Ssh – How to assign a hostname to SSH tunnel

portsshtunneling

I'm using
ssh root@my.server.ip -g -L 4321:localhost:28017
to establish a tunnel from my MacBook to my dedicated server at my hosting provider. It works well. Now I want to access several admin sites on the remote server (a MongoDB status page, a RabbitMQ page etc, all on different ports). All of them are bound to 127.0.0.1 on the remote machine. How can I tweak this ssh command to

assign a name to the tunnel and use e.g. "my.tunnel.name" in my browser
to be able to define the remote port in my browser; I would like to connect to my.tunnel.name:port, in order to be able to call the different sites

Is this possible with ssh? I've read the man pages and googled around for two days now, but it does not seem to work.

–edit 2012-06-01 23:36–
Thanks to the provided answers and comments the port forwarding works now using

ssh user@remote.server -D 4321

I can set this up as a proxy in my browser and the browser will treat any request to localhost:anyport as if it was made on the remote server. Using a name is now not necessary, since the browser is for remote server sites only.

Best Answer

What you describe is not possible. But there's still good news:

What is possible however is to establis a Dynamic connection with the SSH Server. This will open a port on your local computer to which you can point the Proxy setting of your Browser and allow you to use the tunnel as a proxy server. But you have to type a hostname/ip and port into the browser as if the browser were running on the machine the SSH Server is on.

Command looks like this: ssh user@server.example.com -D 1234
Then point your browser's proxy to localhost:1234.

So if you tunnel into Server A, and want to connect to server B, you type into your browser whatever address you would type into a Browser running on Server A. If a browser running on server A could not connect to Server B (if the process on Server B only listens on 127.0.0.1) then you still couldn't connect. It sounds like you just have the one server, but I wanted to be sure this was clear.

If you just have the one server, you tunnel into it with the Dynamic connection, set your proxy. You will then be able to type "localhost:1234" (for example) into the browser and it will connect to the service running on the remote server on port 1234.

Securit Side Note: Never never never setup a server where root can SSH in! Serious security flaw. Create a normal user account (who is allow to su or sudo) and SSH in as that user.

Related Solutions

SSH over SSH Tunnel

You'll need to make sure it's a reverse tunnel, so under SSH->Tunnels ensure the buttons at the bottom say "Remote" and "Auto (or IPv4)". I couldn't get this working however so I'd be interested to see what the problem was.

Ssh – How to automate SSH login with password

Don't use a password. Generate a passphrase-less SSH key and push it to your VM.

If you already have an SSH key, you can skip this step… Just hit Enter for the key and both passphrases:

$ ssh-keygen -t rsa -b 2048
Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/username/.ssh/id_rsa.
Your public key has been saved in /home/username/.ssh/id_rsa.pub.

Copy your keys to the target server:

$ ssh-copy-id id@server
id@server's password:

Now try logging into the machine, with ssh 'id@server', and check-in:

.ssh/authorized_keys

Note: If you don't have .ssh dir and authorized_keys file, you need to create it first

to make sure we haven’t added extra keys that you weren’t expecting.

Finally, check to log in…

$ ssh id@server

id@server:~$

You may also want to look into using ssh-agent if you want to try keeping your keys protected with a passphrase.

Best Answer

Related Solutions

SSH over SSH Tunnel

Ssh – How to automate SSH login with password

Related Topic