<<TableOfContents(2)>>

= SSH Tunnel =
A secure shell (SSH) tunnel consists of an encrypted tunnel created through a SSH protocol connection. Users may set up SSH tunnels to transfer unencrypted traffic over a network through an encrypted channel.

= autossh =
Autossh is a program to start a copy of SSH and monitor it, restarting it as necessary should it die or stop passing traffic.

autossh -M 0 -L 8080:localhost:8080 example.com -g

Install:
{{{#!highlight sh
cd /tmp
wget http://www.harding.motd.ca/autossh/autossh-1.4c.tgz
tar xvzf autossh-1.4c.tgz 
cd autossh-1.4c
./configure
make
make install
}}}

Authentication with generated key pair:
{{{#!highlight sh
ssh-keygen -t rsa # with empty pass on machine running ssh client
cat /root/.ssh/id_rsa.pub # paste it into the <destination user home folder>/.ssh/autorized_keys (running sshd server)
autossh -i /root/.ssh/id_dsa -M 0 root@10.1.2.3 -R 1433:192.168.4.5:1433 -f -N # use generated key to authenticate on sshd server
}}}

== Netbios SSH tunnel ==
Entities:
 * SSH server: 10.1.1.123
 * user on ssh server: root
 * Netbios server (Samba): 192.168.3.4
 * SSH client: 192.168.3.15
 * Ports 139 and 445 on Netbios server
 * Ports 139 and 445 must be free in the SSH server

The SSH server on the file '''/etc/ssh/ssh_config''' must have '''GatewayPorts yes'''.

The SSH client must be able to reach the SSH server and the netbios server.

On the SSH client, issue the following commands:
{{{#!highlight sh
# listens to port 139 on 10.1.1.123 that redirects traffic to 192.168.3.4:139 
ssh root@10.1.1.123 -R 139:192.168.3.4:139 sleep 99999 
# listens to port 445 on 10.1.1.123 that redirects traffic to 192.168.3.4:445 
ssh root@10.1.1.123 -R 445:192.168.3.4:445 sleep 99999 
}}}

Now the Netbios server can be reached through ports 139 and 445 in the SSH server.

== MS SQL Server tunnel ==
On the ssh client, issue the following commands:
{{{#!highlight sh
# listens to port 1433 on 10.1.1.123 that redirects traffic to 192.168.3.113:1433 
ssh root@10.1.1.123 -R 1433:192.168.3.113:1433 sleep 99999
}}}

== Change passphrase with ssh-keygen ==
{{{#!highlight bash
$ cd ~/.ssh/
#To change DSA passphrase, enter:
$ ssh-keygen -f id_dsa -p
#To change RSA passphrase, enter:
$ ssh-keygen -f id_rsa -p
}}}


== Script crontab establish connection ==
Crontab entry

{{{#!highlight sh
0 0 * * * /root/autossh.sh
}}}

File to connect with autossh, /root/autossh.sh

{{{#!highlight sh
killall autossh
/usr/local/bin/autossh -i /root/.ssh/id_dsa -M 0 root@sshdServer -R 2222:192.168.1.1:22 -f -N
/usr/local/bin/autossh -i /root/.ssh/id_dsa -M 0 root@sshdServer -R 139:192.168.1.2:139 -f -N
}}}

Other example script 
{{{#!highlight sh
#!/bin/sh
killall autossh
# listens on port 8585 on the sshServer and redirects traffic to localhost:8080 (ssh client)
/usr/bin/autossh -i /root/.ssh/id_rsa -M 0 root@sshdServer -p 2222 -R 8585:localhost:8080 -f -N
# listens on port 2525 on localhost (ssh client) and redirects to port 24 on sshServer
/usr/bin/autossh -i /root/.ssh/id_rsa -M 0 root@sshdServer -p 2222 -L 2525:localhost:25 -f -N
}}}