SMB through SSH tunnel

Similar Messages

• Screen Sharing.app fails through ssh tunnel with "You cannot control your own screen"

  I need to control a remote Mac mini running 10.7 through an ssh tunnel.  I've set up ssh with -L for the appropriate ports, and bound my local ports 5900 and 5800 through this.
  When I connect to 127.0.0.1 with Screen Sharing.app on my macbook pro which runs 10.8.4, it says "You cannot control your own screen" however, screen sharing is not enabled locally on my machine, I'm trying to access a remote machine.
  I tried something else.  I created an alias IP of 127.0.0.2 on lo0, and tried again, and got the same thing, so it's doing an ifconfig and looking through all the IPs to see if the IP address of what I'm trying to connect to is bound locally, which defeats the purpose of tunneling through SSH.  I don't wish to setup a VPN.
  How do I let the Screen Sharing.app know that I'm not trying to connect to my own machine and it should skip this check.
  I've also tried with another app, Chicken of the VNC, and that almost works.  It connects and shows a login screen desktop to the target machine, but I'm unable to click on any of the account icons displayed in order to login, and all key presses such as tab, space, and enter are ignored.
  When at the location (on the same vlan as the target machine) I'm able to remote into it just fine with screen sharing.app, but Chicken of the VNC has the same issue of showing a login screen, but not allowing logins to it.

  Your ssh command should look something like:
  ssh -L 22590:localhost:5900 remove.mac.system.address
  Then you connect using
  Finder -> Go -> Connect to server -> vnc://localhost:22590
  Have you been doing anything close to that?

• Using portal admin console through an ssh tunnel?

  I'm trying to login on the portal admin over an established ssh connection:
  - profile server listen on hostname.subdomain.domain, port 8080
  - an ssh tunnel (via portforwarding through a firewall) from client port
  10000 to profile server 8080
  - connect from webbrowser to http://localhost:10000/console
  that won't work: internal server errors. If i change my hosts file:
  localhost 127.0.0.1 hostname.subdomain.domain
  it works. But this is ugly and conflicts with DNS.
  So, how can i configure the profile server to accept connections over an ssh
  tunnel? Anyone any idea?
  regards, Jordi

  Hello,
  Does any one in BEA have an answer to this. I was stumped when asked by a client. Any response will be great.
  C

• Tunnelling web traffic through ssh

  for tunnelling web traffic through ssh, it says here
  http://wiki.freaks-unidos.net/weblog...fox-ssh-tunnel
  that i have to set only the SOCKS Host text field in the edit>preferences>advanced>network>connection>settings
  to localhost and the port i used for ssh but what about the other fields like http,ftp,gopher,and ssl proxy, shouldn't i need to set those too? if not why and what are those fields for anyway?
  btw, is it possible to view streaming video like youtube.com while using a proxy? if so, then how would i go about it?

