Linux System Administration

SSH Port Forwarding allows us to create a very simple "VPN" which lets you to secure insecure protocols such us telnet or ftp. When creating encrypted ssh connections a client needs to be connected to a ssh server on a remote host, thus creating a ssh tunnel via which an insecure information will travel. In this scenario, we are going to use ssh port forwarding to create an encrypted tunnel for telnet connection.

Enable telnet server on remote host

Let us first confirm that the telnet server is running on a remote host:

$ netstat -ant | grep 23 

remote server port 23

Create ssh tunnel to remote host

In this example you will open port 4500 on your local host and tunnel it to the port 23 on your remote host. You do not have to do this as a root. Since we are using a port higher than 1024 a ordinary user is able to create this port forward connection. Keep in mind that a tunnel is erected only when the ssh connection is running.

# ssh -L 4500: 

create tunnel
At this point, every connection which uses port 4500 on the localhost will be redirected to remote port 23.

Telnet to remote host via ssh port forwarding

Before we attempt to telnet to a remote host via tunnel, we need to ensure that the tunnel is still running:

# netstat -ant | grep 4500 

ssh port forwarding
Once we know that the tunnel is still running we can attempt to telnet on local port 4500.

# telnet localhost 4500 

Telnet to remote host via ssh port forwarding

If you have tried everything to stop this error message appearing on your terminal try to look into /etc/hosts.deny file on your sshd destination server to make sure that your external IP address is not black listed there to be denied ssh access.You can do this only by using a ssh client on different server which has an external IP address different from your own. So ssh somewhere else and from there to your desired destination ( this is temporary workaround for this problem ). First get your external IP address. If you have a access to a browser navigate to or use a following bash script:


# NOTE: this script only works if your external IP address
# is listed on 35th line of ipchicken's output file.

wget -q
echo My external IP address is: $( cat index.html | sed -n '35p' | awk '{ print $1 }')
rm index.html

Make the bash script executable and execute:

chmod +x
My external IP address is:

Login to a destination server and execute a following command:

$ cat /etc/hosts.deny | grep

The output will look same or similar to the one below:

# DenyHosts: Fri Sep 24 14:58:17 2010 | sshd:

Remove both lines form /etc/hosts.deny file and you are ready to go. If you do not have a write access to this file ask someone with write access to do it for you. Your IP address can be listed in /etc/hosts.deny file due to the paranoid settings of TCP_WRAPPERS ( multiple authentication denied etc. ) or it can be added deliberately by a system admin.

I know that there is a syntax in a rtorrent config file to schedule throttle for uploads and download for rtorrent. However, no matter how hard I tried I did not work for my N2100 NAS device. The only value in regards to throttle uploads and downloads I can control is a global download_rate and upload_rate variable. So I came with a simple hack to use a crontab to stop , change config and start rtorrent. I have created two config files: one for offpeak and another for peak time. Once done edited a cron tast with
crontab -e
and add these lines:

00 7 * * * /raid/module/cfg/module.rc/RTORRENT.rc stop
01 7 * * * cp /root/rtorrent.rc_peak /raid/module/RTORRENT/system/etc/rtorrent.rc
02 7 * * * /raid/module/cfg/module.rc/RTORRENT.rc start

57 0 * * * /raid/module/cfg/module.rc/RTORRENT.rc stop
58 0 * * * cp /root/rtorrent.rc_offpeak /raid/module/RTORRENT/system/etc/rtorrent.rc
59 0 * * * /raid/module/cfg/module.rc/RTORRENT.rc start

Page 60 of 72

Go to top