From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id C737E138010 for ; Mon, 20 Aug 2012 18:09:04 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 4E806E07E8; Mon, 20 Aug 2012 18:08:20 +0000 (UTC) Received: from mail-ee0-f53.google.com (mail-ee0-f53.google.com [74.125.83.53]) by pigeon.gentoo.org (Postfix) with ESMTP id CCBD5E096D for ; Mon, 20 Aug 2012 18:04:39 +0000 (UTC) Received: by eekc4 with SMTP id c4so1583040eek.40 for ; Mon, 20 Aug 2012 11:04:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:reply-to:to:subject:date:user-agent:references:in-reply-to :mime-version:content-type:content-transfer-encoding:message-id; bh=meCCf0+JUQhWuf90AaIZT/0gFbaL/EbejUjldL4efZw=; b=VDy6B71rCJ0sIC5ZKyhIsiQoPqOic0z2lndgmvxgVlAJlljMut2nbc64hh/vie8TiN FPHn7rodi6uEWp6tVdO5QZ//24RVwEAZmr9GrjHNYFT1hMsLCzmE0PNY3lxWmKt6mjT5 ERnNE/KYXwj85bwtMJJOTZpUuFsLZwebOki58YmFksQN02VZIKNkHeJNB1hA7MDLt6+T Ny2qiQJApDQPMUNGoxLfF3BJ+FB14DVfbbf9zd1VqnLxnSXWZI6zHHfpefhvd/VRWzen oU6Uq8r9X1Lr0GfypX269G0LE/OBFv0AnH4AFTQ29pnAnCNmFp8nBOdQyydoN3HaT1OH 6KIQ== Received: by 10.14.181.132 with SMTP id l4mr9853031eem.17.1345485879002; Mon, 20 Aug 2012 11:04:39 -0700 (PDT) Received: from dell_xps.localnet (230.3.169.217.in-addr.arpa. [217.169.3.230]) by mx.google.com with ESMTPS id 45sm43812451eeb.8.2012.08.20.11.04.36 (version=SSLv3 cipher=OTHER); Mon, 20 Aug 2012 11:04:37 -0700 (PDT) From: Mick To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] SSH question Date: Mon, 20 Aug 2012 19:04:38 +0100 User-Agent: KMail/1.13.7 (Linux/3.3.8-gentoo; KDE/4.8.3; x86_64; ; ) References: <20120819233141.56bfa9b5@osage> <201208200650.58012.michaelkintzios@gmail.com> <20120820073506.5fc30bc3@osage> In-Reply-To: <20120820073506.5fc30bc3@osage> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart4968548.4CN6toCQiu"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <201208201905.07665.michaelkintzios@gmail.com> X-Archives-Salt: 2e891cdc-4788-4984-befa-1df2e2417a67 X-Archives-Hash: 612124a33c7e11ad1435ba301808f868 --nextPart4968548.4CN6toCQiu Content-Type: Text/Plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable On Monday 20 Aug 2012 12:35:06 David Relson wrote: > On Mon, 20 Aug 2012 06:50:29 +0100 >=20 > Mick wrote: > > On Monday 20 Aug 2012 04:48:40 Canek Pel=C3=A1ez Vald=C3=A9s wrote: > > > On Sun, Aug 19, 2012 at 10:31 PM, David Relson > > > > >=20 > > wrote: > > > > G'day, > > > >=20 > > > > I've volunteered to do some data entry for my local bike club. > > > > This involves a java application (jar file) and a tunnel to a > > > > mysql server. I have detailed PuTTY configuration instructions > > > > but haven't yet succeeded in converting them to ssh options. > > > >=20 > > > > The configuration options include: > > > > Seconds between keepalives -- 120 > > > > Don't start a shell or command > > > > =20 > > > > Forwarded port: > > > > source port number - PORT > > > > Destionation: MACHINE.DOMAIN.COM > > > > =20 > > > > Host - IP_Address > > > > Login - userid > > > > Password - pw > > > >=20 > > > > Using "ssh -N userid@IP_Address" gives me a password prompt and no > > > > command prompt - both good. > > > >=20 > > > > How do I specify the forwarded port? > > >=20 > > > If I understand correctly, with -L: > > >=20 > > > ssh -L XX:machine2:YY user@machine1 > > >=20 > > > This command will connect you to the "machine1" host with user > > > "user", and any connection to the port XX to the machine you are > > > running the ssh command from, will redirect the connection to the > > > "machine2" host in the YY port. > >=20 > > If you want to forward a local port XX to a remote port YY then > > Canek's suggestion will do what you want, assuming that the correct > > remote application is listening on port YY. > >=20 > > When you have more than one application this can soon become > > tedious. So, if you want to set up the remote machine as a SOCKS > > proxy so that any socks-ified applications on the local machine can > >=20 > > connect to the remote SOCKS, then you can use: > > ssh -N -D XXXX user@machine1 > >=20 > > For applications that do not have built in proxy capability you can > > use e.g. proxychains. > >=20 > > HTH. >=20 > H'lo Mick and Carnek, >=20 > The mention of XX and YY wasn't transparent, but a bit of > experimentation gave a good connection. Using the terms in my original > post, I now have the following working command: >=20 > ssh -2 -N -L PORT:MACHINE.DOMAIN.COM:22 userid@IP_Address >=20 > Just need to add an appropriate TCPKeepAlive and all will be good. >=20 > Thank you both for your tips.. You're welcome. BTW, port 22 in your example above does not *have* to be p= ort=20 22. As a matter of fact if it isn't, it would avoid zillions of connection= =20 attempts by stupid botnets that could drive up your bandwidth consumption. = It=20 could also be the same port as the one you use at your local host. Whicheve= r=20 port you choose, you'll have to allow it through the firewall at the remote= =20 machine and of course whichever application is running at the remote host t= hat=20 you want to connect to, should be listening on said port. =2D-=20 Regards, Mick --nextPart4968548.4CN6toCQiu Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iEYEABECAAYFAlAyfFMACgkQVTDTR3kpaLbOlgCgx5NXTbwHOV+45Nm3mVUQyy5l CGkAn3G+P5v4hN+DNRq3/4UH6ELtDQTJ =65ZB -----END PGP SIGNATURE----- --nextPart4968548.4CN6toCQiu--