  jordi wrote:
  ssh -D 4444 (or any other port number) youruser@yourserver
  see the manual:
  -D [bind_address:] port
                Specifies a local ''dynamic'' application-level port forwarding.  This works by
                allocating  a  socket  to listen to port on the local side, optionally bound to
                the specified bind_address.  Whenever a connection is made to  this  port,  the
                connection  is  forwarded over the secure channel, and the application protocol
                is then used to determine where to connect to from the  remote  machine.   Cur‐
                rently  the  SOCKS4  and  SOCKS5 protocols are supported, and ssh will act as a
                SOCKS server.  Only root can forward privileged ports.  Dynamic  port  forward‐
                ings can also be specified in the configuration file.
  streaming videos like youtube.com will be possible... surfing the web will be the same as without socks proxy...
  I suggest to use a addon like FoxyProxy if you use socks proxy's a lot.
  1) I already know the ssh part, im talking about the configuration in firefox, sorry if i didn't make this clear.
  for tunnelling web traffic through ssh, it says here
  http://wiki.freaks-unidos.net/weblog...fox-ssh-tunnel
  that i have to set only the SOCKS Host text field in the edit>preferences>advanced>network>connection>settings
  to localhost and the port i used for ssh but what about the other fields like http,ftp,gopher,and ssl proxy, shouldn't i need to set those too? if not why and what are those fields for anyway?
  2) and another thing about streaming videos, why is it that some proxies i have used before don't allow streaming traffic through?
  ok it says here for vpn
  http://searchsecurity.techtarget.com/sDefi...213324,00.html#
  An additional level of security involves encrypting not only the data, but also the originating and receiving network addresses.
  3) so how would the routers know where to route the data if its encrypted? and how would i go about implementing that?
  4) btw, is ssh tunnelling an implementation of vpn?
  5) another question i have would be that for ssh tunnelling, it works at the transport layer onwards so only applications which are designed to use the port would go through the tunnel and be encrypted right, other apps would not go through the tunnel. On the contrary, IPsec works on the network layer so all information above the network layer whether they use UDP or TCP or whatever ports for TCP would go through the tunnel and be encrypted. Are the above statements correct?
  Last edited by unregistered (2008-05-11 08:39:19)

• How to get to x6250 Remote console through a ssh tunnel?

  I am accessing webGUI of my x6250 blade console through a ssh tunnel, I can log into eLOM, but when I launch remote console, the java client starts, then a java IOException window comes up with message saying "Create connection failure".
  When I access eLOM directly from company network without ssh tunnel, all works fine, so it is not my local system's setup or JVM issue.
  I am forwarding following ports already: 80, 443, 5120, 5121, 5123, and 7578.
  I suspect I missed some more ports for remote console usage, but which one(s)?
  YZ

  [ports needed for lights out management.]
  a) There does not appear to be an official Sun source for the port data.
  b) ILOM, ELOM, [a-z]LOM each seem to require their own selection of ports.... Beware.

• Possible to ssh tunnel Bonjour traffic across different subnets?

  Hello:
  For quite some time, I have been thinking of buying a couple of iSights to enable audio/visual between two distant computers. But I really don't want to have to leave a dozen ports in my DSL modems opened up in order to use AIM or Jabber servers to iChatAV to my "usual" called parties (I can't help it, I'm paranoid - I have one ssh port open on my DSL modem at home - so most everything I do from afar -- afp (port 548), vnc( port 5900), etc., I tunnel it all over ssh).
  So, in a similar vein, what I would like to do is treat a distant computer as if it were on my local 192.168.x.x NAT subnet, in order to do a Bonjour-like iChatAV connection without having to go to through these public servers and without having to leave a dozen ports open in my firewall (or go through the drill of opening/closing ports every time I want to iChat).
  Now, if I understand this correctly, on one's local subnet, iChat AV works using Bonjour to communicate with other iChat AV users on the same subnet, which, I think, uses multicast packets. So I'm wondering if it is possible to ssh tunnel multicast traffic to a different computer like so:
  ssh -L 5297:localhost:5297 -L 5298:localhost:5298 {called.party.IP.address}
  thus being able to set up a secure point-to-point iChatAV connection?
  Anybody ever do something like this?

  Hin j.v.,
  It is possible to iChat Bonjour over a Virtual Private Network , yes.
  2:33 PM Thursday; May 4, 2006

• Ssh tunneling

  Hi,
  I have tried the following:
  on PC1 (win xp) I have created ssh connection with port forwarding
  (local 8888 to remote 8888) to server1.
  From server1 I have created another ssh connection with portforwarding to server2(local 8888 to remote 1521).
  When I try to connect to oracle instance on server2 from PC1, using this kind of tunneling I got an error:
  Oracle Error :: TNS-12547
  TNS:lost contact
  Does anyone have some experience with this kind of tunneling or is this kind of tunneling is possible?
  Thanks,
  Goran

  Perhaps this thread will help you with tunneling vnc through ssh. I have personally put a number of posts about doing this; you might try searching these forums on user "j.v." and search terms "VNC" and "tunnel" if you want to see some of the stuff I have posted.
  As far as tunneling your web browser through an ssh proxy, I think the easiest way to do this is to get a second web browser like Firefox for all the proxy stuff, and set it up as a SOCKS5 to proxy to "localhost:1080" or whatever port. Then, when you make a ssh connection, add a "-D 1080" option to your ssh command that you issue at the client computer. In Terminal, type "man ssh" to learn more about the "-D" proxy tunnel option.

