SSH Tunneling FAQ

SSH Tunneling FAQ

SSH tunnels allow you to access department resources from remote locations. Common applications of tunneling include establishing SAMBA connections for access to lab filesystems and secure SMTP connections for relaying email through the department mail server. The use of SSH tunnels is not restricted to these; tunnels can be established for arbitrary applications. Instructions for establishing a tunnel for a generic application are provided below. You must have a valid CS account and an appropriate ssh client for your operating system.

Unix/Linux

Using the ssh command, the following options will create a secure tunnel for the user fred (please substitute your actual CS username) on the port 139 (the SAMBA port). This can be generalized to any specific application, please see the common application list below:

	ssh -L 139:share.cs.duke.edu:139 fred@login.cs.duke.edu

This will log you into the CS login server and create a forwarding port for SAMBA (port 139).

By default, these commands must be exectued as root or an equivalently privileged user on your machine. Alternatively, you can tell smbmount to use a different port; see the ssh and smbmount manpages for more details.

Windows

To create a secure tunnel in ssh, using the ssh.com version, you must set up the tunnel in the preferences menu:

Edit → Settings → Profile Settings → Tunneling → Outgoing
Click Add... to set up a new tunnel. The details are showing in the figure below. Please consult the following diagram if you are unsure of the settings.

Select OK, then File → Save Settings. You will need to exit and restart the ssh program for the new settings to take effect.

Common application ports

Application Port Comment
SAMBA 139 Filesystem/Printer access
FlexLM 27701 License server