Overview of SSH tunneling

Overview of SSH tunneling:

Introduction:
SSH allows you to create an encrypted network tunnel between your machine and the network. Different SSH clients use slightly different methods for creating this tunnel. We'll look at how to set tunnels up using the SSH client "Putty".

Before we get to the client particulars, let's take a moment to peek behind the scenes to get a better understanding of what's actually going on. SSH tunneling takes place using a mechanism called "port forwarding."

Background:

Ports:
To understand port forwarding, you first have to know what a port is. If we were to use a telephone analogy, the IP address of a machine would be the phone number and the port a phone extension at that number. To get hold of a specific person at a company I might call their main number and then transfer to that person's extension. To use a specific service on a machine, I would connect to a specific port at the IP address for that machine.

When you use a mail program to read and send mail, usually your mail program makes a connection for you to two specific ports on the mail server. When you read mail, you connect to the POP3 port (usually number 110). When you send mail, you connect to the SMTP port (usually number 25) of our mail server. Here's a diagram:

                             neo.tamu.edu:25 (128.194.103.210:25)
                   / -SMTP-> o--------------+
    [your machine]|          | mail server |
                   \ <-POP3- o--------------+
                             neo.tamu.edu:110 (128.194.103.210:110)

NOTE: When you use a FTP Client for transfer of files, your ftp application makes a connection to the machine using port number 21.

Port Forwarding:
SSH allows you to do port forwarding over a secure tunnel. You configure your SSH client to accept connections on the local machine for certain ports. Any data which is sent to these ports is then forwarded and returned across the tunnel. On the other side of the tunnel, the SSH server passes the data back and forth to a machine of your choice. This is port forwarding. Note that when you transfer data using port forwarding your password is always in an encrypted format.

For instance, let us configure SSH client to listen for connections on the SMTP and POP3 ports of our local machine. Any data destined for these ports will be shunted over a secure connection to and from the mail server. Here's a picture:

                                                         neo.tamu.edu:110
localhost:110 o-<+----------+ ~   ~   +----------+>--<<--o-------------+
                 |SSH Client|~ ~ ~ ~ ~|SSH Server|       | mail server |
localhost:25  o->+----------+   ~   ~ +----------+>-->>--o-------------+
                                                         neo.tamu.edu:25

The final piece of this puzzle is the mail and the FTP program configuration. To make this all work, you need to configure your mail client to connect to the forwarded ports on your local machine instead of connecting to a remote mail host as per usual.

Configuring EUDORA for SSH tunneling

Configuring Putty (SSH client) for FTP

Configuring FTP client for SSH tunneling

Determine if a port is available on your local machine

For any assistance contact:

1. Rosemarie (979-845-6842)
2. Kalva.