• Jconsole - remote connection thru ssh-tunnel

  Hi all,
  I need to start jconsole on my windows-box and connect to a remote tomcat-server thru an ssh-tunnel.
  I have walked thru various posts and blogs, but finally couldn't get it running.
  On the linux-server, I have set the following JAVA_OPTS:
  export JAVA_OPTS='-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=8888 -Dcom.sun.management.jmxremote.ssl=false -Djava.rmi.server.useLocalHostname=true -Dcom.sun.management.jmxremote.authenticate=false -Djava.rmi.server.hostname=myserver'myserver is the server-name that is resolved by the hostname-command. I also tried using localhost instead.
  On the client I run the following ssh-command to create the tunnel:
  ssh tomcat@myserver -L8888:myserver:8888 -N -vWhen I try to create a remote connection with jconsole using localhost:8888, I see the following output by ssh:
  debug1: Connection to port 8888 forwarding to myserver port 8888 requested.
  debug1: channel 1: new [direct-tcpip]
  debug1: channel 1: free: direct-tcpip: listening port 8888 for myserver port 8888, connect from 127.0.0.1 port 1618, nchannels 2It looks not too bad to me, but unfortunately, jconsole runs into a timeout after about 2 mins.
  On the server I see the following using netstat:
  tcp        0    168 myserver:ssh    mywindowsbox:3381  VERBUNDEN  
  tcp        0      0 myserver:ssh    mywindowsbox:1317  VERBUNDEN  
  tcp        0      0 myserver:44625  myserver:8888   TIME_WAIT  
  tcp        0      0 *:8888                      *:*                         LISTENIt appears to me that the tomcat-server is listening correctly on port 8888 for all incoming hosts (although localhost should be enough).
  Furthermore, it seems that the ssh-tunnel has been establised.
  Why the hell, jconsole still can't connect?

  Hiya.
  JMX connections use two ports. You need the RMI Registry and the RMI Stub. This first one you bound to port 8888, but the other one is probably still bound to a random port. You need to be able to access that one through SSH as well.
  Trouble is that the second port uses a random port and most application servers can't statically configure this one. See this article for possible solutions (be sure to read the follow ups as well) : http://blogs.sun.com/jmxetc/entry/connecting_through_firewall_using_jmx
  Cheers,
  Hugp

• Remote printing problem using ssh tunnel in Leopard

  Haho,
  I've recently installed Leopard, and I have unexpected difficulties with setting up remote printing to the printers of my University via ssh tunneling. The following procedure worked (and still works) under Tiger, but for some reason it doesn't work with Leopard (not just for me, but other friends also have the same issue as I do). The question is what could be the source of the problem and how could I get around it?
  So, I have the same short user name on my home Mac as my login name in the University system. Then, I set up the proper printers (IP printer, LPD protocol, Address: localhost, the appropriate queue and printer type etc.). Whenever I want to print from home to the University, I would open a Terminal window, and sudo ssh -L515:XXX.XXX.XXX.XXX:515 [email protected] . This is supposed to channel the printing which is sent to a localhost printer to the printers which can be reached through the University IP address.
  This method worked and works well under the latest version of Tiger, but not under Leopard (10.5, 9A581). I get no error messages, the printing seems to go through (at least no error seems to occur during spooling or logging in to the University with the terminal), but it simply doesn't prints out on the other end.
  I have no firewall or any other new network tools running which I'm aware of, and I'm not aware of any differences in the set-ups besides the change in the OS. The issue might be that of compatibility with the University printing system, but help in what exactly changed on the Mac side (something obviously did change) would help me a lot, especially since I don't think that the University technical crew would be very keen on (or competent in, for that matter) troubleshooting.
  Thanks in advance for your help!

