How do I create an SSH tunnel?


The SSH protocol is a useful tool available on all our servers which allows our customers to access the command prompt on our server over an encrypted connection (whereas telnet communications are un-encrypted and can be read easily over the Internet).


However, unlike telnet, SSH also offers a number of extra features over and above just access to a command prompt:



  • Secure File Transfers
    Using the SCP and SFTP sub-systems, you can transfer files securely between two remote computers (SFTP is the most wildly supported on Windows systems and support in FTP programs has been growing recently); and

  • Port/Protocol Tunneling
    The protocol can establish a link from a free port of your choice on your system and another port on a remote system. When a connection is requested on the port on your system, the data is 'read', transmitted over the SSH protocol (encrypted), and on the remote computer, is 'written' to a port specified.


In this article, we'll be looking at the Port Tunneling option.


Why do we need SSH tunnels?


Normally you wouldn't. Most of our main protocols support encrypted communications to protect your traffic (currently these are SSH, SMTP, IMAP/POP3, HTTP and Plesk). However, there are some cases where the ability to redirect a port is useful - namely when working with database servers.


As detailed in the following Knowledgebase article, remote access to the database servers has been disabled by Plesk, and consequently by us, as the server will reject all connections apart from those that come from the server itself.



By redirecting the port you overcome the two restrictions in establishing a connection: First, you will be connecting to localhost on your system, which is then redirected as localhost to the remote system - all communications will appear to both systems as though it comes from their computer & hence match the host valid in the user's configuration, allowing you to log on.


Secondly, although you're using a port blocked by the firewall, because the communications are done over the SSH protocol, which isn't blocked, and the traffic is carried within the SSH protocol, the firewall will accept the traffic, allowing it to flow and for you to talk to the database server.


How do I establish a tunnel?


How you establish a tunnel will depend on which system you're on. Below is a list of the different operating systems and how to connect.


Note: SSH is not enabled by default on any account. For details about this, and how to get access enabled, please see:

Can I have access to the command line (i.e. SSH)?


Linux/Unix (and Mac OS/X)


The easiest systems are Linux/Unix-based systems (of which Mac OS/X is a derrivative), as almost all distributions now come with the ssh program (along with the scp and sftp programs) by default. All you need to do is to load up a terminal session (or command prompt) on your system and run the following command:


# ssh -l username -L1234:localhost:2345 server.jabservers.co.uk

where username is the FTP username for your domain's master FTP account (the one with SSH enabled on), 1234 is the source port on your system (see below for a list of ports), 2345 is the destination port (can be the same as, or different to, the source port) and server.jabservers.co.uk is the name of the server you are connecting to.


For example:


# ssh -l jabwebsolutions -L3306:127.0.0.1:3306 gamma.jabservers.co.uk

will connect to gamma.jabservers.co.uk, using the username jabwebsolutions, redirecting the MySQL port.


When the program is run, you will be connected to the server via a command prompt. So long as the command prompt is open and you can see the console, it will forward the port for you. To exit, either shut down the window (if opened in a window), or type exit at the command prompt.


Windows


For Windows, you will need to obtain the PuTTY program (freely available from Simon Tatham's Web Site, as well as our PuTTY 0.59 download page).


Once installed, run the PuTTY program and you will be presented with a small window, with a list of options of the left and a number of fields for details on the right:



  • At the top of the page, under 'Host Name (or IP Address)', enter the name of the server you are connecting to (e.g. gamma.jabservers.co.uk), and make sure that 'Port' has 22, and 'SSH' has been selected.

  • From the 'Category' list on the left-hand-side, select 'SSH' from under 'Connection', and a new set of options will appear.

  • Under 'Protocol options', tick the check-box for 'Enable compressions' and select '2 only' under 'Preferred SSH protocol version'.

  • From the 'Category' list, scroll down and select 'Tunnels' from under 'SSH'.

  • Under 'Add new forwarded port', enter the port number for Source port, for example, 3306 for MySQL, and enter 127.0.0.1: (note the :) followed by the destination port (e.g. 127.0.0.1:3306 for MySQL). Under 'Destination', both 'Local' and 'Auto' should be selected. Click 'Add'.

  • You should now see 'L3306 127.0.0.1:3306' in the list of forwarded ports. If you wish to remove an entry, select the line and click 'Remove'.

  • Finally, click 'Open' at the bottom to establish the connection.

  • If you want to save the connection's details to use again in the future, scroll back up the 'Category' list and select 'Session' (above 'Logging'). In the field under 'Saved Sessions', enter a name for the connection and click 'Save'. The connection will appear in the list and the next time you open PuTTY, you can double-click on the name to load the settings and open the connection.


When you connect, you'll be asked for your username and then your password in order to log on. Again, as with Linux/Unix above, so long as the window is open and you can see the console (and PuTTY doesn't show '(disconnected)' in the title bar), it will forward the port for you. To exit, close down the window or type exit on the command-prompt.


List of Ports


Below is a list of ports which you may use this technique with:



  • 3306: MySQL

  • 5432: PostgreSQL

  • 125 Usuários acharam útil
Esta resposta lhe foi útil?

Artigos Relacionados

How do I set-up custom error pages in Plesk?

There are two different ways to display error messages using Plesk on Linux. The first is...

How do I set-up custom error pages using .htaccess?

There are two different ways to display error messages using Plesk on Linux. The first is through...

What is Hotlinking and how do I prevent it?

If you notice a surge in the traffic coming to your site, it may not be because you are receiving...

What is an injection-based Spam attack?

Many of the older techniques for sending Spam out via remote servers either involves searching...

How do I create a cron job?

A cron job (run by the cron daemon, or cron service) is a request for the server to run a...