Episode: 310
Title: HPR0310: SSH tunneling
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr0310/hpr0310.mp3
Transcribed: 2025-10-07 16:00:17

---

I'm not fair.
Hello, Hacker Public Radio. My name is Nightwise, long time HBR listener, first time contributor
to the big HPR feed. I was triggered by Dave Yates, who said in one of the recent HPR
episodes that in order for us to enjoy Hacker Public Radio, we all needed to do a little
bit for the community and chip in. So here I am with my little podcast for the Hacker Public
Radio feed. Much like Dave, I am also podcasting while traveling. I don't have a Honda Civic,
it's an Audi A3. I don't travel at 75 miles an hour. I travel at kilometers an hour and
I'm judging by the meter right now. That's about 140 kilometers an hour as I plow through the freeways
of Belgium, Europe. Today I want to give you a little oversight of my personal SSH7, my personal
Linux SSH7 and what kinds of things I do on there and how I let it work for me. A cute little
piece of technology that I have found many millions of uses for. Many of you will be geeky enough
to set one up if not I'll give you some pointers at the end. But most of you will probably be picking
up some nice tips on how you can let a very simple server like that with just one open port
to a whole lot of things for you. Now how do I wise my SSH7, my Linux SSH7 is a zombie which means
that it has been well pronounced dead, buried, discarded and reused. I found an old Pentium 3
compact NC600 laptop at the dump where we have a special recycling quarter for electronics
and stuff like that. So as I was taking everything to the recycling containers, paper to paper,
plastic to plastic, I passed the electronics recycling heap actually where everybody just
pauls everything on up and it is amazing to see just what you can find down there. I mean people
throw away entire computers and that's where I saw this little compact laptop sticking out from
beneath the discarded blenders, toaster machines and old VCRs. So I decided to pick it up and take it
home along with the power supply that was lying nearby so that was a good thing and basically selfish
it for pots. But as I took a closer look at it I was a little bit disappointed to see that the
screen was cracked and that the keyboard of that laptop was actually bent and some of the keys
were missing. So we were talking busted keys at a busted screen. Now that kind of means that for
some people that laptop was a lost cause but I just decided to hook up an external screen and
external keyboard, boot it up and see what it did. It turned out that it was a Pentium 3 I think
one gigahertz processor and it had 512 megabytes of space on board. The battery was still working
so not for long I think I measured it about an hour and then it drained but it was at the time
running some version of Windows 2000 I think. I didn't even bother to try to boot into the operating
system or look for data I'm not like that. But what I did found out this was indeed still a working
computer with a working hard drive so it would be a nice project to set it to work. What I did is
I installed Ubuntu 8.10 server on there the command line version only of course the CLI version
and gave it a static IP using an external monitor and an external keyboard. So I managed to
configure it and I basically plugged it into our home network and forgot about it when it came to
connecting any kind of hardware to it. Basically it was just a little beige box that I had mounted
against the wall underneath the stairs nice next to the router and that is where it stayed. I used
it to experiment a little bit with Linux but in order to do that because I didn't have a keyboard
on a mouse I needed to install the open SSH server. Now for those of you who don't know this is a
server functionality of Linux which allows you to connect through a secure tunnel and control
your Linux server via a terminal on another machine. So basically for the remote purposes of
administrating the machine via my own local network I installed SSH. If you don't know how to do
that on Ubuntu it's very simple just go sudo space app dash get space install space open SSH space
server and it enter will install the open SSH server right away. Now this left me with a working
server on port 22 which I could access locally to play around with Linux. It actually didn't stop
there because slowly but surely I was really getting the hang of all of this and I started using
command line applications. Now the three command line applications that I use on that server the
most are basically the applications that I use every day. Using a terminal that can be on my Linux
machine in house or that can be on a Mac or I don't have any Windows machines but if I did I could
use putty I would just connect locally to the Linux machine to the Linux server over SSH and start
up three applications that I use. One of them is centrip for those of you who want to install it that's
sudo space app dash get space center I am. And centrip is a command line version of
MSN messenger and pigeon. So it allowed me to do a command line version of my most used
instant messaging programs like iCQ I still have some people on there. MSN I have some people that
chat using MSN and I absolutely test the MSN application itself and Google talk. So it took me some
time to figure it out but once I had it up and running it was a very light and convenient way
to have instant message conversations. Basically instead of going around installing a client on
every computer that I owned I would just install the terminal client connect to the SSH server that I
was running and run centrip from there. Centrip lets you talk to a myriad of protocols MSN Google
talk iCQ and we'll let you add and remove contacts sent files and stuff but basically as almost
no CPU footprint if you are absolutely tired of those Java based or those flash based
widgets and wings and God knows what that you get via MSN and even on pigeon centrip is a great
program to work with. The second program that I use quite a lot is IRSSI or RECI as it's called
IRSSI as the way that it's spelled and that is a command line based IRC program. Really really
love that too. What I basically used it for in the beginning was as a IRC client which is
connect to the Linux server that I was running and launch IRSSI and chat on IRC channels for example on
free node where you have hash you bunch who dash you K hash you bunch who God knows what there are all
kinds of channels out there that you can chat on and I also found this interface very very pleasing.
