Helpful SSH commands: Part 1

I use many of these commands quite often. They’re immensely helpful when one wants to do a lot of remote work on a computer, or simply access resources on a remote machine (Linux or otherwise). (FYI: OpenSSH may be installed on Windows machines if anyone does not have a home Linux box to receive SSH sessions, and may use PUTTY to SSH from a Windows machine).

1. Using a Hauppauge HVR-1950 on one of my home machines, I often watch TV on my computer. If I ever want to watch remotely, I set VLC to stream the feed from the capture device (addressing it as a PVR on /dev/video0) using an OGG codec to the local IP address on a specific port number, then SSH to the same box from the outside with the following command:

ssh MyPublicIPAddress -p 12345 -L 6500:192.168.0.10:2503 -o TCPKeepAlive=yes -o ServerAliveInterval=30

This command will SSH to my home public IP on my alternate SSH port and listen locally (client side) on port 6500 and forward the traffic requests (encrypted via the SSH tunnel) to my local server on 192.168.0.10 on port 2503 (the port I configured VLC to stream on from the server with the Hauppauge device). When I launch VLC on my client and engage a network connection on 127.0.0.1 on port 6500 (using VLC menu option ctrl-N) — poof — TV appears on my remote PC.

2. Local port redirects: Using this example:

ssh MyPublicIPAddress -p 12345 -L 7000:192.168.0.12:5900 -D 15000 -L 6000:192.168.0.25:3389 -o TCPKeepAlive=yes -o ServerAliveInterval=30

This is really an extension of concepts explained in item #1. With SSH you can forward any local port to any remote port on the other side, and funnel encrypted traffic to any computer running any OS on the SSH server side. So to VNC to a home machine from a remote location, simply SSH to your home machine (may require port forwarding and/or port knocking) and divert local port traffic to a remote server of your choice.

Note the -D 15000, allows for a SOCKS PROXY, which routes any application’s traffic using SOCKS out of your SSH’ed connection. For example, you can engage a SOCKS proxy on Firefox and then check your public IP address (by going to whatismyip.com) and you’ll see that while your real public IP may be one address, all your browser traffic is routed through your home connection.

There’s a lot to say on this subject (for example DNS translations are not routed by default through the tunnel) and other nuances. Google “SOCKS PROXY SSH DNS” for more info. This link may offer some further assistance.

There are other complications, in that it’s not easy to route operating system DNS requests (outside of the Firefox browser) through SSH, primarily because DNS runs on UDP port 53. I do not believe SSH will natively handle UDP port rerouting, though I’ve seen some creative solutions with netcat and mkfifo.

Also I have read (in the man pages) that Chrome supports SOCKS, I have read running Chrome with –proxy-server=<host>:<port>. For example when running the browser, google-chrome –proxy-server=”socks://foobar:1080″(with quotation marks), assuming that foobar is 127.0.0.1 (assuming you used a -D option for dynamic port forwarding) and port 1080 was the destination port at the end of your -L port:host:port command switch. Check the google-chrome man page for more details.

In the same example used above (copied below for convenience), once I connect to my home SSH box via MyPublicIPAddress, I simply have to engage a VNC viewing session to my own client (localhost) on port 7000, and it’ll route to the IP address of my choice inside my home network, in this case 192.168.0.12. VNC defaults to answering on port 5900. Multiple -L’s may be added to route many protocols (RDP, VNC, VLC, NFS, Web (80), even e-mail ports) to various machines on the local network.

In the example below I’ve added a second -L option routing traffic from my local client on local port 6000 to another machine (192.168.0.25) in my home network on port 3389 (the Windows RDP port). In that scenario, running (in Windows) mstsc /v:localhost:6000 would allow me to RDP to my home machine, 192.168.0.25. In Linux, I would run rdesktop localhost:6000.

ssh MyPublicIPAddress -p 12345 -L 7000:192.168.0.12:5900 -D 15000 -L 6000:192.168.0.25:3389 -o TCPKeepAlive=yes -o ServerAliveInterval=30

2a. An extension of the port redirect function of SSH in #2, I’ve written a post on dynamically adding port redirects without having to kill an SSH session to add the new redirects, instead add them on the fly: Click here for the post.

3. SSHFS. Not much to say about it here, simply check my full writeup on the subject.

There are many others that you can find on commandlinefu.com, including one using port knocking.