Choose your language :
STM 2.1.3

SSH Tunnel Manager is a tool to manage SSH Tunnels (commonly invoked with -L and -R arguments in the console). With SSH Tunnel Manager you can set up as many tunnels as you wish, each one containing as many port redirections as you wish. Once tunnels are configured, all you have to do is Start, or Stop the tunnels.

What are SSH tunnels ?

SSH Tunnels are a secure way to access hosts, or machines you cannot normaly reach, i.e : hosts on a LAN or behind a firewall. By the way, this is not a cracker tool! You must be able to access an ssh enabled host that can communicate with this private network (usually a firewall). SSH can play with two kind of tunnels, called Local port forwarding and Remote port forwarding.

Local Port Forwarding

This allows you to access ports on hosts that you cannot reach directly, by "piping" information in a SSH connection to a public host (this one must be able to reach the final host).


Local port forwarding

As an example, imagine that here the web server is running on MacOS 9 (ugly uh?). You can not reach this machine directly because it is not a public server and has a private IP address (We won't talk about NAT and PAT considerations here). You will open a SSH connection to the firewall, handling the tunnel you want to make, like forwarding all requests made on a local port (say 8080), to the port 80 of the MacOS 9 Server. The ssh command line should be like this :
ssh -N -L 8080:os9.server.lan:80 user@firewall.company.com

In (good?) english: Forward local port 8080 to firewall.company.com, and tell him to send this to os9.server.lan, on port 80

-Ntells ssh to only handle tunnel, we do not want a shell on this host
-Lspecifies the kind of tunnel (Local port forwarding)
8080is the local port to use
os9.server.lanis a host reachable by the firewall
80is the port you want to reach.
useris the user you want to connect as.
firewall.company.comis the public server you will jump by.

Now, to connect to the os9's web server, type this in your browser : http://127.0.0.1:8080/

Nope, this is not magic, this is ssh

Remote Port Forwarding

This is another approach, it allows you to forward connections made to a remote host, to a host of your own network (or your own machine).


Remote port forwarding

As another example, imagine you have a development server on your network (let's say our good old MacOS 9 - remember NetPrensz?-). You want your customer to access this server to show him the new killer website that will make him rich (and you too). All you have to do is open a tunnel from a machine that can reach both server (the public server to which the customer can connect and the development server holding the killer website).

The ssh command line should be like this : ssh -N -R 8080:os9.server.lan:80 user@server.company.com

In (good ?) english : Tell server.company.com to forward port 8080 to me, and give this to os9.server.lan, port 80 on my LAN

-Ntells ssh to only handle the tunnel, we do not want a shell on this host
-Rspecifies the kind of tunnel (Remote port forwarding)
8080is the remote port to use
os9.server.lanis a host on your lan
80is the port you want to reach on this host.
useris the user you want to connect as.
server.company.comis the public server your customer will query.

Now, tell your customer to connect to :

http://server.company.com:8080/

He will be drop to the os9's port 80

How does SSH Tunnel Manager work?

It does the job of launching ssh with proper command line arguments, just as if you did it by hand. Naturally, it remembers your settings so you don't have to remember IP addresses or the host names of remote machines.

How do I use it ?

Launch the application and go to the preferences (Apple-,).
Here you can manage the tunnels. Choose "Add..." in the top menu, now you can configure host and user information for the connection and Tunnels setup.

Let's make our two examples :

Local Port Forwarding


Local tunnel configuration

Remote Port Forwarding


Remote tunnel configuration

Limitations

No, you cannot open local ports below 1024 because the root authentication is not yet implemented.

Contacts

Comments and requests MUST be mailed to SSHTunnelManager@tynsoe.org (please !)