6

I was refreshing my memory today on setting up ssh tunnels and I came across several sources that describe forwarding some local port to a website. For example: https://www.techrepublic.com/article/how-to-use-local-and-remote-ssh-port-forwarding

“Open up a terminal window on your client and issue the command:

ssh -L 8080:www.slashdot.org:80 localhost

You will be prompted to enter your user password for the client machine. Essentially, you are connecting, via SSH, back to your client machine, but creating the necessary SSH tunnel to the destination. After you've successfully authenticated against your local account, open up a browser and point it to http://localhost:8080. Your browser should automatically redirect you to Slashdot.”

Only, this doesn’t work if you actually try it. I end up with failed connections, 500 errors, 404 errors, etc. I’ve tried other sites, even non https. What’s the deal?

Improve this question
2
  • Are you running an SSH server on the machine? If you are not then the tutorial you linked to won't work,
    – Ramhound
    Commented Aug 1, 2018 at 19:50
  • Jeff is right, especially about the HTTPS thing. I ran ssh -L 8080:www.slashdot.org:443 localhost and then it worked. But you have to access the site with https://localhost:8080, not http://.
    – confetti
    Commented Aug 1, 2018 at 20:20

2 Answers 2

Reset to default
6

This technique works, but is not very good for accessing websites since you need to forward a port for each and every domain being accessed. If you load slashdot in chrome and use the developer tools, you can see that when you load slashdot it is actually loading content from at least 21 different domains. If you are only forwarding one domain then you won't see all the content.

Another problem is that you are tunneling to port 80 on a site that is serving content on port 443. If you run "curl -i slashdot.org" you will see that it serves you a 301 redirect to HTTPS. When the browser tries to follow the redirect to HTTPS everything will fail.

You would be better off using ssh as a SOCKS proxy and configuring your browser to use it. You can open a socks proxy on a local port like this:

ssh -D 8080 myhost.com

myhost.com could be "localhost" in your case, but usually is a remote server. Once you have this session open, just go into browser preferences and configure the browser to use a SOCKS v5 proxy pointed at localhost port 8080 (easier to do in firefox than chrome imho). Once that's done the browser will run all of its traffic through the ssh tunnel.

This can be incredibly useful for accessing websites hosted on private networks, or encrypting your data across a network you think is not secure.

Improve this answer
3
  • Can you explain why it is usually a remote server? I'm not fully understanding it in the context of OP's question.
    – confetti
    Commented Aug 1, 2018 at 20:07
  • 1
    @confetti The purpose of using ssh as a SOCKS proxy is to tunnel your traffic through a remote endpoint in order to disguise your traffic, or to get your browser onto the network your endpoint is sitting on. In the OP's original question he was just using localhost for testing purposes.
    – Jeff Aigner
    Commented Aug 1, 2018 at 20:09
  • Oh I see, that's pretty cool. I never knew setting up a SOCKS proxy is this easy. If I understood OP correctly though he wants to route a specific site to his localhost (and maybe LAN IP?) on port 8080, I don't quite see how that'd work with this approach. Then again I'm unsure of what OP's ultimate goal is at all.
    – confetti
    Commented Aug 1, 2018 at 20:16
0

Jeff is being absolutely right, however I'd like to add on a solution with local port forwarding:

Since the website you're trying to access is using HTTPS, you need the access its port 443.

$ ssh -L 8080:www.slashdot.org:443 localhost

In addition to that, you need to use https:// in the browser instead of http://, so you would access the following URL in your browser: https://localhost:8080. On firefox, this presented me with a "unsecure connection" warning since obviously the SSL certificate issued for the website you're trying to access was not signed to be used with localhost. However you can ignore this warning and proceed.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .