Twenty Ways

SSH is the ultimate tool for shifting bits around networks in a secure manner. This is the first of a series of articles on SSH tips. This article is all about the basics; as the tips progress, we will get trickier.

Overview

Port forwards are a way of mapping a TCP from one side of the ssh connection to the other. They are established using the -L and -R parameters to the ssh command. These stand for local and remote port forwards. A local forward takes a port on the local machine and connects it to an IP address and port from the remote machine. As you suspect, a remote forward takes a port on the remote machine and connects is to an IP address and port from machine you are connecting from.

Examples

You could forward port 80 from an  internal web server to port 8188 on the machine you are connecting from. This is a sort of poorman’s VPN. You can gain access to resources inside your network via SSH local port forwards. After connecting to your gateway machine you would be able to access the web server at http://localhost:8188.  To actually do this the command would look like this:

superbox$ ssh -L 8188:internalweb:80 homerouter

Another common use for this is securing VNC access. Many VNC servers offer the option to only accept connections from localhost. By combining this option with a ssh local forward  you can create an encrypted VNC session. This would be done by doing:

superbox$ ssh -L 5900:localhost:5900 vncserver

Remote port forwards are much less common. Lets say you have a local web server running on your workstation and you’d like your friend to take a look at an error on a hot new web app. you’re developing. The catch is you don’t want to let them login to your machine to do a local forward to gain access to your server. In this case you could use a remote port forward like this:

superbox$ ssh -R 8188:localhost:80 untrusted-friend

Your somewhat trustworthy friend could then access your web server at http://localhost:8188.

In the next installment of this series we will reveal a way to make your SSH connection behave even more like a VPN.

If you have a jailbroken iPhone and find yourself unable to set the passcode lock, you can still activate this feature manually:

• set your passcode on the iPhone under Settings / General / Passcode Lock
  (this stores the passcode, despite the feature not being activated)
• open /private/var/mobile/Library/Preferences/com.apple.springboard.plist on your phone;
  the easiest way is to copy the file locally via SFTP, then edit it in the Property List Editor bundled with Xcode
• add the following key under Root:
  • key = PasswordProtected
  • type = Number
  • value = 1
• restart SpringBoard (relaunch the process, or just restart your phone)

You can also reverse this process if you find yourself unable to access said iPhone.

A recent upgrade to my iPhone left the phone unable to access visual voicemail.  When I pushed the Voicemail button from the Phone screen, the phone simply did nothing.

Caveat: In addition to resetting your password, this will also delete your personal greeting.  It shouldn’t affect existing messages, though this assumption is untested.

The solution:

• disable WiFi from the Settings menu
  (visual voicemail needs to reset over EDGE or UMTS/3G)
• call AT&T at 611
• press 1 to confirm your number
• press 3 for voicemail help (press 5 for “Enterprise Customer Care”)
• press 3 to reset your password
• hang up and wait for a confirmation text message

The Voicemail screen should work again.  Don’t forget to re-enable WiFi once you complete your voicemail setup.

Recently I installed Debian on a DEC Multia, I documented this install on my own blog. During my long upgrade process to a current Debian release from Woody. I encountered the following error:

midget# dhclient

Unrecognized Kernel Version

The way to fix this is to edit /sbin/dhclient and locate the line that contains “2.[12345].*)” and change it to “2.[123456].*)”