SSH Tunneling is a very useful tool that can allow you to access on-campus resources by first going through a gateway machine. These examples all use neon.ess.washington.edu but should work on any machine that you have SSH access to, including the Dante & Homer servers provided by UW.

Access Single Port On Campus

This example allows you to open up http://localhost:9000 in your web browser and access a Hello World page from a P172 (on-campus only) server. For actual usage you would change example.ess.washington.edu to the real server name and port 80 to the port number for the resource you are trying to access.

ssh -p 7777 -L 9000:example.ess.washington.edu:80 netid@neon.ess.washington.edu
  • "ssh" - command we want to use to establish the tunnel
  • "-p 7777" - we connect to neon using the special port. For non-ESS machines you will not include this typically.
  • "-L 9000" - the local host we want to connect to, can be anything not in use and preferably over 1024
  • "dachshund.ess.washington.edu" - the server whose resources we want to access
  • "80" - the port of the resource we are accessing.
  • "nab8" - the username for the gateway machine, frequently a UW NetID for UW and ESS machines
  • "neon.ess.washington.edu" - the name or IP of the gateway machine.

Access Multiple Ports On Campus

This example allows access to multiple ports; in this example http://localhost:9000 and https://localhost:9001 (with ssl errors) in your web browser and access a Hello World page from a P172 (on-campus only) server. For actual usage you would change example.ess.washington.edu to the real server name and port 80 & 443 to the port numbers for the resources you are trying to access.

ssh -p 7777 -L 9000:example.ess.washington.edu:80 \
-L 9001:example.ess.washington.edu:443 netid@neon.ess.washington.edu

The key difference from above is that we continue adding -L LOCAL_PORT:REMOTE_MACHINE:REMOTE_PORT sections for each additional port we want to make accessible.

Practical Examples

Website

ssh -p 7777 -L 9000:example.ess.washington.edu:80 netid@neon.ess.washington.edu

Then you would visit 9000 in your browser.

RDP

ssh -p 7777 -L 9000:example.ess.washington.edu:3389 netid@neon.ess.washington.edu

Then you would enter the following for the "Computer:" in RDP Remote Desktop Connection

127.0.0.1:9000

VNC

ssh -p 7777 -L 9000:example.ess.washington.edu:5906  netid@neon.ess.washington.edu

Then you would enter the following for the Computer or IP in VNC Client

127.0.0.1:9000

SSH

ssh -p 7777 -L 9000:example.ess.washington.edu:22 netid@neon.ess.washington.edu

Then in a new terminal window you would enter

rsync -e "ssh -p 9000" /tmp/test.txt netid@localhost:/tmp/ # Rsync local files to example.ess.washington.edu
rsync -e "ssh -p 9000" netid@localhost:/tmp/test.txt /tmp/ # Rsync example.ess.washington.edu files to local machine

Advanced Examples

Sometimes there isn't a gateway machine that has direct access to the machine you want to access; in this case you may need to make an additional hop. In these examples secure.ess.washington.edu only allows connections from example.ess.washington.edu rather than the other examples which allowed anything on campus to access them.

VNC

ssh -p 7777 -L 5600:localhost:8000 netid@example.ess.washington.edu -tt ssh -L 8000:localhost:5906 -N secure.ess.washington.edu
  • comphelp/remote_access/ssh_tunnelling.txt
  • Last modified: 2016/10/24 22:12
  • by essach