| View previous topic :: View next topic |
| Author |
Message |
soldstatic
Guru
Joined: 02 Jun 2006
Posts: 305
|
 Posted: Sun Jul 09, 2006 5:19 pm Post subject: webbrowsing over SSH |
 |
|
Basically I have a router that I can set to allow anyone to access the webpage for setup or only people on internal network. I'd like to be able to access this setup from accross the web but not through the actuall web interface like it wants.
I'd like to SSH to a computer on the internal network, then use links or another browser to go to the router set up page. Only problem is, links can't do frames and the router set up page has frames. Links in text mode would be perfectly fine but I can't see the whole page when I use it... are there any other types of browsers that can be run through ssh in a "text mode" type way so I don't have to connect to the xserver? |
|
| Back to top |
|
 |
ld50
Tux's lil' helper
Joined: 13 Feb 2005
Posts: 135
|
| Posted: Sun Jul 09, 2006 5:38 pm Post subject: |
|
|
You could use port forwarding:
| Code: |
ssh -L 80:router_address:80 user@ssh_server_address
|
Notice port 80 will be listening on your local machine, so open http://localhost in firefox
also, edit /etc/hosts and put this line:
127.0.0.1 router_address
This way the webpage will be browsable |
|
| Back to top |
|
|
soldstatic
Guru
Joined: 02 Jun 2006
Posts: 305
|
| Posted: Sun Jul 09, 2006 7:50 pm Post subject: |
|
|
well see the desktop is running apache2, mysql, and ssh. Then the router is forwarding the appropriate ports, port 80 and 22. Then if I'm out of the home (not on the local LAN), I can't access the router. Sometimes i don't want to leave the router's port forwarding on so i'd like to be able to ssh into my desktop, then access the router through the LAN so I can turn off the port forwarding on it. Granted this would kick my SSH session closed but oh well.
Basically if I'm at work I'd like to be able to access my computer so I'd turn on the apache server and then turn on the port forwarding on my router. Then at the end of the day I'd like to go home or something but if I'm not going home I'd like to turn the router's port forwarding off so that my desktop is even more protected.
And this way I could always leave the SSH on and SSH port forwarded and if I'm out of the house and want to turn on the webserver and everything, I could do it all over SSH but in order to change the port forwarding onthe router I have to access it through a web-interface type thing... :-/ |
|
| Back to top |
|
|
snis
Tux's lil' helper
Joined: 03 Mar 2003
Posts: 93
Location: Stockholm, Sweden
|
| Posted: Mon Jul 10, 2006 7:10 am Post subject: |
|
|
Id50 told you the solution.
With SSH you have a possibility to tunnel ports.
So by doing the following:
| Code: |
ssh -L 80:192.168.0.1:80 user@ssh_server
|
The above will start an SSH session with your SSH server and it will also tunnel port 80.
So when you on the SSH client access localhost at port 80, it will be tunneled through the SSH and over your local LAN to 192.168.0.1 port 80.
This way you will be able to start Firefox (or whatever) and point it to http://localhost:80/
And you will get the page from 192.168.0.1.
I use this daily from my work, but I use it to forward to my Squid proxy at home, this way I can point my broswer to use a proxy at locahost and all my internet browsing will be encrypted in a SSH tunnel and my boss can't see how much or what pages I visit. |
|
| Back to top |
|
|
soldstatic
Guru
Joined: 02 Jun 2006
Posts: 305
|
| Posted: Mon Jul 10, 2006 1:11 pm Post subject: |
|
|
| oh so that wont tunnel ssh on a different port, itll just tunnell the lan's port 80 to my computer? but it'll leave the other settings alone so i can still do the webserver thing w/o ssh-ing into it? |
|
| Back to top |
|
|
soldstatic
Guru
Joined: 02 Jun 2006
Posts: 305
|
| Posted: Mon Jul 10, 2006 1:25 pm Post subject: |
|
|
ok and I can't do that. privileged ports can only be forwarded by root. :-/
currently what I'm doing is sshing out of my network andthen back in so I can't control the computer i'm actually trying to ssh in on, so once I get to work though I'll try from there and see if it'll work.
I also need to know how to get the computer back to normal? does exiting the ssh bring it back to normal?
and can you clarify that command's syntax, ie my guess:
ssh -L loaclport:user@domain:hostport
right? |
|
| Back to top |
|
|
soldstatic
Guru
Joined: 02 Jun 2006
Posts: 305
|
| Posted: Mon Jul 10, 2006 2:19 pm Post subject: |
|
|
well i still can't figure out the -L thing cause I keep getting "only root" can do that etc etc.
