Wednesday, July 05, 2006

Accessing private web servers through SSH

I've always knew that it's possible to channel any TCP traffic through ssh but never got around to actually use it (beyond running the SSH client with "-X" to forward X11 traffic) but today I got around to actually test this.

The problem: access devices like my Dlink DSL504G ADSL modem web interface or Sipura SPA-3000 ATA's web interface from my desktop at work.

The solution: actually there are a few of them, I'll list them by the order I tried them:

1. "ssh -L 30000:192.168.1.3:80 my-home-machine" - This tells my SSH client at work that if I connect to port 3000 on my desktop at work it should connect host "192.168.1.3" port "80" from my home machine. This is the private-network address of my ADSL modem. Now I just typed "localhost:30000" in Firefox on my work desktop and got the web interface of my ADSL modem at home. I could add another port (let's say port 30001) to forward connections to my ATA device.

2. Just "ssh my-home-machine" then type "~C" this brings up a command line interface which allows me to then type "-L 30000:192.168.1.3:80" - the effect is just the same as specifying this command line argument on the ssh command line but the advantage is that I don't have to open a new session if I already have one.

3. Last but not least (but I ended up not using it): add a line to the configuration in ~/.ssh/config saying "LocalForward 30000 10.1.1.5:80".

Right now I plan to use option 2 - that way my private home devices are not open to anyone on my workplace network whenever I ssh home but on the other hand I don't have to open a new session whenever I want to access my home network devices.