I was used to using my IRC what back when I was in my Windows days and I didn't really find a
cool alternative on the Mac and I also really didn't really like xchat so I was kind of stuck with
what am I going to use. IRSSI was for me a beautiful and again light command line interface that
allowed me to do just what I wanted to do and you know talk and chat and God knows what so that was
really really great to use. The good thing about IRSSI again using the SSH interface was that I
could launch it from any machine. If I was on my Mac I would just connect over SSH to the SSH
server and run IRSSI over there. If I was on Windows machine I could do it using putty. If I was
on another Linux machine I didn't have to bother installing stuff. Basically I had those applications
running on my Linux SSH server. Remember the the the Frankenstein-ish laptop with a broken keyboard
and the broken screen that was just you know shoveled somewhere underneath the stairs and was
operating perfectly. The third application that I've come to know and love on my command line
based server if I can call it like that is Alpine. Alpine is a mail program, a mail client that is
highly customizable but that works very nice with applications like with protocols like Gmail.
So I did some googling and I found a nice how-to on connecting Alpine to your Gmail via the iMap account
because basically I don't want to pull in any of my mail I just want to leave it up in the cloud.
I'm very happy with that and since I regularly switch computers operating systems and locations
it was really nice to have it running as a cloud-based service. So with Alpine I connect to my
Gmail using the iMap protocol and it gives me a very light and very fast way to connect to my email
and it works great. So I love Alpine if once you get the keyboard shortcuts in your fingers
you can really cleanly and fluently and quickly reply to emails, read your emails. It's a command
line interface. It looks good. It lets you very productively and very well very lightly browse
through your emails and use the email communication protocol as it's called to do your communication.
No hassle with a clippy, no hassle with a graphical user interface, just plain old email.
It's not like it's a tell net interface where you have to really type in a lot. You can just
navigate with the keys and some keyboard structs and it's really nice alternative for a mail client.
So those are the three programs that I basically used a lot and I was using my SSH server as a terminal
server. Now what I did next was connect my SSH server to the internet. I have a router that
supports the DIN DNS services so never mind the fact that I had a dynamic IP. My router kept
updating the dynamic IP to the service of DIN DNS. So I could basically set up a dynamic host IP
or a dynamic host name that allowed me to connect back to my home server from anywhere.
Now you have to take security in mind because the most great forward solution is opening up port
22 on your router and redirecting it via the NATS to the port 22 on your SSH server. But I wouldn't
do that because you know port 22 people who do a port scan know like okay that's port 22 that's
probably the SSH protocol so I'm going to try a brute force attack. Now I did leave this port open
for the first couple of days and I checked my authority log the slash bar slash log slash
AUTH I think at least the access logs and you could really see people trying
complete libraries of login names and password combinations. So if you open your SSH server up
to the web make sure that you choose a good password and a pretty wacky username that way it's
harder for people to do a brute force attack and the second line of security is of course setting
the IP on the router side different from the IP on the inside. What I mean by that is that I have
actually forwarded port 2222 on the outside on the outside connector of my router or the outside
interface of my router to port 22 on the inside interface of my laptop of my SSH server. So if I'm
outside I connect to port 2222 that's 2222 and it's get it gets netted to port 22 on the inside
if I'm on the inside of my network I just connect to port 22 and I don't have any problem with
that. The great thing is that if people do see that port 2222 on my router is open they don't really
have an idea which protocol is behind it and what they should use to have to try to gain access
to my network. So that's a good thing. Now once I had my little router opened up to the internet it
really became interesting. I work as a consultant which means that I regularly switch PCs and
I regularly switch operating systems and locations. So I was looking for a way to you know be able
to read my emails, check my rrc things and check my instant messages without having to install
a client on every computer sometimes I'm on the PC of a client sometimes I'm on a work computer
sometimes I'm god knows where. So it's not always that convenient especially if you work in
the corporate sector it's not always a good idea to do all these services unprotected behind
proxy because your company might be monitoring that and if they need to stick to throw at you
you'll probably get some excerpts from some log file and basically I'm not really a big fan of
so what I did is I installed putty on my USB stick, a portable version of putty which is
portable by default. So whenever I get stuck on a Mac or a Linux machine I have the terminal
at my discretion or whenever I'm stuck on a Windows machine I just pop in my USB stick and run
putty. Using putty I can connect to my server at home and actually run those applications that I
have installed on my home server and the great thing is that the connection between you and your
server so you at work or at a hotspot where you don't want people to sniff what you're doing
and the computer at home where the actual application is running is completely encrypted
and the internet traffic that is requested by your applications of for example Alpine
IRC chat, centrums and stuff like that starts from your server so the traffic never gets
routed through your unsecured network whether you're on a hotspot or if you're at a client or at work
God knows what it's a nice secure tunnel in between both of them. One of the essential
applications that you want to use here is the application screen. Screen is kind of what tabs are
for Windows. It enables you to have multiple terminal sessions open at the same time
have two open on the same screen or flip through them so you can actually go to one application
using a keystroke go to the other application and so forth so instead of just having one terminal