  Had the same issue with MS Terminal Server printing over vpn tunnel.
  what kind of internet connection do you have? one which adds extra headers like pppoe ?
  for me ...
  sysopt connection tcpmss
  helped
  default is 1380 (1380 data + 20 TCP + 20 IP + 24 AH + 24 ESP_CIPHER + 12 ESP_AUTH + 20 IP = 1500 bytes)

• SSH Tunnel to other SSH servers?

  I'm not sure how this can be done, with or even without an SSH tunnel.
  Here's my scenario:
  PowerBook@Work --> Firewall --> INTERNET --> Linksys Router/Firewall with port forwarding to Mac mini home server --> Mac mini --> Other Mac clients
  Obviously I can SSH into my Mac mini server from my PowerBook at work:
  ssh [email protected]
  However, what I want to do is, to ssh to the Other Mac client on my home LAN from my Work LAN. So far I accomplish this by SSH'ing into my Mac mini server and then SSH'ing from there to my other Mac clients (which all have static 192.168.X.X addresses).
  I have tried the following and it's doesn't seem to work:
  ssh -N -p 22 [email protected] -R 2110/example.com/22
  With port 2110 forwarded from my Linksys to my Other Mac client. Doesn't work.
  I know this is one of those scenarios where I "can't see the forest through the trees". Meaning, there must be an easier way? Any help?

  Paul,
  sorry for my mistake. I forgot the "yes" in the commandline.
  I wouldn't put all the different ssh connections into aliases of my .bashrc. SSH offers the use of a config file. Put everything there. It's easier to maintain and the recommended way for ssh.
  Create a plain text file in ~/.ssh/config (for example with vi). And put the following stuff in there.
  Host nicknameforyourhost
  Hostname hostname.example.com
  User yourusername
  In Addition you might want to add one of these:
  Port 22
  Protocol 2
  Compression yes
  ForwardX11 yes
  You can even put portforwardings, reflections etc. in there.
  LocalForward 10548 127.0.0.1:548 To tunnel AFP on the server.
  LocalForward 10080 127.0.0.1:80 To tunnel to an webserver running on the host that is blocked by the firewall.
  To tunnel ServerAdmin, Workgroup Manager and Server Monitor Connections to the host (if it's running Mac OS X Server)
  LocaLForward 311 127.0.0.1:311
  LocalForward 625 127.0.0.1:625
  LocalForward 687 127.0.0.1:687
  You then connect your admin apps to localhost. This one has to be done as root, as you're forwarding privileged ports.
  To forward an http connection to the webinterface of your router through the tunnel. Provided your LAN Range is 192.168.1.0 and your router is located at 192.168.1.1.
  LocalForward 10080 192.168.1.1:80
  You then connect your browser to http://localhost:10080/ and it will go through the tunnel, and be reflected from the host you connected to via SSH directly to the router. That way you could access your routers config pages without activating remote administration which is of course a lot more secure.
  For your particular problem:
  Create one Host entry with the actual machine that you connect to.
  Host myserver
  Hostname myserver.example.com
  User yourusername
  Protocol 2
  Port 22
  Compression yes
  LocalForward 10080 192.168.1.1:80 see example with router above
  LocalForward 10022 192.168.1.100:22 to create a ssh portreflector for host 192.168.1.100
  This config will allow you to connect to your server and access your router like I described above and also create a tunnel for another ssh connection to 192.168.1.100. To access that machine, create a second config in that file just a few lines below.
  Host myothermac
  Hostname localhost
  User yourusername
  Protocol 2
  Port 10022
  To use all that you enter into your terminal:
  $ ssh myserver
  Password:
  and from a second terminal:
  $ ssh myothermac
  Password:
  You're directly taken to the othermac. You can put as many options in ther as you like. See the man page for SSH what else you can put into a config file. I hope by now is clear why not to use aliases in your .bashrc. Do some experimenting, you cannot hurt anything.
  You could also do that from a screen session or just background the first SSH session from the terminal but that would make things unnecessarily more complex for the examples given.
  Hope that helped.
  Regards MacLemon

