Yet Another Linux Blog

Here are two tricks I’ve used recently. OpenSSH is indeed the swiss army knife of utilities.

Both of these tricks require a machine that has sshd running and that is on the network you want. Luckily, I have SSH access to many machines around the world.

Went outside of the country and wanted to listen to Pandora. But Pandora doesn’t allow streaming outside the US. Want to have all of your web traffic go through a machine in the US? Just use an ssh “dynamic proxy”. I use OpenSSH in conjunction with Chromium. So simply “ssh -D local_port user@host_in_the_US”. E.g. if you use 1080 for local_port, you’ll have a SOCKS5 proxy available on localhost:1080, and all traffic to that port will go to host_in_the_US and from there to the Internet. Then I also do ‘chromium-browser –proxy-server=”socks5://locahost:1080″‘ and bam, streaming Pandora (or access to any other webapp that whitelists IPs).

Second use is a reverse SSH tunnel that allows a connection to a machine that’s otherwise not accessible from the Internet. E.g. a machine on someone’s private network that can connect out, but is firewalled off from the outside. Again, you need a host on the Internet that has sshd and that the private machine can connect out to. So: hostA is on a private network. hostB is on the Internet. hostA can connect to hostB, but hostB can’t connect to hostB (because of NAT or firewall or whatever). From hostA, do “ssh -R 10022:localhost:22 user@hostB” Then port 10022 on hostB will forward traffic to port 22 on hostA (or another host on the private network if you use something other than “localhost”). Then, you can ssh to hostB, then “ssh user@localhost -p 10022″ which will actually connect you to hostA. These instructions were adapted from here.