The paper “ Multitunneling Grid Transactions” is a meaty variant of a lab report on information technology. An SSH tunnel can be described as an internet pipeline in which data moves through. The data can be encrypted to avoid eavesdropping. Apart from this SSH can be used as a tool to connect machines on opposite sites of a firewall(s). The SSH tunnel forwards a TCP port at one end(local) to another TCP port at the other end (remote) through the firewall. The following are the situations that this can be important Where one needs to talk directly to a specific TCP port to a machine that is separated by a firewall/gateway if it is possible to SSH into the gateway. Where it is possible to send data to a machine but one wants the data to be encrypted Where 1 and 2 are to be done. First applicationIf we are in a situation in which one is using a machine named my machine, and there is a program that can send data to a TCP port (say 5900) and another machine (remote machine).
There will be no problem if the two machines can communicate directly, but it will be a different situation if the machine is behind a ‘ firewall’ .
In such cases the machine (remote machine) will not be referred to directly and for the outside world, the remote machine does not even exist. The communication between the remote machine and the internet is through the firewall. There is a breakthrough when it is possible to SSH into the firewall. In such a case it happens that firewall knows about the remote machine while my machine knows about firewalls and so trios can be rigged up (Rob, 2001).
The following SSH which is run on my machine will set up the tunnel ssh-N-L 33642: remote machine: 5900 user@firewall Then these can telnet to remote machine port 5900 by running the command on my machine telnet localhost 33642 The main piece is “ ssh user@firewall” - and literally this SSHing into the firewall. When a password is asked for, the one for the account on the firewall should be given. The N is not that important as its purpose is simply for keeping the pipe open. The RELAY part is the piece“ -L33642:remotemachine: 5900” .
This alerts SSH that there is interest OPEN UP A SHELL on a firewall, but it is being used just as a relay. It should be noted that the remote machine must be addressable from outside as the only necessity is for the firewall to know how to find it. The “ L” commands SSH to listen to port 33642 which is on “ my machine” and the listening is done locally and any data received is redirected THROUGH firewall and on to port 5900 on “ remote machine” .
From this, it can be seen that telnet’ ing to 33642 (localhost) is like telnet’ ing to 5900(“ remote machine” ) Things that can be noted: The port 33642 is randomly chosen. Any free port on “ my machine” can be used. The session is only encrypted between “ my machine” and firewall but between firewall and “ remote machine” the data is sent IN THE CLEAR though there is a way to fix this as seen later. It is possible to chain up SSH tunnels so that they go through MULTIPLE gateways if necessary. There is a “ -R” switch which does the OPPOSITE of capturing traffic on the remote side and forwarding it to the local machine (Rob, 2001).
Episode discussion (17, Dec. 2008). Setup an SSH SOCKS proxy! Retrieved March 14, 2009, from http://revision3.com/hak5/SSHGamesBlogsPasswords/
Frank W. Quick-Tip: Reusing Open SSH connections to the same host. Retrieved March 14, 2009, from http://www.revsys.com/writings/quicktips/ssh-faster-connections.html
Linode.com Forum, Linode Community Forums. (Feb 2009)Multiple SSH Tunnel Access. Retrieved March 14, 2009, from
O’Reilly Network. (Feb.23, 2001) Using SSH Tunneling. Retrieved March 14, 2009, from http://www.terrencemiao.com/Webmail/msg00446.html
Rob, F. (02/23/2001) Using SSH Tunneling. Retrieved March 14, 2009, from http://www.oreillynet.com/pub/a/wireless/2001/02/23/wep.html
Spencer, S. SSH Tunneling (TCP port forwarding). Retrieved March 14, 2009, from http://www.spencerstirling.com/computergeek/sshtunnel.html
Ubuntu Forums. (4/21/2008.) SSH tunnel through multiple hosts. Retrieved March 14, 2009, from http://ubuntuforums.org/archive/index.php/t-446659.html
Peter K. Kaiser, Dougal R. McCreath (1992) Rock support in mining and underground construction: proceedings of the International Symposium on Rock Support, Sudbury. Canada: Taylor & Francis
Sławomir T. (2001).Thin-film magnetoresistive sensors London: CRC Press
The University of Michigan. (1975) Wireless world New York: IPC Business Press