+----------+:22000 :22001+----------+:22001 :22+----------+ | PC |----------------->| server |----------------->| unix | | (A) | | (B) | | (C) | +----------+ +----------+ +----------+
localhost:22000 to server:22001 like this:
or like this
ssh -L 22000:localhost:22001 user@server.B.cz
ssh -L 22001:localhost:22 user@unix.C.cz
localhost:22 and you will be in fact connected to
This describes how to make a proxy from a desktop (
desktop.B.cz) behind a server (
server.B.cz). First, make a tunnel from your machine:9001 to a given port (e.g. 22001) on the
ssh -L 9001:localhost:22001 user@server.B.cz
Then, login on the
server.B.cz and make a dynamic SOCKS proxy from your distant desktop
desktop.B.cz where you really want to have proxy on:
ssh -D 22001 user@desktop.B.cz
The proxy is on your machine's localhost at port 9001.
This feature is useful if we want to connect from a Windows machine to a remote Unix server, and we'd like to use a secure connection. A typical usage is when we wan to connect to X Window system via VNC (Virtual Network Connection), and we don't want all to see our communication.
The configuration is rather easy. We start a connection to a remote Unix server as usual. But before a confirming of the connection using the Open button, we must set up port forwarding in Connection/SSS/Tunnels section:
Source portis a port on your local Windows machine you want to forward. For VNC, use 5900 for example.
Destinationis the other end of your tunnel. Usually, it will be on the machine you connect to via SSH. In that case, use “localhost” and desired port after a colon, like in the example above. However, connection to a different machine (in a secured private network, for instance) is possible too, just replace “localhost” with some IP address or DNS name.
Finally, click on the Open button, and log on your Unix server as usual.
If you want to proceed with the VNC connection, follow these steps:
vncpasswdon the Unix machine.
vncserver. You can specify additional options like
vncserver -geometry 800x600 -depth 16