Start a new topic

Setting up an SSH Port Forwarding Tunnel

gwhelchel @ Sat Oct 25 15:48:03 EEST 2014
I am wanting to setup an SSH tunnel in CrushFTP 7 to allow certain clients encrypted access to my Squid3 proxy. I've been doing it via SSH/SOCKS5 login to the server, but I want to figure out a way to not give them a command prompt into the server. I'd rather not have to use a restricted shell or chroot the users. It looks like the SSH port forwarding feature of Crush might work for this, but I can't seem to figure out how to configure it. Has anyone had any experience with this that could give me a few tips? For one, I'm not sure what, if anything, needs to be configured on the client's side. And, how is the SSH connection authenticated?

Thanks!
Greg

spinkb @ Sat Oct 25 17:16:16 EEST 2014
The SSH port forwarding is probably what you want then. You just have to not start a shell prompt when initiating a tunnel.

ssh -oPort=2222 -N -L 2525:someserver.com:80 username@yourcrushftp.com

-N stops the creation of a shell which CrushFTP would reject. Its all standard ssh syntax.

To make the tunnel in CrushFTP, go to the prefs, tunnels, add a new tunnel, type SSH, port 2525, 127.0.0.1, and destination some server.com port 80. If you make it "user configurable" then the connecting user can choose any location they like...but if you specify a specific location and don't make it user configurable, it won't allow anything.

Once the tunnel is made, go to the User Manager, tunnels section for a username and add the tunnel to their account.

Thanks,
Ben
gwhelchel @ Wed Oct 29 13:11:10 EET 2014
Thanks, Ben.

That worked perfectly. The thing that was throwing me off was I didn't realize that Crush would reject a shell prompt. I was trying to set it up without the -N switch. It's all working great now.

Best,
Greg
Login to post a comment