LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 10-28-2007, 01:54 PM   #1
Murdock1979
Member
 
Registered: Oct 2003
Distribution: Slackware Debian VectorLinux
Posts: 429
Blog Entries: 2

Rep: Reputation: 30
setting up http over ssh


Hello!

I am wondering how I can connect to my home apache web server tunneling through ssh.

Thanks,
murdock
 
Old 10-28-2007, 02:40 PM   #2
ilikejam
Senior Member
 
Registered: Aug 2003
Location: Glasgow
Distribution: Fedora / Solaris
Posts: 3,109

Rep: Reputation: 96
Hi

Something like:
Code:
ssh -L 8000:localhost:80 username@webserver
then go to http://localhost:8000

should do the trick.
 
Old 10-28-2007, 06:27 PM   #3
Murdock1979
Member
 
Registered: Oct 2003
Distribution: Slackware Debian VectorLinux
Posts: 429
Blog Entries: 2

Original Poster
Rep: Reputation: 30
Thanks!

Would this also set things up correctly:

Code:
? ssh -L 8000:webserver:80 user@webserver
and then access localhost:8000

or

Code:
? ssh -D 8000 user@webserver
set up the web browser to direct to the SOCKS proxy, and then browse to the webserver?

Thanks!
Murdock

Last edited by Murdock1979; 10-28-2007 at 06:42 PM.
 
Old 10-28-2007, 09:43 PM   #4
ghostwriter78
LQ Newbie
 
Registered: Oct 2007
Posts: 6

Rep: Reputation: 0
Hello,

as written above by ilikejam, it has to be
Code:
ssh -L 8000:localhost:80 username@webserver


i have a similar question, apparently posted in another part of the forum.

http://www.linuxquestions.org/questi...etwork-595181/

The access to remote server is working. Our problem is that we want to have the tunnel persistent. Starting on server start and reconnecting if disconnected. But im not sure how to do that.

there would be also another point of being able to use the tunnel by accessing another machine which establishes the tunnel to the other side.

thanks
Tibor
 
Old 10-29-2007, 01:38 AM   #5
ilikejam
Senior Member
 
Registered: Aug 2003
Location: Glasgow
Distribution: Fedora / Solaris
Posts: 3,109

Rep: Reputation: 96
Hi all.

Murdock: Yes, the SOCKS way would also work fine (I use this to get round the corporate firewall at work).

ghostwriter: For this to work, you'll need to set up passwordless keys for local -> remote connections.

Once that's done, run ssh in a loop, like:
Code:
while true
  do
  ssh -L 8000:localhost:80 username@webserver
done
If the connection drops, ssh *should* return, and another instance of ssh will be launched. If there's passwordless keys, then the whole process can go on without any supervision.

Dave
 
Old 10-29-2007, 02:10 PM   #6
Murdock1979
Member
 
Registered: Oct 2003
Distribution: Slackware Debian VectorLinux
Posts: 429
Blog Entries: 2

Original Poster
Rep: Reputation: 30
Thanks again everyone for their quick replies!

ghostwriter78:

Why wouldn't "ssh -L 8000:webserver:80 user@webserver" work?

If the -L switch redirects data from port 8000 to port 80 at localhost (of the remote ssh server), then I would imagine that redirecting it to the IP of the webserver would have the same effect.

However, I will say that although this may return the proper website, I think, since the data is only encrypted until it reaches the ssh server and once the data is redirected to the internet IP of the server (although it is actually the IP of the server itself!) the data is not anymore encrypted. Using localhost:80 would solve this problem by only letting any data go as far as the loopback (ie. not outside the server itself).

ilikejam:

Although the -D does return the proper web pages, as I mentioned to ghostwriter78, I don't think the data is encrypted once it leaves the ssh server, which means that the data is only encoded until it is redirected to the server's internet IP. Accordingly, using your original method of localhost:80 would ensure that the data does not leave the ssh server, but is just redirected locally in the computer itself to the Apache server.

Does my conclusion make sense?

Thanks!
Murdock

Last edited by Murdock1979; 10-29-2007 at 02:14 PM.
 
Old 10-29-2007, 04:01 PM   #7
ilikejam
Senior Member
 
Registered: Aug 2003
Location: Glasgow
Distribution: Fedora / Solaris
Posts: 3,109

Rep: Reputation: 96
Yes. You're spot on.

The reason 'localhost' is used is because the remote side may not resolve 'webserver' as itself, but will almost always resolve localhost as being the local machine. This is especially true when traversing into other networks. For example, none of the machines inside my NATed home network know the aliases that point to the gateway IP from outside.

Dave
 
Old 10-29-2007, 08:25 PM   #8
Murdock1979
Member
 
Registered: Oct 2003
Distribution: Slackware Debian VectorLinux
Posts: 429
Blog Entries: 2

Original Poster
Rep: Reputation: 30
Awesome Dave!

Guess this thread is officially solved and closed.

Thanks again,
Murdock
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
NX (SSH) over http proxy 1N4148 Linux - Networking 10 10-22-2007 08:15 PM
Proxy tunneling SSH over HTTP Gibsonist Linux - Networking 0 12-05-2005 03:43 AM
Setting up HTTP server squirellplaying Linux - Newbie 8 05-02-2004 06:57 PM
http+ftp+ssh +quota katmai90210 Linux - Security 2 02-04-2004 04:52 PM
"socks5" -> "http" proxy protocol, or ssh tunnel to sock5 ? I'm beyond http p vmicho Linux - Networking 2 12-16-2003 05:32 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 04:45 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration