Often times, I’m caught in a situation where an application or service is not directly accessible to me from the network I’m currently on. For instance, if I’m at a customer site, I may need VNC or RDP access to a collocated server. Sure, I could open up port 5901 to the Internet on my firewall, but that would be ill advised, as VNC sends passwords in clear text. Even still, the site I’m at may have port 5901 outbound blocked.
Similarly, there have been situations where customers have two or more separate networks, joined only by certain multi-homed machines, or privileged machines in terms of router access lists. How do you then go about accessing a web app, for instance, via those machines?
Take another situation — you’re at the airport looking for public WiFi. You join a wireless network which you believe is legitimate. Can you be certain? When privacy is of concern, I immediately open up an SSH tunnel to my personal Linux machine where a squid proxy is running, and I tunnel all web traffic through that.
Not only does SSH provide encryption, but it can also provide compression. So applications such as VNC and HTTP further benefit from this, especially when you’re on a WAN link with limited bandwidth.
The list of potential situations where an SSH tunnel would be useful is endless, continue reading to become an SSH tunnel guru in no time. If you have any unique uses for SSH tunneling, I’d like to hear them!
Michael Solinap
Sr. Systems Integrator
SPK & Associates