When you want to transfer some UDP protocol from a remote server not directly accessible from your local host you can use a combination of SSH and socat to make this communication possible.
The application case is, as an exemple, a SNMP communication with a server in a DMZ to get metrics in a local area dashboard. Like in this exemple.
You have an intermediate host where SSH is accessible you can use as a gateway.
1- on the local host (on the left side), create a SSH tunnel with a TCP port forwarding (here 10000).
ssh -L 10000:localhost:10000 **gateway_host_ip**
2- on the gateway host, route the traffic received from the port we have previously associated to the UDP target host:port
socat tcp4-listen:10000,reuseaddr,fork UDP:**target_host_ip**:**udp_port**
3 – on the local host, route the traffic received from the given UDP port to the previously associated TCP port for tunnelling
socat -T15 udp4-recvfrom:**udp_port**,reuseaddr,fork tcp:localhost:10000
I needed to access a mongodb instance to manage my collections. I was looking for something like phpmyadmin for mongo but the first tool I found was mongoclient.
This tool is an application for desktop provided for many OS including mac OsX. The quality of the tool is really good.
The mongodb was installed on my server remotely and protected by a firewall so the easiest way to access it was to open a ssh tunnel. Mongoclient is supposed to manage the ssh tunnel in the application but it was not working for me so I had to manually connect the tunnel :
# ssh -L 27017:localhost:27017 -p 22 email@example.com
Once connected it is possible to create a localhost connection with mongoclient.
CentOs 7 have a built-in configuration to close the inactive ssh session. In term of security it is a good thing but when killing a session after 1 minute of inactivity start to be a mess when you have multiple session opened in parallel.
This can be avoid on the client side by configuring a keep-alive period on the client side. To activate a such keepalive, you just have to connect with the following command line:
ssh -o ServerAliveInterval=5 firstname.lastname@example.org
This will configure client to send a NULL packet every 5 seconds to keep the session opened.
With the growing firewall constraints accessing a server over ssh is not always a pleasant journey ; I’ve read a korben post on GateOne html5 server side ssh client and I just got an opportunity to deploy it for a test. This post will detail how to install it and secure it a little bit.