SSH Tunnel Manager is a tool to manage SSH Tunnels (commonly invoked with -L and -R arguments in the console). With SSH Tunnel Manager you can set up as many tunnels as you wish, each one containing as many port redirections as you wish. Once tunnels are configured, all you have to do is Start, or Stop the tunnels.
What are SSH tunnels ?
SSH Tunnels are a secure way to access hosts, or machines you cannot normaly reach, i.e : hosts on a LAN or behind a firewall. By the way, this is not a cracker tool! You must be able to access an ssh enabled host that can communicate with this private network (usually a firewall). SSH can play with two kind of tunnels, called Local port forwarding and Remote port forwarding.
Local Port Forwarding
This allows you to access ports on hosts that you cannot reach directly, by "piping" information in a SSH connection to a public host (this one must be able to reach the final host).
Local port forwarding
As an example, imagine that here the web server is running on MacOS 9 (ugly uh?).
You can not reach this machine directly because it is not a public server and has
a private IP address (We won't talk about NAT and PAT considerations here). You will
open a SSH connection to the firewall, handling the tunnel you want to make, like forwarding
all requests made on a local port (say 8080), to the port 80 of the MacOS 9 Server. The ssh
command line should be like this :
ssh -N -L 8080:os9.server.lan:80 user@firewall.company.com
In (good?) english: Forward local port 8080 to firewall.company.com, and tell him to send this to os9.server.lan, on port 80
| -N | tells ssh to only handle tunnel, we do not want a shell on this host |
| -L | specifies the kind of tunnel (Local port forwarding) |
| 8080 | is the local port to use |
| os9.server.lan | is a host reachable by the firewall |
| 80 | is the port you want to reach. |
| user | is the user you want to connect as. |
| firewall.company.com | is the public server you will jump by. |
Now, to connect to the os9's web server, type this in your browser : http://127.0.0.1:8080/
Nope, this is not magic, this is ssh
Remote Port Forwarding
This is another approach, it allows you to forward connections made to a remote host, to a host of your own network (or your own machine).
Remote port forwarding
As another example, imagine you have a development server on your network (let's say our good old MacOS 9 - remember NetPrensz?-). You want your customer to access this server to show him the new killer website that will make him rich (and you too). All you have to do is open a tunnel from a machine that can reach both server (the public server to which the customer can connect and the development server holding the killer website).
The ssh command line should be like this : ssh -N -R 8080:os9.server.lan:80 user@server.company.com
In (good ?) english : Tell server.company.com to forward port 8080 to me, and give this to os9.server.lan, port 80 on my LAN
| -N | tells ssh to only handle the tunnel, we do not want a shell on this host |
| -R | specifies the kind of tunnel (Remote port forwarding) |
| 8080 | is the remote port to use |
| os9.server.lan | is a host on your lan |
| 80 | is the port you want to reach on this host. |
| user | is the user you want to connect as. |
| server.company.com | is the public server your customer will query. |
Now, tell your customer to connect to :
http://server.company.com:8080/
He will be drop to the os9's port 80
How does SSH Tunnel Manager work?
It does the job of launching ssh with proper command line arguments, just as if you did it by hand. Naturally, it remembers your settings so you don't have to remember IP addresses or the host names of remote machines.
How do I use it ?
Launch the application and go to the preferences
(Apple-,).
Here you can manage the tunnels. Choose "Add..." in the top menu, now you can configure
host and user information for the connection and Tunnels setup.
Let's make our two examples :
Local Port Forwarding
Local tunnel configuration
- To add a Tunnel inside one of the list, click the "+" button.
- Feed the 3 columns with tunnel options, as in the example.
- Check "Allow remote connections to local ports" to allow hosts on your lan to connect to your tunnel.
- Click "Apply" to save your settings.
Remote Port Forwarding
Remote tunnel configuration
- To add a Tunnel inside one of the list, click the "+" button.
- Feed the 3 columns with tunnel options, as in the example.
- Click "Apply" to save your settings.
Limitations
No, you cannot open local ports below 1024 because the root authentication is not yet implemented.
Contacts
Comments and requests MUST be mailed to SSHTunnelManager@tynsoe.org (please !)