SSH has a very useful feature - Remote and Local Port Forwarding. We have an old rickety PIII running Ubuntu 8.04.1 in the Hostel, it is connected to the net and is accessible via SSH from the internet. Using a tiny little shell script running on one of the machines in the Institute, I managed to make the old PIII an intermediate gateway for gaining SSH access to the Institute's machines from anywhere in the internet. The script is of few lines, but nevertheless powerful enough to serve our purpose.
while [ 1 ]; do
ssh -C -o ServerAliveInterval=30 -R 4321:localhost:22 serververhostname
Let us analyse what this code does.
First of all
serververhostnameis the hostname of the PIII server. For example if
www.example.comresolves to the public ip of the PIII server, then
www.example.comwould have been used instead of
-Coption requests compression of all data, to improve data transfer speed over slow connections.
-o ServerAliveInterval=30makes the SSH client send a keepalive packet at the application layer every 30s, this is to prevent a timeout, in case the connection is idle.
-R 4321:localhost:22is the most important part. There is a SSH server running in the Institute's workstation, listening on port 22. "
-R 4321:localhost:22" specifies that port 22 of localhost, i.e. of the institute's workstation is to be forwarded to port 4321 of the PIII, such that whenever a connection is made to the PIII on port 4321, the connection gets forwarded over the secure channel to port 22 of the Institute's Workstation.
The while loop ensures that the connection gets re-established if it breaks. You need to use a passphraseless RSA or DSA key for authentication instead of a password, otherwise the ssh client will wait for a password input.
Now suppose in the midst of the night I feel an urge to log in to the machine in my college, but I am (say even a few hundred or thousand miles :D) away from the computational centre, all I need to do is log in to the PIII server in the hostel using ssh from anywhere in the internet. Once I am in there, I issue the command: "
ssh -l username localhost -p 4321". Though I am ssh-ing into port 4321 of localhost, effectively the connection is made to port 22 of the Institute's workstation, thanks to the previous ssh port forwarding. No need for persuading the sysadmin to make changes to the NAT or Institute's firewall.