Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Create secure Timbuktu connections Network
One of the nice things about having access to SSH is that you can port-forward a connection through an SSH tunnel and know that your connection is reasonably secure compared to an open data stream. Following the tips given on afp548.com, I was able to easily get Timbuktu to run through the SSH tunnel and connect to my home OS X machine by doing the following in Terminal:
ssh [servername or IP] -l username -L 10660:127.0.0.1:407 
Authenticate the SSH connection and once you are in, switch over to Timbuktu and enter the following in the connection name:
localhost:10660
You should immediately be connected to your remote Timbuktu host as if you were connecting through standard TB2 ports.

You can do a lot more with this handy trick; read through the rest of the article and get a feel for what can be done.
    •    
  • Currently 3.75 / 5
  You rated: 3 / 5 (4 votes cast)
 
[14,723 views]  

Create secure Timbuktu connections | 12 comments | Create New Account
Click here to return to the 'Create secure Timbuktu connections' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
We have a GUI for this too.
Authored by: Anonymous on Jun 18, '02 11:10:14PM

If this tip is of interest to you, take a look at www.afp548.com/vapor. This is a GUI for doing the SSH forwarding. While it doesn't have built-in support for Timbuktu yet, you have to specify that the remote port is 407, I should have a new version out the beginning of next week that has a nice pulldown menu for Timbuktu, smtp, pop, imap, smb, etc.

About the only thing that you really can't do with this is ftp since it uses a two port connection.

Joel

www.afp548.com



[ Reply to This | # ]
We have a GUI for this too.
Authored by: dfbills on Jun 19, '02 12:11:12AM

Joel:

It would be great if I could establish a two-way VPN connection. Is this possible? Once a connection is established in one direction, it really is a bi-directional connection. Is it possible to use this to create a tunnel back into a host which is firewalled?

Firewalled Host--->Open Host

then though this tunnel-

Open Host---> Firewalled Host ???


-d



[ Reply to This | # ]
We have a GUI for this too.
Authored by: Embro on Jun 19, '02 10:11:03PM

It's funny this should appear now. I've spent most of the day trying to get ftp to work through ssh. I need to use Dreamweaver's ability to post web pages to the defined site. I figured I should be able to do this by port forwarding 21 with ssh but it won't work. I guess it has to do with the two port issue. Is there some way to work around this?

Under OS9 MM suggests that you use MacSSH to set up port forwarding on port 21 and it should work. If that is true, and I haven't tested it, why won't ssh under osx do the same thing.

Any help would be greatly appreciated



[ Reply to This | # ]
We have a GUI for this too.
Authored by: legacyb4 on Jun 19, '02 10:53:25PM

Agreed on the two port issue for Vapor. Until Joel has time to further enhance that fine app, you can take a cue from his tip sheet and do a double port forward through Terminal and it should work (I believe); at least it works fine for apps like Carracho which run on dual ports.

ssh [servername or IP] -l username -L 10240:127.0.0.1:8080 -L 10241:127.0.0.1:8081

and connect using 127.0.0.1:10240.

Cheers.



[ Reply to This | # ]
We have a GUI for this too.
Authored by: legacyb4 on Jun 19, '02 11:43:03PM

Correction on that dual port forwarding for FTP... after reading up and testing it out, it doesn't work.

Still, it does work for other apps like Carracho.

Cheers.



[ Reply to This | # ]
We have a GUI for this too.
Authored by: Embro on Jun 20, '02 08:54:26AM

The problem is that I don't think you can know the other port beforehand. When you issue the ftp PASV (passive) command I think it returns the ports it's going to use. There is an SSH command -D that sets up dynamic forwarding. The man pages aren't very clear as to what it's used for except for SOCKS. This seems like it would be the kind of thing necessary as it would recognize that it is ftp and forward the ports accordingly.

Any other suggestions?



