Tunneling with SSH
This document is for Shelly & Rick.
Overview
You can't ssh or sftp/scp to tintin or dev from home. One work around is to set up an SSH tunnel through babar. This will forward a port on your local machine to tintin or dev making a connection to your local machine actually connect to tintin or dev.
Or, to say it another way: your packets go from your application to localhost where they enter the tunnel. They travel through the tunnel to babar. They exit the tunnel at babar and connect to tintin or dev from babar.
Security
If baddies crack your machine at home, this will give them access to tintin and dev. Please make sure your machine at home is patched, virus-scanned, firewalled and if possible blessed by your local holy-person of choice. Definitely make sure your copy of putty and plink are up to date. (The link for that is in the next section.) If you use the command described below, it should not be possible for outside hosts to connect to your tunnel, but please make double sure of this by blocking that port with your firewall.
Install Software
Make sure you have plink.exe.
http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
Make sure you get putty-XXX-installer.exe and not just putty.exe.
Set Up Tunnel
Service |
Port |
ssh/scp/sftp |
22 |
MySQL |
3306 |
Open up a dos box and run a command like this:
plink.exe -L LOCALPORT:HOST:PORT USERNAME@babar.seattlecentral.edu
Where LOCALPORT is the port on your local machine for the local end of the tunnel. Block this port with your local firewall. This port must not already be in use. You can actually use any port number you like as long as you remember it when you launch your app (dreamweaver, filezilla etc..)
Where HOST is the server (tintin or dev probably) that you want to connect to
Where PORT is the port number of your service (see table above).
Where USERNAME is your username on babar
See the Examples section below.
Now your dos box should look like an ssh connection with a prompt on babar. Closing this doxbox or otherwise closing the SSH session will close the tunnel. Make sure you close the tunnel when you are done with it. You can safely minimize the dosbox while using the tunnel.
Using your App
Now that your tunnel is up, point your app at localhost with the port number of LOCALPORT.
MySQL
We don't allow mysql connections even from babar, so if you want to use a mysql client at home, you need to tunnel all the way to the server. This involves a two-hop approach.
plink.exe -L LOCALPORT:localhost:BIGPORT USERNAME@babar.seattlecentral.edu
Where BIGPORT is a random number of your choosing above 1024.
Then, instead of minimizing the dos box, type this at the babar prompt:
ssh -L BIGPORT:localhost:PORT USERNAME@HOST
Examples
SSH/SFTP/SCP
Shelly wants to use Dreamweaver to upload a file from home to tintin.
plink.exe -L 22:tintin.seattlecentral.edu:22 sbecker@babar.seattlecentral.edu
She authenticates with her babar password.
She then tells dreamweaver to connect to localhost port 22 instead of saying tintin.
MySQL
Rick wants to connect to MySQL on Dev from his mysql client at home.
plink.exe -L 3306:localhost:33333 rharper@babar.seattlecentral.edu
He authenticates with his babar password
ssh -L 33333:localhost:3306 rharper@dev.seattlecentral.edu
He authenticates with his dev password
He then tells his mysql client to connect to localhost, port 3306.
More Info
If you're feeling saucy, the Putty manual is pretty thorough with lots of nice tricks you can use, especially the plink section.
http://the.earth.li/~sgtatham/putty/0.60/htmldoc/index.html
http://the.earth.li/~sgtatham/putty/0.60/htmldoc/Chapter7.html#plink