from Hacker News

Free book to master SSH tunneling concepts

by opsdisk on 1/15/22, 1:24 PM with 25 comments

  • by crims0n on 1/15/22, 3:14 PM

    Looks interesting, will give it a read as it looks to cover more than the basics.

    Years ago I worked in a SOC doing managed services for a major telco provider, and for some reason they thought that we didn't have the need to do any kind of SSH tunneling to manage routers/switches/firewalls. They kept blocking it at various layers, and we kept having to find more and more creative ways to get around it. I think at one point we were hosting our own PAC files local to our machines, building three layers of tunnels (the last of which being a dynamic SOCKS tunnel), and using a portable browser (because we couldn't be trusted with admin!) with FoxyProxy (or similar) to finally reach our destination.

  • by np1810 on 1/15/22, 4:59 PM

    Thank you for such a thorough book...

    This book does discuss autossh [1] which I came to know about recently while setting up my dynamic home ip (w/ CG-NAT) as the exit node in a wireguard network to overcome geo-restrictions on streaming services when traveling... :p

    autossh [1] is such a simple and useful utility, wish I had known about it earlier when any connection changes in VPN/WiFi used to break my ssh tunnels to the corporate network during development...

    If you're a frequent user of ssh tunnels, do check out autossh... ;)

    [1] https://linux.die.net/man/1/autossh

  • by tomxor on 1/15/22, 3:17 PM

    Similarly, with "sshuttle" you can pick n mix from different subnets with ease, or even forward your entire internet over SSH without a proxy for "poor mans VPN"

    ... although for the later purpose it's no where near as CPU efficient as wiregaurd, but with non root access to any SSH server it can get you around barriers in a pinch with only TCP 443 available, and effectively "VPN" multiple potentially conflicting subnets at the same time - I've not seen any other tool that can do the latter so effortlessly.

  • by anderspitman on 1/15/22, 9:27 PM

    I used local forwarding for years before learning about remote forwarding, which is useful for creating your own self-hosted ngrok-like service. A good number of the solutions on this list are based on SSH remote forwarding:

    https://github.com/anderspitman/awesome-tunneling

  • by chx on 1/15/22, 6:02 PM

    May I take this occasion to ask for help with merging my autossh commands? https://serverfault.com/q/1088997/64874

  • by stonecharioteer on 1/16/22, 6:30 AM

    Without even opening the link I was about to say that the only book on the topic you should read is the Cyber Plumber's Handbook. I'm smiling that it's the same link. Haha.

  • by egberts1 on 1/15/22, 10:00 PM

    Can’t even open it on macOS, iPhone with either Firefox nor Safari.

  • by mlnhd on 1/15/22, 5:09 PM

    Is this just the man page for ssh? I’m not sure what’s going on here. If you understand the tool you know the ways it can be used.