Your Ad Here

Use SSH to Create Secure Tunnels for File Transfers (SFTP), Remote Desktop (VNC), Subversion (SVN), and Firefox Traffic [Mac Guide]

By Franklin Davis on Jan 4, 2008 filed under Apple, Guides, Linux | Comments

tunnel.jpgThis guide will show you how to access a computer located on your home network from outside of your local area network. For the purposes of this guide, let’s assume we are trying to access a HOME SERVER such as a Mac Mini located on your home WiFi router. The home computer could just as easily be a Ubuntu, or similarly flavored Linux machine. The first thing that we will need to do is determine your home IP address, and then we will setup port forwarding on your wireless router. Keep reading to get started with this process or go here to learn how a SSH Tunnel works.



The easiest way to determine your outside IP address is by visiting a site such as www.whatismyip.com. Write this number down but keep in mind that this number may change from time to time depending on your ISP. However, if you don’t turn off your cable or DSL modem, then your IP address shouldn’t change that often. For the remainder of this guide, let’s assume your home IP address is 64.3.10.24 and your username on the home machine is USER. You’ll see USER@64.3.10.24 occurring in each of the terminal commands below.

Enable Remote Login or SSH Daemon

This is really easy on a Mac and not too difficult to figure out on a Linux machine. For a Mac, visit System Preferences - Sharing and enable Remote Login. While you are in this window you can also enable Screen Sharing if you want to be able to access the machine using the VNC protocol. If you are running Linux, a quick Google search will turn up plenty of guides or you can get started here.

Enable SSH Port Forwarding

For the purposes of this guide we only need to enable forwarding of the port used by SSH. Once this is established we will be using SSH to create secure tunnels for the other functions. Before we begin, determine the IP address of your HOME SERVER. This can be done on a Mac by going to System Preferences - Network. Let’s say your HOME SERVER has the local IP address of 192.168.1.111.

Log on to your wireless router by entering 192.168.1.1 in a browser - preferably Firefox. From here the directions will vary from router to router but you need to find the Port Forwarding area. If you have trouble you might want to visit Portforward.com for router specific directions. For example your settings might look something like the following
port forwarding
For this example, set the Port From field to 6111, the IP Address field to 192.168.1.111, and the Port To field to 22; save the changes and let’s give it a try. Open up a Terminal and enter the following command,

ssh -p6111 USER@64.3.10.24

If everything is setup properly your router will now forward the traffic directed to port 6111 to port 22 on your HOME SERVER and you should be prompted for your password. Voila!


SFTP Access via FTP Client

cyberduckNow you should be able to use a FTP client capable of the SFTP protocol (such as cyberduck) to access the files on your home machine. Simply enter the IP address (e.g. 64.3.10.24) and port number (e.g. 6111), followed by your username and password and you should have access to files on your HOME SERVER.
cyberduck-settings.png

Secure Remote Desktop Access

cyberduckThis next command will allow you to use a VNC client such as Screen Sharing in Leopard, Apple’s Remote Desktop, or Chicken of the VNC to remotely access the home machine via the graphical user interface (GUI) as if you were actually sitting in front of the machine. At the Terminal prompt enter the following,

ssh -NfL 1024:127.0.0.1:5900 USER@64.3.10.24 -p6111

Now open Screen Sharing or a similar VNC client and connect to 127.0.0.1:1024 and you should see your HOME SERVER.
vnc-settings.png

Access Your Local Subversion Repository from the Road

svnxI highly recommend using Subversion (SVN) to keep non-destructive versions of your work, whether it be code or just a paper you are working on. This guide won’t cover how to get started using SVN but rather show you how to access your repository from anywhere. Since SVN uses port 3690 we simply need to create a tunnel using that port both locally and remotely. For example, you could enter the following command,

ssh -NfL 3690:127.0.0.1:3690 USER@64.3.10.24 -p6111

Then you can access the repository via svn://127.0.0.1/YOUR-SVN-PATH

Secure Web Traffic when Traveling

svnxSuppose you are traveling and are using Starbucks’ or perhaps a hotel’s wireless connection. Most of your traffic over this network is susceptible to sniffing by potentially malicious people. If you want to log on to your bank I’d recommend creating a secure tunnel to send your web browser’s traffic through your home internet connection.

First enter the following command,

ssh -D 9999 -p6111 USER@64.3.10.24

then go to Firefox’s Preferences, Advanced, Network then click on Settings. Select manual and enter the following settings
firefox-settings.png

Now you’ll want to visit www.whatismyip.com again to confirm that you see the IP address of your HOME SERVER. If so, then everything is working and you can browse with confidence knowing you are secure.

That’s It, Enjoy!


Viewing 21 Comments

 

Trackbacks

(Trackback URL)

close Reblog this comment
Powered by Disqus · Learn more
blog comments powered by Disqus

© Copyright Zaphu 2007. All rights reserved. -- Valid XHTML

Sitemap XML Sitemap XHTML