Initial commit: HPR Knowledge Base MCP Server

- MCP server with stdio transport for local use
- Search episodes, transcripts, hosts, and series
- 4,511 episodes with metadata and transcripts
- Data loader with in-memory JSON storage

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

hpr_transcripts/hpr0112.txt

@@ -0,0 +1,212 @@
+Episode: 112
+Title: HPR0112: SSH Tunnelling
+Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr0112/hpr0112.mp3
+Transcribed: 2025-10-07 11:35:43
+
+---
+
+Music
+Okay, and welcome back to the JWP Linux podcast.
+I'm hoping everything is okay with you all.
+I'd like to continue the SSH note that we had before
+and talk a little bit about SSH tunneling.
+And SSH tunnel is sometimes referred to as VPN,
+is an encrypted network tunnel created through an SSH connection.
+SSH is frequently used to tunnel insecure traffic
+over the internet and a secure way.
+For example, Windows machines can share files using the SMB protocol
+which is not encrypted.
+If you want to mount a Windows file system remotely through the internet,
+someone snooping the connection could see your files
+to mount them to mount an SMB file system securely.
+One can establish an SSH tunnel that routes all SMB traffic
+through a file server inside a SSA encrypted connection.
+Even though SMB traffic itself is insecure
+because it travels within an encrypted connection,
+it becomes secure.
+In order to create an SSH tunnel,
+SSH client is configured to forward a specific specified remote port
+and IP address that is accessible on the SSH server
+to a port on a local machine.
+Once the SSH connection has been established,
+the user can connect to the specified port
+in a local address to the network services
+that would otherwise be available only on the remote IP address
+and port.
+The SSH tunnel provides a means to bypass firewalls,
+the prohibited certain internet services,
+and provide outgoing connections allowed on port 22 are allowed.
+For example, many institutions have prohibited users from accessing web pages,
+port 80 without directly first being examined by a proxy
+slash shelter device.
+However, if users are able to connect to an external SSH server,
+it is possible for them to create an SSH tunnel
+for port 80 on an external web server to give a port
+probably on port 80 on a local machine,
+and thus the web page by typing HTTP
+forward slash forward slash local hosts in the browser.
+More commonly, users may set up their own proxy server in home
+using free software such as Squid
+and construct a tunnel from their workstation to the proxy
+next by configuring their local browser to a local host
+rather than a corporate proxy server, users can access any web page
+they want by bypassing their company's filters and firewalls.
+Another method to use dynamic port forwarding, which creates
+a local socks for slash 5 proxy server can be used to connect effectively creating
+an encrypted tunnel to a remote SSH server.
+The user can then configure his or her applications to use socks,
+a proxy server, usually bypassing systems or firewalls.
+Okay, boys and girls, we're not saying that it's okay to do that at work
+or whatever, but a lot of people in China do that exactly
+what was just robbed so that they can see CNN or anything else.
+So doing it on port 80 isn't good.
+You know, you can do that. It's not hard.
+You set up a shell account somewhere.
+You open up a browser board and port 80 in the Netscape
+and it works just fine. Okay.
+Okay, moving away from the Wiki to an article by Brian Hatch
+that was published the 1st of June, 2005.
+The making of an SSH is...
+it's a good thing. You know, tunnels can be created anytime
+with almost no effort and no programming, which makes it very appealing.
+SSH forwarding will look at a little bit more in detail.
+It's often useful but misunderstood technology.
+SSH forwarding can be used to secure communications in a
+major of different ways.
+For instance, local forward example, say you have a mail
+client on your desktop and you currently use it to get
+a mail from your pop server
+on port 110. You may want to protect your pop server connection
+for several reasons such as keeping your password from going across the line
+and clear or just to make sure no one's sniffing your email
+you're downloading. Normally your email client will establish a
+TCP connection to the server on port 110 and supply your username and password.
+You can try this yourself using telnet or
+NC command. You type in whatever the username is at
+desktop NC mail server 110
+and it starts going and it says
+let's you get all your stuff.
+For instance, you can say again
+username at desktop, dollar sign, NC mail server 110
+and the response is ok, super duper pop 3 mail server
+parenthesis mail server.mysp.net ready
+and then user whatever that user is
+pass its 20s
+ok user sexually log on the list
+and that's plus ok 48, 142, 0, 2, 4, 3, 1,
+1689, 2, 1359, 3, 59, 509,
+409, 47, 38 and then you type quit
+and this is ok super duper mail server currently signing off
