1. Using a Hauppauge HVR-1950 on one of my home machines, I often watch TV on my computer. If I ever want to watch remotely, I set VLC to stream the feed from the capture device (addressing it as a PVR on /dev/video0) using an OGG codec to the local IP address on a specific port number, then SSH to the same box from the outside with the following command:

ssh MyPublicIPAddress -p 12345 -L 6500:192.168.0.10:2503 -o TCPKeepAlive=yes -o ServerAliveInterval=30

This command will SSH to my home public IP on my alternate SSH port and listen locally (client side) on port 6500 and forward the traffic requests (encrypted via the SSH tunnel) to my local server on 192.168.0.10 on port 2503 (the port I configured VLC to stream on from the server with the Hauppauge device). When I launch VLC on my client and engage a network connection on 127.0.0.1 on port 6500 (using VLC menu option ctrl-N) — poof — TV appears on my remote PC.

2. Local port redirects: Using this example:

ssh MyPublicIPAddress -p 12345 -L 7000:192.168.0.12:5900 -D 15000 -L 6000:192.168.0.25:3389 -o TCPKeepAlive=yes -o ServerAliveInterval=30

This is really an extension of concepts explained in item #1. With SSH you can forward any local port to any remote port on the other side, and funnel encrypted traffic to any computer running any OS on the SSH server side. So to VNC to a home machine from a remote location, simply SSH to your home machine (may require port forwarding and/or port knocking) and divert local port traffic to a remote server of your choice.

Note the -D 15000, allows for a SOCKS PROXY, which routes any application’s traffic using SOCKS out of your SSH’ed connection. For example, you can engage a SOCKS proxy on Firefox and then check your public IP address (by going to whatismyip.com) and you’ll see that while your real public IP may be one address, all your browser traffic is routed through your home connection.

There’s a lot to say on this subject (for example DNS translations are not routed by default through the tunnel) and other nuances. Google “SOCKS PROXY SSH DNS” for more info. This link may offer some further assistance.

There are other complications, in that it’s not easy to route operating system DNS requests (outside of the Firefox browser) through SSH, primarily because DNS runs on UDP port 53. I do not believe SSH will natively handle UDP port rerouting, though I’ve seen some creative solutions with netcat and mkfifo.

Also I have read (in the man pages) that Chrome supports SOCKS, I have read running Chrome with –proxy-server=<host>:<port>. For example when running the browser, google-chrome –proxy-server=”socks://foobar:1080″(with quotation marks), assuming that foobar is 127.0.0.1 (assuming you used a -D option for dynamic port forwarding) and port 1080 was the destination port at the end of your -L port:host:port command switch. Check the google-chrome man page for more details.

In the same example used above (copied below for convenience), once I connect to my home SSH box via MyPublicIPAddress, I simply have to engage a VNC viewing session to my own client (localhost) on port 7000, and it’ll route to the IP address of my choice inside my home network, in this case 192.168.0.12. VNC defaults to answering on port 5900. Multiple -L’s may be added to route many protocols (RDP, VNC, VLC, NFS, Web (80), even e-mail ports) to various machines on the local network.

In the example below I’ve added a second -L option routing traffic from my local client on local port 6000 to another machine (192.168.0.25) in my home network on port 3389 (the Windows RDP port). In that scenario, running (in Windows) mstsc /v:localhost:6000 would allow me to RDP to my home machine, 192.168.0.25. In Linux, I would run rdesktop localhost:6000.

ssh MyPublicIPAddress -p 12345 -L 7000:192.168.0.12:5900 -D 15000 -L 6000:192.168.0.25:3389 -o TCPKeepAlive=yes -o ServerAliveInterval=30

2a. An extension of the port redirect function of SSH in #2, I’ve written a post on dynamically adding port redirects without having to kill an SSH session to add the new redirects, instead add them on the fly: Click here for the post.

3. SSHFS. Not much to say about it here, simply check my full writeup on the subject.

There are many others that you can find on commandlinefu.com, including one using port knocking.

(Launchpad link):

A dynamic tunnel SSH multiplexer. When heavily using a Dynamic SSH tunnel, this application will open concurrent SSH tunnels to multiplex the load. This is useful when using torrent connections locally, or when using your computer to share internet access via the dynamic proxy.

To install on Ubuntu Karmic:

sudo add-apt-repository ppa:martineve/ppa

sudo apt-get update

sudo apt-get install sshsplit

If no arguments are passed, you can run sshsplit from command line and it will bring up a convenient GUI for on the fly configuration.

Most people think you need to kill your SSH session to add a new -L option, then reinitiate the SSH session; this is NOT true.

You can open an internal SSH shell within an SSH session to add new redirects!

From within an SSH session, simply type:

~# then hit <enter>

~C then hit <enter>

Then type: help and <enter>

You’ll see a listing of available commands. To add a new local redirect, just type

-L 4567:192.168.0.12:5900, then hit <enter>

…and voilà, you’ve added a new local redirect. Just hit <enter> once, and you’ll be dropped back into command line.

There are other escape-commands. Just type ~? from within an SSH session for more escape-commands.

FYI: This also works for remote redirects, as well.

Here’s a Google search link offering more info:

SSHMenu is much like Putty, in that you can set up individual address book style destinations to SSH into, and save settings for each. While scripting them from the CLI and applying a chmod +x, I can see the benefit of using a centralized GUI.

From the site:

Each menu option will open an SSH session in a new terminal window. You can organise groups of hosts with separator bars or sub-menus. You can even open all the connections on a submenu (in separate windows or tabs) with one click.

Here’s a killer feature: imagine if every time you connected to a production server the terminal window had a red-tinted background, to remind you to tread carefully. Using terminal profiles, SSHMenu allows you to specify colours, fonts, transparency and a variety of other settings on a per-connection basis. You can even set window size and position.

It also leverages Gnome terminal profiles, so you can set up unique profiles to specify transparency, text color and background to remind you of which SSH Host you’re in. It’s written in Ruby, so once you add the source to your /etc/apt/sources.list you’ll need to sudo apt-get update, and import their GPG keys, and re-update again, then install.

Sources: Linux.com, SSHMenu.