This is an old revision of the document!
Table of Contents
SSH tunneling
Sometimes you might be elsewhere, but need to log in to a system on your network via e.g. VNC or RDP. You don't have a VPN at hand, the firewall of course doesn't allow VNC or RDP and you are in desperate need of that connection.
Well, if there's an SSH server running on the remote network that is reachable from the internet, you can easily tunnel the connection through SSH.
Just run one simple command on your local machine:
ssh -C -N -L <local port>:<remote machine to connect to>:<remote port> <ssh-server>
Afterwards, connect to localhost:<local port> and you are done!
Examples
VNC
Assumptions:
- Locally port 5900 is already in use, so you use port 5901.
- The machine you need to control but is not reachable on the internet has IP-address 192.168.17.123 and it waits for VNC connections on port 5900.
- The ssh-server is available on IP-adress 1.2.3.4 and you need to use the username “user” to log in to that machine.
In that case the ssh-command would look like this:
ssh -C -N -L 5901:192.168.17.123:5900 user@1.2.3.4
Then, connect your vncviewer to localhost and you “get the picture”:
vncviewer localhost:5901
RDP
Assumptions:
- Locally port 3389 is free.
- The machine you need to control but is not reachable on the internet has IP-address 192.168.17.123 and it waits for RDP connections on port 3389.
- The ssh-server is available on IP-adress 1.2.3.4 and you need to use the username “user” to log in to that machine.
In that case the ssh-command would look like this:
ssh -C -N -L 3389:192.168.17.123:3389 user@1.2.3.4
Then, connect your RDP viewer to localhost and you “get the picture”:
rdesktop localhost
SSH Options
These SSH options are used:
| -C | Use compression Don't use this option on slow machines! |
|---|---|
| -N | Don't execute a remote command (no login prompt) |
| -L | Use port forwarding (tunneling) |
For more information please see man ssh.