0
I don't know how to make the sshuttle tunnel through one specific port (like 8800) so that I can access my local nearby server and use a browser (e.g. Firefox) tunnelled through that port: using a Manual proxy with localhost:8800 address.
I know that I can use the following command to tunnel my traffic through a specific port (like 8800), but as I don't have the password of this digitalocean server, I'm not able to use ssh to access it.
sudo ssh -N -D 8800 root#digitalocean
If anyone is still looking for similar things this is in fact very straightforward:
sshuttle --dns -r user#host:8800 0/0 -x host
Related
Here's the thing. I'd like to access a remote host by ssh, and make a tunnel as a proxy. I did it on my windows computer with Putty. In putty, there is a "tunnels" options, add a dynamic tunnel would do the trick. That is, a (dynamic, that is in the putty's option, I don't really know what it means)tunnel at port 1111, and then I can access the internet though socks5 proxy 127.0.0.1:1111.
But now I want to make the tunnel on my openwrt router, 192.168.1.1, and access the proxy as 192.168.1.1:1111. I want to know how. There are two major question:
1.the proper command of ctl ssh to make a tunnel just as the putty did. I googled a few, but because of the 2nd question, I never know which one is correct.
2.how can I access the tunnel on the router though 192.168.1.1:1111. As I tried before with ss_local(another proxy program), I established a socks locally but it can never be accessed by my another LAN host. Are there some firewall things to do?
Does anyone know the answers? Thank you!
This is what I did to access remotely to my AP.
I used a SSH Reverse Tunnel to a remote server. Here I dump a simple script to achieve it.
key_ssh=/root/.ssh/id_rsa
user=root
ip='YOUR_SERVER_IP'
port='THE_PORT_YOU_WANT_TO_CONNECT_THROUGH'
#connect ssh
ssh -f -N -i $key_ssh -R 0.0.0.0:$port:localhost:22 $user#$ip
And in your remote server you type:
sudo su
ssh -p THE_PORT_YOU_WANT_TO_CONNECT_THROUGH localhost
You will be asked for the root password, type it and you're in.
I am trying to use dynamic port forwarding to ssh to various servers in my university from home.
I used local port forwarding successfully:
ssh -L 10001:server1:22 my_user#proxy_server
ssh -p 127.0.0.1:10001
but I am using 12 servers, and I'd like to create only one tunnel (dynamic).
Is it possible to configure ssh to use a SOCKS proxy?
You can add the '-L' option several times to have more then one forwarding through one ssh connection.
Like
ssh -L 10001:server_1:22 -L10002:server_2:22 -L ... my_user#proxy_server
What is the best way to run a command through an ssh tunnel? Not running the command on the remote server, but forwarding locally created traffic to it through a tunnel.
For example, wget. How can I run wget on my local machine so that it tunnels to a VPS that I have ssh access to? Both the local and remote servers are running Arch Linux.
From what i got, your question is about a proxy, specifically, a socks proxy . So the easiest way to do this is to show you some examples. and work from that.
ssh -NT -D 1080 user#remoteserver.net
What this is doing is keeping the port 1080 open as a socks5 proxy -NT keeps the connection alive.
Then what needs to be done is to use the proxy. I dont think wget has the option to use a socks proxy so we will have to use curl as i know that can use them.
curl -O --socks5-hostname 127.0.0.1:1080 url
This connects to the socks proxy and downloads from url.
Setup:
My computer (linux / unix) has an arbitrary IP address
I can connect to a central linux server which has a static ip
Remote linux systems are set up so they only respond to central server IP address on port 22
I want to port forward through the central server so I can use MySQLWorkbench and make python scripting connections on port 3306 to the remote systems.
Ideally, I would like the syntax for ssh command to make the port forwarding work;
Suppose I want to forward local port 3307 to 3306 on the remote system. Assume my ip is x.x.x.x, the central server IP is y.y.y.y, and the remote system IP is z.z.z.z;
I think it has something to do with ssh -L but I can only forward to the central server so far. Maybe I need to connect to the central server, set up forwarding there, then set up forwarding on my machine? I think functionality exists to do it with a single command using ssh.
If this is a duplicate, it should not be marked as such because without knowing what magic keyword to search for, you can't find the duplicate;
Clarification: port 3306 is NOT open on the remote server. Only 22
ssh -L :3307:z.z.z.z:3306 user#y.y.y.y -Nf
Works fine
or
ssh -L 3307:z.z.z.z:3306 user#y.y.y.y -Nf
To only bind to x.x.x.x's localhost
The first example binds to all interfaces
edit...
Just seen that z.z.z.z only has port 22 open.
on y.y.y.y you will also need to have a local port open
run on y.y.y.y
ssh -L 3307:localhost:3306 user#z.z.z.z -Nf
then on x.x.x.x
ssh -L 3307:localhost:3307 user#y.y.y.y -Nf
run these commands in a screen for best results
You can actually condense these 2 commands together
ssh -L 3307:localhost:3307 user#y.y.y.y -f 'ssh -L 3307:localhost:3306 user#z.z.z.z -Nf'
ssh -L <local-port-to-listen>:<remote-host>:<remote-port>
The āLā switch indicates that a local port forward is need to be created
Best method is to create the tunnel using putty (ssh client). so you can start the shell, and it will create the ssh tunnel for you. this is a good reference
https://howto.ccs.neu.edu/howto/windows/ssh-port-tunneling-with-putty/
Recently I buyed a Foscam wireless IP camera:
http://www.foscam.com/Products_List.asp?id=173
In my home, my laptop and my IP camera are behind a cable modem (my ISP gives me a dynamic IP) using a linksys router (I dont have a public IP).
Actually I use SSH in a basic way to learn / manage some basic things in my VPS server.
My question is (the right ssh flags and commands to achieve this):
I think that I need to create:
A tunnel from my local router to a remote VPS server where I have root access.
A portforward in the router.
Thanks in advance.
You need to add a port forward in your router from port X to port 22 on your home computer.
You can then ssh -p X username#your-home-ip.
Include the -L Y:foscamip:80 command line switch when you run ssh, assuming focscam runs a web server on port 80 (standard). Use something over 1024 for Y, like 8080.
Open up a web browser, and go to http://localhost:Y.
You have access! When you're done, simply log out of your ssh session.
Old question, but I will answer in the hope it helps someone like me. Given:
you have a VPS with root access at root#example.com
you have an RTSP-compatible IP camera in your LAN at address 192.168.1.100
you have a PC/router/Raspberry Pi able to create the tunnel
what I did was
ssh -N -f -R 10554:192.168.1.100:554 root#example.com
Exaplanation:
-N: don't execute any command via SSH
-f: put SSH in the background
-R: remote port forwarding
10554: a port to open on the VPS to access the IP camera (better if > 1024)
192.168.1.100:554: IP address and port you want to access remotely
root#example.com: user and address of your VPS
To access the RTSP stream of the camera, open rtsp://<username>:<password>#example.com:10554/<path-to-stream>.
Of course it works fine also for other kind of streams (e.g. HTTP).
Better yet, use autossh.
/usr/bin/autossh -N -f -M 0 -i /home/pi/.ssh/id_rsa -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -R 10554:192.168.1.100:554 root#example.com.
I ended up with this command reading a lot of articles on the web. I even created an autossh user on the VPS without a shell, so it can do nothing apart from port forwarding.