window open and having that terminal terminated when you disconnect you can actually leave this
session running so this was really cool for me I started to have IRSSI running all the time I
started to have my Alpine running all the time and if necessary I ran my instant messaging
client centrum all the time I would just connect to the screen sessions using my terminal clients
whether that be Windows Linux or Mac so it was a great way to have a terminal server and actually
leave those applications running those applications running when I wasn't even connected really really
handy to do and especially nice if you want to you know stay connected to IRSSI and just check out
what's going on in the channel or you want to leave your instant messaging client on because you
might get some messages from friends and stuff so using the combination of the SSH server and the
application screen I was able to do just that but the story doesn't really end here you can even use
your SSH server to go one step beyond all of this and use it as a secure tunnel so let's say you're
on a hotspot and open Wi-Fi and you need to surf around you need to do some web pages as we all
know hotspots or on secure networks are dangerous when it comes to privacy issues people can sniff
your traffic so it's not very wise to sniff to surf unencryptedly on an open network what you
want to do is use that very SSH tunnel to set up a encrypted connection to your SSH server and
serve from there using putty and there are hard to use available on this I'll see if I can
shove some long in the show notes you can actually tell Firefox to use your putty program as a local
proxy server it will then traffic all of your all of your data through that local proxy server
now of course your putty is connected to your home server over SSH that way if you have it all
set up and you surf to a certain web page Firefox will pipe the HTTP request through putty putty
will pipe it through the SSH connection to your SSH server at home and from there the actual
request will leave the internet and will come back to you so it's a great way to serve all kinds
of sites without ever being noticed the only thing that the people see on the unprotected network
is that you have a SSH connection set up to some dynamic IP somewhere but whatever you are
doing inside this tunnel is completely opaque it's a very nice way to do some secure surfing but
I've also loved to use it as an HTTP tunnel to configure some of the web based interfaces on my
home network if I needed to configure my router if I needed to take a look at my LAN if I needed to
to configure the webman interface that I also have running on my server I would just pipe my
traffic through the SSH tunnel and access not only the internet IPs but also the local IPs on my
own private network very very convenient now one of the other things that you can also use this
connection for is of course as a file sharing or file storage capacity using file zilla you can
actually send files back and forth from any machine through that SSH connection to your home server
and what I did is on my home server I mounted several local shares and by using SSH I connected using
file zilla through the SSH connection to my home server my home SSH server and even via their
connect to other shares of my NAS and what have you throughout my entire network and I was all
using that one simple SSH connection so all I had was just one port that was open and I had it
blocked down pretty securely by using an extensive username and password combination
so that is all kind of cool things that you can do with your SSH server so if you are on random
computers and are working throughout a random period of network secure not secure an SSH
connection one simple port can really do a very big deal for you and I have lived through
port 22 I say sometimes so it's a really convenient way to use a very simple yet secure
and protocol to have it completely in action I really have a party with it when I do
when I go out and have my ultra portable netbook with me have an ace to aspire one if I'm on a
free Wi-Fi or I'm at family or God knows what and I need to do stuff I just whip out my
my ultra portable it runs Linux 8.10 it's the easy peasy distro that I have running on my ace
to aspire one my ace to aspire one has a four gig drive which is not a lot but what I do is by
going to the places menu I have made a secure connection to my SSH server and I made a secure file
connection to it and I can use that file connection whenever I want to so instead of having things
stored consistently on my netbook which has storage issues as you might know I just use the
Ubuntu places connect to server functionality to connect directly to the files on my SSH server
through an SSH tunnel straight in no so it's really nice to have all those files right really
close to me if I want to run some applications and I don't want to tax the processor of my
of my ultra portable I just open up an SSH server and run those applications be it centrum
irsci alpine god knows what I just basically use my ultra portable as a small SSH terminal device
to connect to the server device that I have running at home and it's really really nice I even do
big downloads while I'm away and I can check on downloads using the command wget I sometimes
activate the downloads of a certain application I leave the wget session running in-screen I can
disconnect connect to it later see if everything's in I use the SSH server as a pod catcher using
a bash potter I let it download some of the podcasts and I can really connect to it just about
from everywhere using just about any system over just one port so if you're not really into
installing an SSH server don't worry I have a screencast on my personal website that tells you
how to do it if you want to know if you want to learn more about alpine and centrum you can
always send me an email via my own personal website or you can just google around and find
nice and easy how to and how to use all these simple but very convenient applications so that
was all for Acro Public Radio for this episode it's been a delight and finally contributing to all
of this it's been an honor and I really really like it now as for your questions and feedback you
can always find me at my personal website that's www.nightwise.com that's kni ghtwisle.com where I host
a weekly podcast called the nightcast a screencast called kwtv and there are of course of course
also some daily articles so that was not this was nightwise for hack up public radio signing off
and telling you to have a great time twing around with your thank you for listening to
the hashtag of the radio hpr is sponsored by caro.net so head on over to caro.nc for all of us