3 Things You Didn’t Know About SSH – Part 2
Image via Wikipedia
OK, so last time we looked at how to tunnel your web traffic over
SSH to increase security, privacy, network restrictions etc. Today,
we’ll look at how to use port forwarding to access servers that are ordinarily available on the internal network.
Subversion Over SSH
As an example, I’ll show you how I access my internal network’s Subversion server. Here’s my set up:
- Externally, I have MyDomain.com which resolves to my home IP.
- On the internal network, my Ubuntu server has the address 192.168.1.101.
- The server runs an OpenSSH server and the Subversion svnserve daemon.
- The router forwards incoming connections on port 22 on to my server.
Setting up the tunnel, we do the following:
putty -L 3690:localhost:3690 username@MyDomain.com
Log in as usual. This time, the SSH tunnel
has been set up such that any connections to 127.0.0.1 on port 3690
will be tunnelled to port 3690 on the server. Which, handily, is the
default port used by the svnserve daemon.
And to get hold of some part of the remote repository, we just do:
svn co svn://127.0.0.1:3690/MyRepo
And hey presto, tunnelled access to your internal SVN server. It’s
always puzzled me why the good SVN folks suggest their weird svn+ssh
hack, which launches an svnserve instance in user space, potentially
causing file locking problems and requires user access to the svn
database files.
This technique can be applied to any internal server, whether web, database, remote desktop etc.
Next time we’ll look at reverse tunnels. Very cool.
![Reblog this post [with Zemanta]](archives_files/reblog_e_008.png)
Thank you for the series on SSH brilliant, and well written and easy to understand.
Cheers
Stephen