[ Reply to This | # ]
Works great for macs
Authored by: Anonymous on Jun 19, '02 07:11:23PM

But it won't work on windoze(ssh->vnc is the solution there). Problem is, the windoze variant of tb2 still uses the older method, where you authenticate over 407, then use 1418-21 (IIRC) to operate the various services. As a workaround, you can portforward to a mac behind your firewall or whatever, then tb2 into windoze boxes. Also, if you use the -C flag ssh will compress the data which will likely result in a significant speed improvement.



[ Reply to This | # ]
A note from the co-author...
Authored by: legacyb4 on Jun 20, '02 06:28:43PM

Just an fyi, I helped the author @ afp548 with the SSH. You can port map as many ports as you like. Just add another "-L :localhost:" You can add as many as you like. You are not limited to two.

Regards, and enjoy.
Fred



[ Reply to This | # ]
ssh tunnel over http
Authored by: icenyne on Jul 04, '02 02:43:16AM

At work, I'm behind a firewall that precludes using ssh alone, so
I run ssh throught httptunnel. The 3.3 version compiled with some
warnings but works. I have been able to VNC, web and whatever else
I can forward throught ssh. I even got full duplex audio with netFone to
work over ssh on top of httptunnel.

The source is available at http://www.nocrew.org/software/httptunnel.html



[ Reply to This | # ]
RE: Create secure Timbuktu connections
Authored by: trancelgic on Dec 05, '02 05:52:03PM

Are you sure about this? I can't get this to work. I don't think that an SSH tunnel can do UDP, only TCP. Am I wrong?

trancelgic


Create secure Timbuktu connections
Tue, Jun 18 '02 at 10:03PM • from: legacyb4
One of the nice things about having access to SSH is that you can port-forward a connection through an SSH tunnel and know that your connection is reasonably secure compared to an open data stream. Following the tips given on afp548.com, I was able to easily get Timbuktu to run through the SSH tunnel and connect to my home OS X machine by doing the following in Terminal:
ssh [servername or IP] -l username -L 10660:127.0.0.1:407
Authenticate the SSH connection and once you are in, switch over to Timbuktu and enter the following in the connection name:
localhost:10660
You should immediately be connected to your remote Timbuktu host as if you were connecting through standard TB2 ports.

You can do a lot more with this handy trick; read through the rest of the article and get a feel for what can be done.




[ Reply to This | # ]
RE: Create secure Timbuktu connections
Authored by: legacyb4 on Feb 03, '03 12:03:11AM

I am assuming you are using Timbuktu for Mac, not PC. The PC version requires use of UDP ports which negates the use of TB2...

If you want though, you can forward to a Win2K server or XP Pro box by changing 127.0.0.1 to the remote host IP address and use Remote Desktop Client (port 3389) to connect through Terminal Services.



[ Reply to This | # ]
Create secure Timbuktu connections
Authored by: Mars_Artis on May 08, '07 03:30:47PM
Actually if you want to tunnel OUSIDE your LAN, this is the correct syntax:

sudo ssh -l outsideUSER outsideIP -N -R port:127.0.0.1:port -g sleep 9000000

where:
- outsideIP is the WAN ip of the computer FROM which you wish to control your server (Local)
- outsideUSER is the user on the computer with outsideIP
- port is the port you set the server application to be running (please note that lower ports like 407 etc are not available for tunneling, you should choose ports over 4000 or so. I'm not sure but lower ports could be tunnelled only by root user.)
-sleep 9000000 ensure that the ssh tunn eling does not drops for timeout

u'll be asket twice for a password: the first for the local su, the second for the outsideUSER

note that the -N option makes the terminal window not accept furhter commands so just minimize that window and don't close it otherwise the tunnel would drop

this way you make the computer in the LAN, beihnd a firewall or NAT, to be accessible by the tunnelled computer which is not on the LAN. this is working for Timbuktu.
Thx to Barone Rosso for helping me in discovering the rite syntax

[ Reply to This | # ]