If you have a full implementation of SSH on said web server, just use:
ssh -D 3128 username@webserver
Then set your browser to use the SOCKS proxy built into the SSH server.
That is, go to your proxy settings for your browser, and under SOCKS proxy,
put localhost:3128 (or whatever port you chose when you connected). You can
then surf *any* site from the web server itself by simply typing the name.
If you want to see something on the local server that you are ssh'ed into,
you use http://localhost/.
Note that the SOCKS proxy can be used for many fun things other than
browsing... like tunneling IM, avoiding content filters and other corporate
/ restrictive appliances, tunneled ftp & irc, etcetera. Note that your
connection is encrypted to the head end, then it's up to the specific
protocol to protect you. That is, you're encrypted all the way to the SSH
server, but if you use a clear text protocol such as HTTP it will be clear
text beyond the SSH server (obviously).
We use this feature for exposing only an SSH gateway to the bad nasty
outside (which is actually inside our network), then we tunnel everything
through SSH to access things behind our firewall. Note that this feature
isn't available in all implementations of SSH, such as Cisco's SSH server on
their firewalls. Most full implementations of SSH should have it though.
bforbes wrote:
The known_hosts problem can be eliminated with the option
-o NoHostAuthenticationForLocalhost=yes
--
View this message in context:
http://www.nabble.com/Tunneling-through-unfriendly-firewalls-tf2830640.html#a8000008
Sent from the SSH (Secure Shell) mailing list archive at Nabble.com.
