Tuesday, May 09, 2006

SSH tunnelling with Putty

Courtesy of David Hancock, here's a mini-howto on configuring Putty for SSH tunnelling. Let's say you have an account on a Linux box (with an IP address of 192.168.2.100) that you can SSH into. Let's say you want to connect to a Trac instance running on port 8000 on a different box (with IP 192.168.2.200), and you can't get directly to port 8000 on the second IP. You can still use your account on the first box and create an ssh tunnel that will allow you to get to port 8000 on IP #2.

Here's David's howto, almost verbatim:

What we'll do is forward port 9080 on the PC to 8000 on 192.168.2.200 (the host/port for Trac). I'm using Putty version 0.54.

1. Start Putty (so you're looking at the PuTTY Configuration screen.)
2. Enter 192.168.2.100 (the IP of the box you can ssh into) in the Host name / IP address box.
3. Check SSH as the protocol (port number should change to 22.)
4. Enter 'trac-tunnel' as the Saved Sessions name, and click Save.
5. Open the Connection list in the left pane.
6. Open the SSH list in the left pane, Click Tunnels.
7. Check X11 Forwarding (in case you need to run X-based applications.)
8. Back on the right side, at the bottom, enter 9080 for source port (there's nothing special about port 9080, it can be any non-used port on your local machine.)
9. Enter 192.168.2.200:8000 as the Destination, leave Local checked.
10. Click Add.
11. Important, easy to forget: Click Session on the left pane, Click Save.

Now your 'trac-tunnel' session will not only connect you to the .100 box, but when you're logged into the .100, it will mediate a tunnel between your PC's port 9080 and port 8000 on 192.168.2.200.

So, let's try it out:

1. Use Putty to open the 'trac-tunnel' connection, and log in as yourself
2. Point your browser to http://127.0.0.1:9080/ and you'll get right in.

You'd repeat Steps 8-10 to add more local port forwardings. Step 11 is easy to forget, so be warned...

2 comments:

Anonymous said...

You can even use Putty as a general-purpose SOCKS proxy with dynamic mode.

Moof said...

Even more advanced:

plink.exe, the "command line" version of putty, allows you to load putty saved sessions. The simplest way to use this is:

plink.exe trac-tunnel

If you want to see its rather limited command set, then just run plink.exe, one useful one is -N - it opens up connections, and tunnels, without actually opening up a shell on the other end. This is useful for runnign as a background application in bash scripts in windows, or, potentially, running it as a windows service (assuming you have ssh keys set up) using somehting like FireDaemon.

I still haven't gotten round to writing a little systray utility to open up and monitor the state of port forwards using plink, but I'm hoping somoene might get round to it eventually ;)

Modifying EC2 security groups via AWS Lambda functions

One task that comes up again and again is adding, removing or updating source CIDR blocks in various security groups in an EC2 infrastructur...