Recent Changes - Search:
Ssh /

Tunnel

OpenSSH can offer a variety of tunnels. It's quite a small, available and fast tunnel toolbox. We assume your destination host is called potatobox and your username is always same with one in potatobox.

  1. DynamicForward

OpenSSH ships with a built-in socks5 server when called with -D argument. The server must allow it in sshd_config.

The following command creates a socks5 proxy available in localhost:1080, programs such as firefox or chromium can make use of this proxy, for programs that doesn't understand socks5 proxy, you may use proxychains: 

$ ssh -D 1080 potatobox

Note that this proxy is not available to other hosts, since it's listening on localhost.

BitlBee SSH Tunnel

It is essential to access BitlBee through an SSH tunnel for security. When BitlBee is running on your VPS listening only on localhost (127.0.0.1), it is never exposed to the internet. The SSH tunnel lets you access it securely from your local machine.

Basic Tunnel

$ ssh -L 6667:127.0.0.1:8171 user@example.com

This forwards your local port 6667 to the VPS's 127.0.0.1:8171 where BitlBee is listening. Keep this terminal open while using BitlBee.

Then connect your IRC client (e.g. irssi) to: 

Host: 127.0.0.1
Port: 6667

Background Tunnel (no open terminal)

Add the -fN flags to run the tunnel as a background daemon:

  • -f — forks the process to background
  • -N — no remote shell, tunnel only 
$ ssh -fN -L 6667:127.0.0.1:8171 user@example.com

~/.ssh/config (recommended)

Instead of typing the full command every time, add an entry to your ~/.ssh/config: 

Host bitlbee-tunnel
    HostName example.com
    User youruser
    IdentityFile ~/.ssh/yourkey
    LocalForward 6667 127.0.0.1:8171
    ServerAliveInterval 60
    ServerAliveCountMax 3
    ExitOnForwardFailure yes
  • ServerAliveInterval — sends a keepalive every 60 seconds so the tunnel does not drop on idle
  • ServerAliveCountMax — drops connection after 3 missed keepalives
  • ExitOnForwardFailure — exits if the port forward fails (e.g. port already in use)

Then simply run: 

$ ssh -fN bitlbee-tunnel

Notes

  • Make sure your SSH key is loaded (ssh-agent) so the tunnel connects without a password prompt
  • BitlBee must be configured with DaemonInterface = 127.0.0.1 on the VPS — never expose it directly to the internet