+and the user name desktop at dollar sign
+we can wrap this TCP connection inside a SSH
+connection using SSH port forwarding. If you have SSH on the machine to access
+that offers your service
+pop 4110 in this case, then SSH to it. If you don't
+you can SSH to a server on the same network
+if the network is trusted and use SSH instead.
+Example user name desktop dollar sign
+NC localhost 999 connection was used.
+SSH minus L999 colon mail server
+colon 110 shell server
+you put in your password
+you tap in the host name, the shell server
+and then it's done. Before we connect
+to the shell server with SSH nothing was listening
+we need nothing was listening on port
+999 in our desktop. Once we logged on to the mail server
+with our tunnel this port was bound by SSH process and the TCP
+connection to local port 9999 was magically
+tunneled through the SSH on the other side. Let's describe how this works
+you launch the slash user
+slash bin slash SSH and SSH command line
+SSH client logs on to their remote machine using whatever authentication method
+password, public key, etc. The SSH client binds
+the local port to this specified port which was 9999
+on the loop back interface on
+12.7.0.0.1 and
+you can do anything on the remote machine you want. Tard up some files right
+some users delete, etc.
+Interactive login. When the connection process connects to port
+999 on the client machine the slash user slash bin slash SSH client
+accepts the connection. The SSH client informs the server
+over encrypted channels to create a connection to the destination
+in this case mail port 110. The SSH client
+takes any bits sent to port 999 and
+sends them to the server inside the encrypted session
+who decrypts them and sends them in the clear to the destination 110
+mail server. The server takes any bits from the destination server
+mail servers port 110 and sends it from inside the SSH
+client decrypts it in the clear. When this connection is closed to either point
+is turned down inside the SSH connection as well.
+Okay so that's basically how it works.
+It sounds a little bit complex to me
+but it works pretty good. So let's assume that the
+mail server has SSH there. So you would say
+SSH minus V minus capital L space
+999 colon mail server colon 110
+space shell server.
+And then it would read the configuration data in
+Etsy slash SSH slash SSH config
+reho authentication disabled. The original port will not be trusted connecting to
+the shell server at IP port
+296.62.257.251
+on port 22 connections established.
+Identify the file at slash home slash PRI
+slash space dot SSH slash identity type 0
+identify file slash home slash
+BRI slash space dot SSH
+ID underscore RSA type 1 identify file slash
+home slash PRI slash SSH slash ID
+type 2.
+Okay next authentication method password
+user name shell server password, the internet
+and then authentication succeeded password
+communications to local port
+99942 remote address port
+local post colon 110
+dot 0 dot 0 1 port 999
+channel 0
+new client session interactive session
+request PTY required request shell
+as you can see there's a brief mention of port 9999
+being bound and available for tumbling.
+We haven't made the connection to this port yet so the tunnel is not yet active
+you can use the special character number escape sequence
+to see the connections in use. The sequence only works with character
+charge return so hit enter a few times before trying it.
+Enter enter special character number. The following connections are open
+number one client minus session
+parentheses T4 R0 I0
+slash 0 little 0 big 0
+slash O
+space FDE
+space F slash 6 closed parentheses.
+There's only one connection on your actual SSH section from what you're typing
+those Linux commands. Now in a different window if we do tell
+that to local host 999 we'll open a new connection through the tunnel and we can see it from our SSH
+using the special character
+number sign. Okay so
+here we are we press enter and use the strange and usual character that's beside the one
+above the apostrophe.
+The following connections are open.
+The client session TR4.0
+I've done that thing before so we're not going to do that again.
+This is direct tcip listing port 999 from mail server port 110
+connect from 27.0.1 port
+42789
+and then it has a parentheses T4
+slash 0 slash 0 FDE slash 8
+you can see that we now have both have an SSH section and we're both using
+the plus tunnel and the second entry. If it tells you
+all you need to know about the connection from the same machine
+from the same machine which we can look up with nets that
+or LS OF if we're curious about the output.
+Okay so that's about it for port forwarding
+I hope to do it with a browser one time
+to really do it and then do step by step to see if I can really get far fox
+to do it through a proxy.
+Alright y'all take care and have a nice day now.
+Thank you for listening to Half Republic Radio
+sponsored by Carol.net
+so head on over to C-A-R-O-DOT-A-C for all of the team
+you