Welcome to the MacNN Forums.

ZackS · Sep 15, 2003, 03:52 PM

Uhhh, right. So there's no post and stuff... But anyway, I was wondering the same thing.

Superchicken · Sep 15, 2003, 09:47 PM

what the?

My question was, since the campus staff at the school I go to are grr, they've only let us use port 8080, but I NEED FTP, so I want to leave me iMac at home and use it to tunnel through the proxy and firewall so my iBook can send out info and it can FTP it to a site, and also perferably I could also receive e-mail via mail.app

zerologic · Sep 16, 2003, 01:22 AM

use this format... -L is local port to remote port... -R is remote port to local port.

ssh -2 -L 8000:localhost:80 -R 10006:localhost:10006 username@xxx.xxx.xxx.xxx

there may be a better way.

GENERAL_SMILEY · Sep 16, 2003, 06:06 AM

SSH tunnel, or something, on Versiontracker.

Superchicken · Sep 16, 2003, 03:46 PM

Mind going more in depth? I got a program called SSH agent, and right now my iMac is in my dorm room right now, but I'm just wondering, what software I would need to have on it so that I could SSH to it, and then FTP and stuff from there. Keep in mind that all I know is SSH means secure shell command, and a friend setup a script on my server to automatically backup when I SSH in and type /.backup but that's it. SSH agent has an option for a new tunnel... I'd post a screen shot... but I'm asking this so I can use FTP heh.

it asks me for the port which is going to have to be port 8080, then the user name... would that be like my short account name for OS X? And then @ and then your.server.com so would that be like the mac's IP adress? Then tunnel port... would that be 8080 since that's the only one the network will let us use? The default is 22, but I'm not sure if that's the iMac's port or my iBook, my iMac will be connected to our cable. and then some.server.com I don't know what that means? Like would this only be for ftp where I'd put the name of the site that I'm trying to FTP to? And then it says remote port as 80...

If anyone could give a breif explanation of this that'd be really helpful

Xeo · 04:51 PM

[edit] I changed "First" so check again. There is a better way to change the port of SSH [/edit]

OK. If you can access your iMac via SSH already, then you are allowed connections on port 22 as well and won't need to set up SSH to work over port 8080. However, you said you can only use port 8080 so here goes.

First you need to have the SSH daemon listening to connections on a port other than 22, in your case it sounds like 8080 is your only choice. This should be on the iMac that you will be keeping off campus--the one you want to SSH to. On way to do this would be to edit the file
/etc/sshd_config

Find the line that reads
#Port 22

and change it to read
Port 8080

And then restart "Remote Login" from Sharing.

Second, you can use port forwarding as someone suggested above on your computer on-campus to connect to the iMac. However, you only need to use the -L flag. You will have to run this command every time you want to connect to the FTP server.

% ssh -N -L 2100:ftp.server.com:21 username@your.imac.com -p 8080

Now just open Transmit or whatever FTP client you like and use the server "localhost" port "2100" and the username/pass of the FTP server you're trying to connect to.

I'll explain the ssh command above. The -N means it won't execute any commands on the other end. It's just forwarding ports. The -L means you're forwarding a local port to some remote port. The 2100 means you're using the local port 2100 to connect to. The ftp.server.com is the remote FTP server you are trying to connect to. The 21 is the FTP server port. You can change this if the FTP server is using a different port. The your.imac.com is the IP or hostname of the iMac you have off campus. The username is an account on the iMac that you are SSHing as. The -p 8080 means you are telling SSH to use port 8080 to connect to the iMac. Since you set the imac to listen on port 8080, it'll work just the way you want.

So as far as your campus connection is concerned, you will be making an SSH connection over port 8080. The iMac on the other end will make a connection to the FTP server over the port specified. Your FTP client (like Transmit) will think you are connecting to yourself but in reality you're going through SSH into the tunnel.

If you ever need to just SSH to the remote iMac, just use
ssh username@your.imac.com -p 8080

Hope this helps.

Superchicken · Sep 16, 2003, 05:43 PM

Thanks Xeo I think I almost get it. just a few questions.

the username@your.imac.com would that be my login name ie salty@ my iMac's IP address?

and you say I need a daemon running... do I have to like install one or does OS X already have one and all I have to do is edit that one file on the iMac?

Arkham_c · Sep 16, 2003, 07:45 PM

Originally posted by Superchic[k]en:
Thanks Xeo I think I almost get it. just a few questions.

the username@your.imac.com would that be my login name ie salty@ my iMac's IP address?

and you say I need a daemon running... do I have to like install one or does OS X already have one and all I have to do is edit that one file on the iMac?

1) Yes, you have the first part right.

2) Turn on "Remote Login" in the Sharing control panel. Just turn that on and you have the sshd daemon.

Superchicken · Sep 17, 2003, 12:47 AM

sweet... this'll work with X.1 right? The only license I have, other than X.2 on my iBook, I think I'm gonna put panther on both though.

Anyway, yeah I assume I'll just buy a fam pack with my friend and then he can have one license, I'll have one, I can update someone else's computer, ect.

