Saturday, January 30, 2010

SSH is a versatile tool

I had no idea SSH was so versatile. I moved to a new apartment a few months back. It comes with shared internet service for the complex. The speed is decent; not what I was getting, but you get what you pay for, so I was more or less satisfied.

My first big problem was that I no longer had access to the router. This meant I couldn't forward ports to give me remote access to my machine. I'd read about VoIP services that had a failsafe for machines that couldn't directly connect. They would connect them both to a central server, and connect them together from there.

This is when I first learned about reverse SSH tunnels. I already knew about normal tunneling. I'd been using that for years to connect to VNC servers. Now I found out you could also use SSH to setup a reverse tunnel. You connect to a ssh server and create a tunnel back to your own machine. I tested it for awhile and it worked great. There's even a simple program to monitor the tunnel to ensure connectivity: autossh. Works great in tandem with gentoo keychain.

More recently, I stopped being able to go to my website from my apartment. I thought at first it was the server, so I contacted my provider. They said it was running the daily backup and they were planning to move to a newer machine soon. Over the next couple weeks, I noticed the problem never went away. Moreover, this problem only manifested from inside my apartment. Not from my work, or my parents, or any wifi hotspot I tried. When I talked to my web host about this, he suggested the problem may be reverse DNS lookup trouble. I think he's right, and I've sent this information to my apartment's internet support people. I hope they can fix it.

Coinciding with this problem, my laptop had an issue with the power supply and I had to deliver it to Best Buy for a replacement. During this time, I had to use a machine at work on a very restricted network. So I started looking into setting up a proxy server to get around the restrictions. I tried to install dante, but something in the configuration was never right, and I never got it to work. I was about to give up when I learned of another neat thing SSH can do. It can act as a SOCKS5 proxy. With the right configuration, all my web requests from firefox now went through my SSH proxy.

I got my laptop back from Best Buy, but I thought about the proxy idea again when I got home. This could be (at least temporarily) a solution to my networking troubles at home. Again, it worked perfectly. Until they solve the reverse DNS issue, I can at least connect through the proxy and have full access to my web server.

Hooray for SSH.