i'm trying -X though to forward the X session or whatever. This appears to work cause i start links with links -g, but i can't get firefox to start... any ideas on that one? |
|
| Back to top |
|
|
soldstatic
Guru
Joined: 02 Jun 2006
Posts: 305
|
| Posted: Mon Jul 10, 2006 2:24 pm Post subject: |
|
|
| well -X works fine, its just ridiculously slow. I'd like to figure out the port forwarding though... |
|
| Back to top |
|
|
skryking
n00b
Joined: 18 Feb 2003
Posts: 6
|
| Posted: Mon Jul 10, 2006 2:32 pm Post subject: |
|
|
use this command
ssh -D 9999 yourhost.org
then go into firefox and under the General settings setup your connection to use a socks v4 connnection pointing to localhost:9999
like this
Skryking |
|
| Back to top |
|
|
soldstatic
Guru
Joined: 02 Jun 2006
Posts: 305
|
| Posted: Mon Jul 10, 2006 2:46 pm Post subject: |
|
|
ok well i can run the -D command but when i do like you say with firefox I get
"Connection Reset" everywhere and i can't browse internet at all... |
|
| Back to top |
|
|
soldstatic
Guru
Joined: 02 Jun 2006
Posts: 305
|
| Posted: Mon Jul 10, 2006 2:48 pm Post subject: |
|
|
nevermind, i had accidentally closed the ssh session, that works perfectly.
Thanks alot!!!!!!   |
|
| Back to top |
|
|
jh294
n00b
Joined: 27 Jan 2004
Posts: 13
Location: Toronto, Canada
|
| Posted: Mon Jul 10, 2006 3:31 pm Post subject: |
|
|
| Quote: | | Basically I have a router that I can set to allow anyone to access the webpage for setup or only people on internal network. I'd like to be able to access this setup from accross the web but not through the actuall web interface like it wants. |
SSH is your friend! As other posters have pointed out, you can use SSH port forwarding to accomplish this. Time for a couple of assumptions:
1) Your router's IP address on the INTERNAL network is 192.168.0.1 and the configuration daemon is listening on port 80.
2) You can SSH to a machine on the internal network and the name of the machine is "ssh_server"
3) Your current localhost is outside of your internal network
4) You do not have root access on either localhost or "ssh_server"
On your localhost, enter the following command: | Code: | | ssh -L22334:192.168.0.1:80 ssh_server |
At this point you should see an SSH session with "ssh_server". To access the web based GUI on the router from your "localhost", open a browser (any browser will work) and point it to http://localhost:22334.
Possible problem area:
Cannot bind to port 22334 on the localhost. This means another porcess is already using that port. Pick another port and remember to adjust the browser URL to reflect the new port.
Explanation of the SSH command:
- Connect to ssh_server.
- Forward all traffic received on localhost port 22334
- To the SSH session currently running on "ssh_server"
- The SSH process running on "ssh_server" will forward this traffic to IP address 192.168.0.1 port 80
Note: The second parameter of the -L option is resolved by the target node. In this case. "ssh_server" will connect to what it believes to be 192.168.0.1 or whatever host name you supplied in the initial SHH command.
Have fun!
_________________
--
If XP is the answer, you didn't understand the question. |
|
| Back to top |
|
|
soldstatic
Guru
Joined: 02 Jun 2006
Posts: 305
|
| Posted: Mon Jul 10, 2006 7:03 pm Post subject: |
|
|
| yea true all that, problem was I couldn't do -L because of something to do with root. Don't really know what was goin on but -D worked and using that and then manually setting up firefox to proxy w/ the other port worked great. Success! |
|
| Back to top |
|
|
jh294
n00b
Joined: 27 Jan 2004
Posts: 13
Location: Toronto, Canada
|
| Posted: Wed Jul 12, 2006 1:28 pm Post subject: |
|
|
The problem you are having is with a low port number used on the local system. Ports below 1024 are considered "privileged ports" and can only be opened by root.
If you changed the first number the "-L" in your SSH command to something higher than 1024, everything should work fine. That is why my previous example used port 22334.
Have fun.
_________________
--
If XP is the answer, you didn't understand the question. |
|
| Back to top |
|
|
soldstatic
Guru
Joined: 02 Jun 2006
Posts: 305
|
| Posted: Wed Jul 12, 2006 1:35 pm Post subject: |
|
|
| gotcha, also would explain why -D worked for me (cause i used 9999) while in the man pages the description says -D can use priveledged ports as well. |
|
| Back to top |
|
|
weaksauce
Apprentice
Joined: 17 Nov 2005
Posts: 204
Location: NYC
|
| Posted: Thu Jul 13, 2006 7:18 pm Post subject: |
|
|
The best method I've found (which is MUCH faster than X-forwarding) is to type, on the client,
| Code: |
xhost +
ssh youruser@hostipaddress
export DISPLAY="clientipaddress:0"
|
The :0 on the end of the client ip address is necessary.
This works like x-forwarding does, but it's NOT ridiculously slow. |
|
| Back to top |
|
|
soldstatic
Guru
Joined: 02 Jun 2006
Posts: 305
|
| Posted: Thu Jul 13, 2006 7:26 pm Post subject: |
|
|
| i like the other idea of just doing the port forwarding. that suffices and doesn't require too much overhead. thanks though! |
|
| Back to top |
|
|
Zarhan
Veteran
Joined: 27 Feb 2004
Posts: 1016
|
| Posted: Thu Jul 13, 2006 11:12 pm Post subject: |
|
|
| weaksauce wrote: |
This works like x-forwarding does, but it's NOT ridiculously slow. |
And is also completely unencrypted and available for everyone to see. |
|
| Back to top |
|
|
|
Networking & Security