Xeo · Sep 17, 2003, 01:37 AM

Originally posted by Superchic[k]en:
sweet... this'll work with X.1 right? The only license I have, other than X.2 on my iBook, I think I'm gonna put panther on both though.

It should. I assume the config file on 10.1 is in the same place, but I don't remember 10.1 enough to say for sure.

Jellytussle · Sep 17, 2003, 12:31 PM

Hmm.. it sounds to me as if you mean that port 8080 is the one you set as your proxy. It probably won't be opened outbound on your college firewall. Using an SSH tunnel is a good way to do what you want, but you may have to experiment to see what outbound ports are open from the college. I run sshd on port 110, because most of my clients' firewalls are set up to allow users' access to external POP accounts.

If you're totally isolated from the 'net, i.e not actually routed to an external gateway ( which i've seen, and it's crap), there is a tool called zebedee which can tunnel tcp and even udp traffic through proxies. google for it 'cos i'm far too lazy.

edit: turns out i'm not that lazy ,after all.

http://www.winton.org.uk/zebedee/

Superchicken · Sep 17, 2003, 01:10 PM

Thanks a lot guys. And yeah it's totally cut off from the web. I can't even download my mail off my server, I'm having to use web2mail which really sucks cause I get NO spam control.

Anyway, but so lemmie just make sure this is what I have to do.

Install X.1 on my iMac, edit the sshd_config file, which I assume will be in my library? Or... is that in like the system library or the user library or does it matter?

Change the port to port 8080, by the way do I leave the # sign in or out?

And then I SSH to it from my iBook putting in the IP addy and all that other fun stuff. And THEN after I setup a tunnel my iBook will automatically route everything though that tunnel and through the iMac and then back to me correct?

If that's right I'm terribly thankful. Now I'm really glad I didn't sell my iMac or let a friend borrow him

You guys are great, this is why I love the Mac community... so helpful

Xeo · Sep 17, 2003, 01:23 PM

Originally posted by Superchic[k]en:
Install X.1 on my iMac, edit the sshd_config file, which I assume will be in my library? Or... is that in like the system library or the user library or does it matter?

It's at /etc/sshd_config. The /etc directory is at the root of your hard drive (along with /Applications, /Users, and /System). You need admin access to edit it. If you use BBEdit, you can make changes and when you save, it will ask you to authenticate. It's very nice that way. You can use "Go to folder" to get to /etc. Just type /etc as the directory.

Change the port to port 8080, by the way do I leave the # sign in or out?

Leave the # out. When the # is in front of a line, it is ignored. It had # before because it ignored it and used the default.

Everything else sounds right.

Superchicken · Sep 17, 2003, 10:09 PM

Sweet thanks a ton man I owe you big time. You've allowed me to keep web developing. I might even allow some people to run through my machine I'm not sure. Either way I'll tell them if you're using Kazaa through it I'll shoot you but yeah... thanks a ton

Superchicken · Sep 28, 2003, 02:59 AM

Uhh, X.1 says that etc can not be edited... how do I edit it?

zerologic · Sep 28, 2003, 09:27 AM

Originally posted by Superchic[k]en:
Uhh, X.1 says that etc can not be edited... how do I edit it?

sudo pico /etc/sshd_config

in terminal... you'll be prompted for your password. pico is an easy to use command line text editor.

RoofusPennymore · Sep 28, 2003, 10:39 AM

Originally posted by Jellytussle:
http://www.winton.org.uk/zebedee/

Unfortunatly no MacOS X port. But would be usefull.

Superchicken · Sep 28, 2003, 01:55 PM

Hey sweet thanks a ton guys, now I'm gona run upstairs, plug my iBook into the hub and see if I can make the tunnel over the internet... I know it won't garuntee it'll work over the network but at least I can see if I did my stuff right.

Thanks a ton, by the way if anyone tries to use sudo pico, control is the ^ thing... I kept hitting shift and six then the letter and wondering why it wasn't working haha... I'm a goof...

keston · Sep 28, 2003, 02:52 PM

Has "SSH Tunnel Manager" been mentioned? http://projects.tynsoe.org/en/stm/
The docs also explain things well: http://projects.tynsoe.org/en/stm/doc.php

Superchicken · Sep 28, 2003, 03:34 PM

OK here's a picture of my blanks...

This is a program called Fugu, it's open source and free and stuff.

Anyway i'm wondering what I would put in all those blanks

For create a tunnel to, I assume that's my iMac's Ip adress

Service or port I'm not sure, I know I need to go out port 8080

I don't know which computer is the host... and lastly I don't know if the user should be root, the long login name, the name of the computer, or the short name...

Please help...

mmurray · Sep 28, 2003, 05:00 PM

Originally posted by zerologic:
sudo pico /etc/sshd_config

in terminal... you'll be prompted for your password. pico is an easy to use command line text editor.

Its a good idea before you do this to do

sudo cp /etc/sshd_config /etc/sshd_config.bak

so that you have a copy of the original saved as sshd_config.bak . That way if everything goes weird you can do

sudo mv /etc/sshd_config.bak /etc/sshd_config

and be confident you have the settings they way they were before you started to mess with them !

Michael

Superchicken · Sep 30, 2003, 03:29 PM

Anyone got a clue?