Comments on: Advanced SSH configuration and tunneling: We don’t need no stinking VPN software

By: nicopsycho

nicopsycho — Wed, 18 Mar 2009 13:09:03 +0000

Thanks for the tutorial ^^

It worked for me, when the “#Note” for inline comments and the “Host” to “HostName” typo were fixed.

I’ve got 3 porwarded ports (at the moment) 2 VNC and 1 squid, and it is fast and safe.

Keep up the good work…

By: Ed

Ed — Wed, 07 Jan 2009 15:38:53 +0000

Is there a way to use the Host value in the HostName?

Host myhost
Hostname ${HOST}.mydomain.com

Host yourHost
HostName ${HOST}.yourdomain.com

for appending domain names.

By: Herman

Herman — Wed, 03 Dec 2008 20:02:18 +0000

Christopher DeMarco: You *can* tunnel SMB/CIFS using SSH. You only need to forward either port 139 or 445 for MS Windows networking.

By: fornetti

fornetti — Sun, 31 Aug 2008 13:02:59 +0000

I do not believe this

By: Tunneler

Tunneler — Wed, 16 Apr 2008 07:47:48 +0000

Thanks very much for the explanation!

You have a small error in the config:

Host workTunnel
#Work SSH Server To Initiate Tunneling From
Host ssh.pretendco.com

“Host ssh.pretendco.com” should be “Hostname ssh.pretendco.com”

Also on a Mac I can’t add comments on the same line as a normal configuration option:
.ssh/config line 13: garbage at end of line; “#Note”.

By: Christopher DeMarco

Christopher DeMarco — Fri, 15 Feb 2008 16:04:17 +0000

It’s a great one-off trick, but I question its suitability as a “VPN”:

1. Neither SMB/CIFS filesharing nor DNS can be tunneled, as they use UDP which SSH doesn’t grok. For UDP forwarding, have a look at netcat.

2. Many many webserver configurations use name-based virtual hosting, which uses the ServerName HTTP header to determine what content is served. Such a config *requires* an /etc/hosts entry to 127.0.0.1, rather than using “localhost” in your URI.

4. Your IT / security department may strenuously object to these types of activities; exercise caution in proportion with cleverness.

By: bhupesh

bhupesh — Fri, 15 Feb 2008 11:28:46 +0000

good…
but what happened if we have windows client both side,,,and when we try to access file system/samba/nfs share and remote desktop for windows system.

have any idea?

By: new299

new299 — Wed, 06 Feb 2008 17:48:23 +0000

I think there’s a typo in the example config:

Host workTunnel
#Work SSH Server To Initiate Tunneling From
Host ssh.pretendco.com
Port 5001

should read:

Host workTunnel
#Work SSH Server To Initiate Tunneling From
HostName ssh.pretendco.com
Port 5001

By: gerd meller

gerd meller — Wed, 09 Jan 2008 11:42:10 +0000

Implementing a system-wide SSH socks proxy on Mac OS X really isn’t that difficult. And you also can easily install advanced ssh tools like nylon or tsocks (see http://textsnippets.com/posts/show/1326 ).

Cheers,

g. m.

By: Linulin

Linulin — Fri, 04 Jan 2008 18:26:33 +0000

“instead of forwarding lots of ports manually, the builtin SOCKS proxy (option -D) is a more flexible solution which may in some cases be preferable”

True! While not all programs support SOCKS, it allows to completely forget about port forwarding at least for numerous existing and *future* corporate _web_ resources.

I would also mention ‘autossh’ utility. It might be very handy if your remote connection is unstable.

–
…Bye..Dmitry.