SSH, X & Tunneling

When using a UNIX variant you interact with the system using a shell. SH, BASH, ASH, etc... SSH allows you to remotely login to a system securely. All the traffic is encrpyted, which makes it far harder for people to listen in and see what you are doing.

If you are using a UNIX system, you should be able to run the command `ssh user@host` to connect.

If you are using Windows, then Simon Tatham has been kind enough to write a fantastic SSH client (Putty).
With Putty, you enter the username and host into the "hostname" box with the same format 'user@host'

Once you are connected you have to remember that any program you run, will run on the remote machine, NOT the local machine. If the program makes use of any hardware, then again, the hardware will be that of the remote machine.

X is the display system that UNIX machines use. X brings together the keyboard, mouse and display and allows us to graphically interact with the system using a GUI. X has been designed with great features, such as forwarding. I can start an X session on this computer, and have the windows appear on another computer.

It doesnt have a built in window manager, instead window manangers are run like normal programs, and provide functionality like maximize, minimize, resizing and virtual desktops. KDE and Gnome are the most common, but there are thousands out there. My personal favourite is evilwm. People often seem to identify 'Linux' by the nice graphical interface. So when they arrive at a system running KDE, having been sat infront of Ubuntu (which uses Gnome), they say "this isn't linux!" - oh help...
Sorry for the rant!

If you are running Windows and want to run X, then Xming is just for you!
It allows you to forward an X session from a remote UNIX system to your computer!

Now for the magic! Put yourself in my shoes. I live off campus. Some of the sites are avaliable from inside the campus only. Problem? No problem! We can use port forwarding for get our way inside the network.

In the diagram to the right, I use the SSH server that is publicly accessible to connect to the network. Then I tunnel a connection through to the intranet server. As far as the intranet server knows I am connecting to it from the SSH server and I am able to get all of the 'inside-only' pages.

This is not only useful for getting at web pages, you can tunnel a Windows remote desktop connection, a UNIX X session, nfs shares, virtually anything.

But how? Its very simple. First of all there are 2 directions you can tunnel. From the computer you are sat at, and to the computer you are sat at. The trouble with tunneling to this computer is that most servers don't allow it, because it requires them to open a socket which could create problems with wrong identity etc if you are sneaky.

With Putty

Navigate to the 'Tunnels' tab in the tree (Connection -> SSH -> Tunnels) and add some ports to forward.
The source port is the port you want to listen on.
Destination is in the format hostname:port and is from the point of view from the server. You can use DNS names or IPs.
Selecting 'Local' will listen for connections on this computer and forward them.
Selecting 'Remote' will listen for connections on the server (this is usually disabled).

To forward the X session of the server, go to the 'X11' tab (Connection -> SSH -> X11) and tick the 'Enable X11 forwarding' box. Enter 'localhost' in the display location box, and your ready to go (don't forget to start Xming before you connect!).

With SSH and a shell

With the 'ssh' command its very similar, you just append the options you want to your initial 'ssh user@host' command.
'-Lport:host:hostport' forwards port port on this computer to host:port from the servers point of view.
'-Rport:host:hostport' forwards port port on the server to host:port on this network - from your computers point of view.
'-X' enables X forwarding. Any X applications you run on the server will appear on this display.

An example command that would allow us to connect to the internal intranet and use X apps from home would be:
'ssh user@theoffice.com -L16080:intranet:80 -X'
To connect to the intranet goto 'http://localhost:16080/' (port 16080 because you would need root priviliges to create a socket listening on port 80, and might be running a web server anyway...).