• SSH Tunnel to an Oracle SQL Server

  Hi all,
  I am attempting to set up an ssh tunnel from my local machine to an Oracle SQL server operating on a remote computer, and use it to run a perl script to extract things from that database.
  My question is, do I need to have an SQL client on the local machine for this to work? The remote computer does not have the Oracle DBD installed, while the local machine does (hence running the script on the local computer), but will the DBD hand of requests correctly through the ssh tunnel to the SQL server on the remote machine without a client on the local one?
  Thanks!

  The data access is all happening on the Oracle machine right? Then no, all your local machine needs is an ssh client - that's it. After that all processing is running on the server.

• Attach ethernet port to SSH tunnel

  Anyone know if I can setup one ethernet port on a Mac Pro to provide DHCP/NAT and direct all traffic on that port to an SSH tunnel?
  What I want to be able to do is create an SSH tunnel to a proxy server and then have any device I plug into one of my ethernet ports go through that tunnel/proxy.
  I have the tunnel/proxy working by creating a network location with a SOCKS proxy server at 127.0.0.1 port 2001 and then doing ssh -D 2001, but not sure how/if I can connect it to the physical ethernet port plus provide DHCP/NAT as well.
  I have OSX Server 10.6.4 if that helps.

  Hin j.v.,
  It is possible to iChat Bonjour over a Virtual Private Network , yes.
  2:33 PM Thursday; May 4, 2006

• Why does my ssh tunnel drop when I switch on a system wide proxy

  The subject says pretty clearly what is puzzling me. After I establish a connection via ssh and initiate a tunnel for email access through a corporate firewall (using Apple Mail as the client and POP3 for the protocol), I find that enabling a system wide proxy (socks5, http, and https) via the same ssh tunnel causes the email to stop working. Upon switching, the http proxy (Safari) works fine -- e.g. the tunnel is healthy. This confuses me. The ssh link which hosts several tunnels is fine. I am forwarding local port 10025 and 10110 on the tunnel to a mail server behind the firewall. The socks5 proxy and http proxy are running on local ports 11080, 18080, and 18080, respectively. Why is Apple mail paying attention to the proxy settings at all? It would seem that since Apple Mail makes no attempt to connect (via the Activity window) that the link is dead, however, turning off the proxy brings the email tunnel back to normal. Wierd. Any advice? This is running on a normal 10.4 (not server), but I don't think there are any significant differences in behavior. I asked on the networking discussion, but got no response.

  Two things jump into my mind: poor WiFi signal strength on the desktop PC or a dirty OS installation on the desktop PC. I'm quite sure that this has nothing to do with the cisco VPN client itself.
  Assuming that you reach your remote workspace through the cisco VPN client it might also be that the remote part (the VPN concentrator) gets congested and drops your connection but than other employees would complain as well (can be checked with your ICT guys).
  The thing is: when you lose Internet connection on your laptop while surfing a web site and connection comes back again within no time you won't notice anything. If the same happens to a system constantly receiving encrypted packets and some are missing the VPN client will drop the connection. Completely different protocols (http/ipsec) that are differently prone to packet drops...

• Opening Multiple DB Connections to MySQL via SSH Tunneling

  I'm connecting to a MySQL database through SSH.  Specifically I'm using PuTTY to establish a connection, and then tunnel the port through 3306.  Then I'm creating an ODBC Data source to my local 3306 port and using that datasource to open the connection in LabVIEW.
  I'm looking to run queries in parallel, and to do that, I believe I need to open up multiple connections.  Has anyone tried this before? Is there anyother way to do this?

