Hey guys, welcome back! today I’m gonna talk about SSH, tunniling and why you would want that.
Secure Shell better know as SSH is a great way to log in to another computer and help people at other location. (or if you just dont want to walk to the other computer all the time.) Basicly SSH is ‘tha new telnet’ a service that makes it possible to use another computer via terminal. Ubuntu, like most Linux distro’s do, has the ssh client standard on the system ready to use, but doesn’t have the server installed.
So now we’re going to install this on the server or computer we want to remote control. The installation is quiet simple, just type in:
sudo apt-get install openssh-server
When this is done you have a fully operational ssh server up and running! Now make sure you have the server on both sides, so your computer and the remote, so you’ll be able to try the rest.
Tunneling basicly means a connection within a connection, this will able you to for example connect back to a computer so you don’t have to edit the firewall in your router. Little example because I can imagine this will be hard to follow.
Let’s say we just installed an Ubuntu server with MySQL, MySQL doesn’t standard allow root to login from anything else then localhost, the server himself. But we don’t want to edit this because this can cause a security problem. To still be able to this we will use SSH to tunnel the port. We do this as followed:
sudo ssh -l junke server.junke.nl -L 3306:localhost:3306
sudo because you bind the ports on your computer/client
-L this will bind the port 3306 of your computer/client to the port 3306 of your server over SSH
after the logon the tunnel will be created and you will be able to open mysql admin and connect to localhost at port 3306 at your computer/client, this will be forwarded then to your server over ssh. This way we can use a nice GUI to edit the users, databases and tables 🙂
My situation, we have:
- my server at home (server.junke.nl)
- my notebook
- people who need help
because I don’t want to start editing all my friends their routers so we can connect over the internet to their directly computer I ask them to do the following:
ssh -l support server.junke.nl -R 2222:localhost:22
They will log in on my server with the account support (nothing special there) but now! the -R 2222:localhost:22 this will connect port 2222 on my server to port 22, the standard ssh port, on their computer.
Now I log on to my server just like I allways do and ON MY SERVER I do
ssh localhost -p 2222 -l [username of the people in need of my help]
That will allow me to go via my server via his ssh outgoing to connection to connect back to his computer and will able me to logon to his server without editing the routers firewall settings, simply because he made the connection to the outside world and not the other way around.