SSH updates

The Past:
I’m a long-time user of SSH. I presume that I was typical in my initial use of it for secure access to remote servers. But I quickly became familiar with its port-forwarding capabilities, and have often set up intricate webs of connected and nested tunnels, in order to negotiate the problems of multiple NAT servers and firewalls. I even considered myself a power-user.

The Present:
Today, while checking out A Defcon survival guide on The Register, I noticed that they had mentioned the -D parameter to SSH. It was that kind of “in-passing” reference, where you know they think they’re stating the obvious. You’ve probably guessed though, that it was not obvious to me.
Enter the Ubuntu SSH Howto, and in particular the “SSH as a Proxy” section. How could I not know that a SSH could run as a SOCKS proxy, tunnelled to a remote server? Now I’ll be able to run SOCKS capable client applications (including web browsers) across lots of network configurations, without having to identify and forward individual ports. Brilliant!

The Future:
Wait, what’s that I see? At the bottom of the page there’s a link to SSH VPN. It can’t be. Not full networking access (routing,UDP,etc) over an SSH tunnel using the “tun” driver. Yes it is, it’s amazing. I can’t try this one out at the moment, but it will be a definite must-have for me (very soon).
Anywhere, on any network, once I have SSH access, I can get full access to my home network. (Or, if I wanted, an Amazon EC2 node that I could start when I needed full Internet access)

What lessons I’ve learned today, and not just about SSH. It’s important to check out the features and updates of software and networking tools that you use. Especially, if you already consider them important and useful. Don’t fall into the trap of thinking you already know how to use them, even if, like me, you’ve been using the tools for too many years to remember.

Now, I’ve also been using Ethereal for a long time, but a colleague has recommended WireShark, I must find out which one is better 😉

This entry was posted in Networks, Security, Software, Technology. Bookmark the permalink. Post a comment or leave a trackback: Trackback URL.

Post a Comment

You must be logged in to post a comment.