  Hi Jonathan,
  I wasn't able to find too many resources on using multiple connections to a MySQL through SSH.  
  I was able to find this:
  http://digital.ni.com/public.nsf/allkb/C49602A79827DDBE86256CE9005757D5
  that might give you some more information.
  I would try to open up multiple connections if the database supports it and try it that way.
  If you have any troulbe with that route, feel free to let us know.
  Sincerely,
  Bogdan Buricea
  Applications Engineering
  National Instruments
  Bogdan Buricea
  Applications Engineer
  National Instruments

• Details of setting up an SSH tunnel

  Hi all! Given the recent news about government spying and all, I thought this would be a good time to start securing my internet connection. I have a Rasberry Pi at home (also running Arch!), and when I'm out in the world I'd like to tunnel all my web traffic through ssh to it. Here's my setup so far:
  I created a 'tunnel' user on the Pi. Then I ran ssh-keygen on my laptop to generate tunnel_rsa and tunnel_rsa.pub, and copied tunnel_rsa.pub to /home/tunnel/.ssh/authorized_keys on the Pi.
  I installed ufw on the laptop and set it up to only allow SSH:
    Status: active
    To                         Action      From
    Anywhere                   ALLOW       192.168.0.0/24
    SSH                        LIMIT       Anywhere
    SSH (v6)                   LIMIT       Anywhere (v6)
    22                         ALLOW OUT   Anywhere
    22                         ALLOW OUT   Anywhere (v6)
  I installed proxychains on the laptop, and edited /usr/bin/{proxychains,proxyresolv} to point to their correct libs:
    export LD_PRELOAD=/usr/lib/libproxychains.so
  I wrote /etc/proxychains.conf to use localhost as a proxy:
    strict_chain
    proxy_dns
    tcp_read_time_out 15000
    tcp_connect_time_out 8000
    [ProxyList]
    socks5 127.0.0.1 9050
  I signed up for free DNS with no-ip.org, and set up my home router to update it. I also forward port 22 to the Pi from there.
  I installed autossh on the laptop.
  Now I can establish a tunnel from the laptop to the Pi like so:
    autossh -M $AUTOSSH_PORT -TND 9050 tunnel@$PI_IPADDR -v
  It's working great for the most part! The firewall rejects everything but SSH, and I can prefix commands with 'proxychains' to dynamically forward them through the tunnel. Once it's working consistently I'll put the 'export LD_PRELOAD...' line in /etc/profile.d/proxychains.sh to invoke it automatically.
  But there's one little problem. When I'm at a cafe or whatever, I have to disable ufw, agree to some random wifi agreement via browser, ping for the current ip address of my Pi, and then start the tunnel. Is there a good way to automate that or get around it?
  So far I'm thinking a post-connection script that:
    1) disables ufw or adds rules to allow DNS (port 53) and http (port 80)
    2) waits for successful ping to some website, signifying that I've got wifi working
    3) pings for the IP address of my Pi
    4) enables ufw or removes the extra rules
    5) starts the tunnel using autossh
  There's also the issue of detecting whether I'm on my home network, and if so changing $PI_IPADDR.
  Does that sound about right? Are there ways to improve it?
  Thanks!

  Perhaps you also need to look at:
         ConnectionAttempts
                Specifies  the  number of tries (one per second) to make before exiting.  The argument must be
                an integer.  This may be useful in scripts if the connection sometimes fails.  The default  is
                1.
         ConnectTimeout
                Specifies  the  timeout  (in seconds) used when connecting to the SSH server, instead of using
                the default system TCP timeout.  This value is used only when the target  is  down  or  really
                unreachable, not when it refuses the connection.
  and
  AUTOSSH_POLL
  Specifies the connection poll time in seconds; default is 600 seconds. If the poll time is less than twice the network timeouts (default 15 seconds) the network timeouts will be adjusted downward to 1/2 the poll time.
  My guess there is a large timeout somewhere.